Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

win32/dynamer!dtc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

win32/dynamer!dtc

Unread postby chi_man » November 11th, 2010, 9:22 am

Hi,
TOday when I opened my pc microsoft security essential suddenly pops up saying my pc is at risk due the trojan win32/dynamer!dtc. When I try to delete it, it says its succesfull but then 2 sec. later it pops up again. Ive tried to google some info on it and it says its probably because the root file isnt deleted so it just keep on regenerating. So what must I do to delete this trojan? Here's my log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:18:49, on 11-11-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\hffext\hffsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\WINDOWS\System32\msiexec.exe
D:\Hijack This\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid= {27345651-CB43-4870-87DA-2F9586AB7701}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\{84131LOV-76GV-4O24-AA05-X4AOM540KSO3}
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3225E4FA-2EBB-4D90-876B-A30CBA4B4DE5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100316215352.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [msnmrg] C:\WINDOWS\{84131LOV-76GV-4O24-AA05-X4AOM540KSO3}
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AutoStartNPSAgent] D:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snelkoppeling naar speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C :\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1548186140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1550641031
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E337CA1A-BB00-4320-AC5F-CF7DE5956A2F}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.185,93.188.166.185
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Autenthification (winauxp.exe) - Unknown owner - C:\WINDOWS\system32\winauxp.exe

--
End of file - 15472 bytes
chi_man
Regular Member
 
Posts: 34
Joined: October 30th, 2006, 1:33 pm
Advertisement
Register to Remove

Re: win32/dynamer!dtc

Unread postby deltalima » November 13th, 2010, 2:58 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: win32/dynamer!dtc

Unread postby deltalima » November 13th, 2010, 3:10 pm

Hi chi_man,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: win32/dynamer!dtc

Unread postby chi_man » November 13th, 2010, 9:10 pm

Hey,
In these two days when I was waiting for the reply, I used microsoft security essentials to perform a full scan, during the scan win32/dynamer!dtc was again detected (along with several minor malwares) and afterwards I restarted my pc. After the reboot win32/dynamer!dtc still popped up, however, I clicked the remove button again but this time after the removal it didn't popped up again. Microsoft security essentials is stating that my pc is protected and showed a green healthy sign. I don't know if this is fixed now or not. HOWEVER, these two days i've encountered the blue screen of death twice.... this hasnt happened before the win32/dynamer!dtc infection.... i dont know if its related or not?

Here's the log:
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 8.1.2 - Nederlands
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
ASIO4ALL
Assassin's Creed
ASUS Gamer OSD
ASUS Smart Doctor
ASUS VideoSecurity Online
ATITool Overclocking Utility
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Audacity 1.2.6
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2183461)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2360131)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB982381)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows Media Encoder (KB954156)
Beveiligingsupdate voor Windows Media Encoder (KB979332)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 8 (KB917734)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2160329)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2259922)
Beveiligingsupdate voor Windows XP (KB2279986)
Beveiligingsupdate voor Windows XP (KB2286198)
Beveiligingsupdate voor Windows XP (KB2296011)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB2360937)
Beveiligingsupdate voor Windows XP (KB2387149)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB971961)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB979687)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981349)
Beveiligingsupdate voor Windows XP (KB981852)
Beveiligingsupdate voor Windows XP (KB981957)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982132)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
Beveiligingsupdate voor Windows XP (KB982802)
CCleaner
DaphnisUK
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivXLand Media Subtitler
EetMeter2002
Essentiële update voor Windows Media Player 11 (KB959772)
FL Studio 9
Guild Wars
Hardcore
Hide Files and Folders v2.7
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB2158563)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
IL Download Manager
Java(TM) 6 Update 22
JMB36X Raid Configurer
Junk Mail filter update
K-Lite Codec Pack 4.3.1 (Standard)
Magic ISO Maker v5.3 (build 0221)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MDL ISIS Draw 2.5 Standalone
Mega Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Application Compatibility Database
Mozilla Firefox (3.6.10)
mp3-2-wav converter 1.14
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NJStar Chinese Word Processor
NVIDIA Drivers
Oblivion
Oblivion - Vile Lair
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Opera 10.63
Pando Media Booster
PC Connectivity Solution
PDF Settings
Philips Upgrade Tool
PoiZone
PowerDVD
PowerISO
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Sakura
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
Samsung New PC Studio USB Driver Installer
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
sfArk
SFPack
SopCast 3.0.3
SpeedFan (remove only)
SPSS 16.0 for Windows
Spybot - Search & Destroy
StyleXP (remove only)
System Requirements Lab
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update voor Windows Internet Explorer 7 (KB976749)
Update voor Windows Internet Explorer 7 (KB980182)
Update voor Windows Internet Explorer 8 (KB2362765)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows XP (KB2141007)
Update voor Windows XP (KB2345886)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.17
VeohTV BETA
VideoLAN VLC media player 0.8.6f
ViewerLite 5.0
VobSub v2.23 (Remove Only)
Vuze
Vuze Remote Toolbar
WinCurveFit
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Windows-stuurprogrammapakket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows-stuurprogrammapakket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows-stuurprogrammapakket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
WinPcap 4.1.2
WinRAR archiver
Write-N-Cite
ZoneAlarm
Zoo Tycoon: Complete Collection
chi_man
Regular Member
 
Posts: 34
Joined: October 30th, 2006, 1:33 pm

Re: win32/dynamer!dtc

Unread postby deltalima » November 14th, 2010, 9:04 am

Hi chi_man,

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    Microsoft Security Essentials
    McAfee SecurityCenter
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove one of them.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Vuze


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: win32/dynamer!dtc

Unread postby chi_man » November 14th, 2010, 10:25 am

I had to use MCPR to remove Mcafee because when I tried via the software list it doesn't react...

Here are the logs:
Security check:
Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

ZoneAlarm
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 22
Adobe Flash Player 10.1.102.64
Adobe Reader 8.1.2 - Nederlands
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

CKscanner:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files\image-line\sawer\presets\ambient\mc cracked.sawer
scanner sequence 3.CP.11
----- EOF -----

MGADiag:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-BC2J7-MQKJ7-6F3PJ
Windows Product Key Hash: zEMEwNTXjIOLhjRU398D/6RaKLQ=
Windows Product ID: 55679-OEM-2215371-98063
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {74F93C01-D875-4DA5-9071-D3F01457F50A}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 102
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_77F760FE-153-80070002_7E90FEE8-175-80070002_77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1_B4D0AA8B-920-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{74F93C01-D875-4DA5-9071-D3F01457F50A}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-6F3PJ</PKey><PID>55679-OEM-2215371-98063</PID><PIDType>3</PIDType><SID>S-1-5-21-1715567821-839522115-725345543</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>P5K</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0704 </Version><SMBIOSVersion major="2" minor="4"/><Date>20071030000000.000000+000</Date></BIOS><HWID>4DF3357F0184BA7B</HWID><UserLCID>0413</UserLCID><SystemLCID>0413</SystemLCID><TimeZone>West-Europa (standaardtijd)(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>64BC76978749586</Val><Hash>GW6PzcEVEDTVKeO5Ym5UUm41dBk=</Hash><Pid>89388-707-0441865-65492</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 143E0:ASUSTeK Computer Inc|15AC7:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
chi_man
Regular Member
 
Posts: 34
Joined: October 30th, 2006, 1:33 pm

Re: win32/dynamer!dtc

Unread postby deltalima » November 14th, 2010, 10:33 am

Hi chi_man,

Did you remove Vuze?

Please post the Full log from CKscanner, please do not remove any lines.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: win32/dynamer!dtc

Unread postby chi_man » November 14th, 2010, 10:53 am

Oh sorry, I saw that was a crack but already removed it when I saw it since I didn't used it anyways.

here's the new CKscanner log:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files\image-line\sawer\presets\ambient\mc cracked.sawer
scanner sequence 3.AA.11
----- EOF -----

Yeah vuze is deleted. I use my pc for personal use. Although I use it quite often to buy stuff from ebay or any other purchasing sites. Does that count as business?
chi_man
Regular Member
 
Posts: 34
Joined: October 30th, 2006, 1:33 pm

Re: win32/dynamer!dtc

Unread postby deltalima » November 14th, 2010, 10:59 am

Hi chi_man,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Please let me know if you have run Malwarebytes recently and if so what was found.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: win32/dynamer!dtc

Unread postby chi_man » November 14th, 2010, 12:07 pm

GMER crashes the computer in normal mode, but it works in safe mode. However, I found out that it takes some time to scan and I kinda need the computer now, so I think you don't mind if I scan GMER later this evening when Im having dinner and not using the pc?

OTL:
OTL logfile created on: 14-11-2010 16:02:20 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Chi Hao\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46,58 Gb Total Space | 11,73 Gb Free Space | 25,18% Space Free | Partition Type: NTFS
Drive D: | 46,58 Gb Total Space | 25,84 Gb Free Space | 55,47% Space Free | Partition Type: NTFS
Drive E: | 46,58 Gb Total Space | 16,01 Gb Free Space | 34,36% Space Free | Partition Type: NTFS
Drive F: | 46,58 Gb Total Space | 1,74 Gb Free Space | 3,73% Space Free | Partition Type: NTFS
Drive G: | 46,58 Gb Total Space | 1,77 Gb Free Space | 3,80% Space Free | Partition Type: NTFS
Drive J: | 58,22 Gb Total Space | 18,53 Gb Free Space | 31,83% Space Free | Partition Type: NTFS
Drive K: | 58,22 Gb Total Space | 9,62 Gb Free Space | 16,52% Space Free | Partition Type: NTFS
Drive L: | 58,22 Gb Total Space | 0,49 Gb Free Space | 0,84% Space Free | Partition Type: NTFS
Drive M: | 58,23 Gb Total Space | 1,54 Gb Free Space | 2,65% Space Free | Partition Type: NTFS

Computer Name: LAI-CHIHAO | User Name: Chi Hao | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe File not found
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe File not found
PRC - C:\Documents and Settings\Chi Hao\Bureaublad\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\hffext\hffsrv.exe ()
PRC - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Chi Hao\Bureaublad\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (mfevtp) -- File not found
SRV - (mfefire) -- File not found
SRV - (McShield) -- File not found
SRV - (McProxy) -- File not found
SRV - (McNASvc) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (McAfee SiteAdvisor Service) -- File not found
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (NBService) -- E:\Program Files\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (StyleXPService) -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()


========== Driver Services (SafeList) ==========

DRV - (srescan) -- C:\WINDOWS\System32\ZoneLabs\srescan.sys File not found
DRV - (RESSDT) -- C:\WINDOWS\System32\ssdt.sys File not found
DRV - (mfetdi2k) -- File not found
DRV - (mfehidk) -- File not found
DRV - (mfefirek) -- File not found
DRV - (mfebopk) -- File not found
DRV - (mfeavfk) -- File not found
DRV - (GarenaPEngine) -- C:\DOCUME~1\CHIHAO~1\LOCALS~1\Temp\ESAB2.tmp File not found
DRV - (cfwids) -- C:\WINDOWS\System32\drivers\cfwids.sys File not found
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (FStarForce) -- C:\WINDOWS\system32\drivers\FStarForce.sys (SNEG)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (JRAID) -- C:\WINDOWS\System32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (FDCENT) -- C:\WINDOWS\system32\drivers\FDCENT.SYS ()
DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\atl01_xp.sys (Attansic Technology corporation.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (JGOGO) -- C:\WINDOWS\System32\DRIVERS\JGOGO.sys (JMicron )
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (StyleXPHelper) -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe (Windows (R) 2000 DDK provider)
DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI)
DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-839522115-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1715567821-839522115-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid={27345651-CB43-4870-87DA-2F9586AB7701}
IE - HKU\S-1-5-21-1715567821-839522115-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-839522115-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: safeview@cdisys.com:4.5.446
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-03-15 14:25:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-14 14:58:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-17 12:39:15 | 000,000,000 | ---D | M]

[2008-06-18 14:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Extensions
[2010-11-14 13:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\extensions
[2010-04-28 01:09:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-02-06 19:22:40 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010-08-02 10:29:19 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010-03-26 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010-09-13 12:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\extensions\personas@christopher.beard
[2009-09-28 20:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\extensions\safeview@cdisys.com
[2010-11-02 22:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\extensions\vshare@toolbar
[2010-06-09 15:12:58 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Application Data\Mozilla\Firefox\Profiles\wyuzhdi2.default\searchplugins\conduit.xml
[2010-11-14 13:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-11-08 13:50:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008-06-30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010-07-23 01:32:15 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-07-23 01:32:15 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-07-23 01:32:15 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-07-23 01:32:15 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-07-23 01:32:15 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2008-10-26 20:36:45 | 000,268,659 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9298 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3225E4FA-2EBB-4D90-876B-A30CBA4B4DE5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-1715567821-839522115-725345543-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [hffsrv] c:\WINDOWS\hffext\hffsrv.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [msnmrg] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1715567821-839522115-725345543-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-1715567821-839522115-725345543-1003..\Run: [AutoStartNPSAgent] D:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1715567821-839522115-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1715567821-839522115-725345543-1003..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Snelkoppeling naar speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Documents and Settings\Chi Hao\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 1548186140 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 1550641031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZI ... b56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\{84131LOV-76GV-4O24-AA05-X4AOM540KSO3}) - File not found
O20 - HKLM Winlogon: UIHost - (C:\Program Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE) - C:\Program Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE ()
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Chi Hao\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chi Hao\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-28 20:03:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ca659893-6809-11de-bdba-001e8c2b8565}\Shell - "" = AutoRun
O33 - MountPoints2\{ca659893-6809-11de-bdba-001e8c2b8565}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\autorun.exe -- File not found
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\cdstarter.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-11-14 16:00:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chi Hao\Bureaublad\OTL.exe
[2010-11-14 14:58:10 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Chi Hao\Bureaublad\MGADiag.exe
[2010-11-14 14:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010-11-12 15:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Mijn documenten\My Art
[2010-11-10 15:55:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chi Hao\IETldCache
[2010-11-10 14:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Application Data\Office Genuine Advantage
[2010-11-10 13:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010-11-10 13:49:44 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010-11-10 13:47:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010-11-10 13:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010-11-08 21:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Application Data\Ubisoft
[2010-11-08 21:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Mijn documenten\Downloads
[2010-11-08 21:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010-11-08 21:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Application Data\InstallShield
[2010-11-08 14:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010-11-08 14:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\.spss
[2010-11-08 13:50:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-11-08 13:50:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-11-08 13:50:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-11-08 13:49:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chi Hao\Onlangs geopend
[2010-11-08 13:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Local Settings\Application Data\Temp
[2010-11-08 13:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010-11-08 13:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010-11-08 13:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Local Settings\Application Data\Google
[2010-11-07 17:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010-11-07 17:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Application Data\InstallShield Installation Information
[2010-11-07 17:09:02 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2010-11-07 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2010-11-07 00:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Bureaublad\G.E.M - MySecret
[2010-11-07 00:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Bureaublad\IU - Growing up
[2010-11-01 02:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Bureaublad\PD-Felony
[2010-11-01 02:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Bureaublad\PD-susanna abril
[2010-10-28 12:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Local Settings\Application Data\Betting_Bots_Worldwide_Pt
[2010-10-24 15:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Bureaublad\Rocco's best GB
[2010-10-20 20:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chi Hao\Bureaublad\GEM
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-11-14 16:01:19 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\9du25brn.exe
[2010-11-14 16:00:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chi Hao\Bureaublad\OTL.exe
[2010-11-14 15:18:10 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\Microsoft Office Word 2007.lnk
[2010-11-14 15:09:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-14 14:58:10 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Chi Hao\Bureaublad\MGADiag.exe
[2010-11-14 14:57:53 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\CKScanner.exe
[2010-11-14 14:57:43 | 000,869,086 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\SecurityCheck.exe
[2010-11-14 13:42:38 | 000,030,057 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\TEST.docx
[2010-11-14 13:41:39 | 000,012,992 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\Lay criteria.xlsx
[2010-11-14 13:32:04 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010-11-14 13:27:32 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-839522115-725345543-1003.job
[2010-11-14 13:27:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-839522115-725345543-1003.job
[2010-11-14 13:20:34 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-11-14 13:16:06 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010-11-14 13:15:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-13 22:59:19 | 000,041,135 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\toto.xlsx
[2010-11-13 18:56:34 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2010-11-13 14:29:13 | 000,010,510 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\footy.docx
[2010-11-12 18:54:07 | 000,183,296 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-12 14:04:16 | 000,134,761 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\foto 5.jpg
[2010-11-12 14:04:16 | 000,098,819 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\foto 3.jpg
[2010-11-12 14:04:16 | 000,092,519 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\sexy marina.jpg
[2010-11-12 14:04:16 | 000,086,906 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\foto 2.jpg
[2010-11-12 14:04:16 | 000,070,980 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\foto.jpg
[2010-11-11 15:28:49 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\fa-208 groep 5C.xls
[2010-11-11 15:27:28 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\fa-207 groep 1D.xls
[2010-11-11 02:49:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-11-10 15:55:16 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
[2010-11-10 13:38:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-11-08 21:37:17 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Assassin's Creed.lnk
[2010-11-08 14:13:21 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2010-11-08 13:42:53 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2010-11-07 19:20:34 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\Chi Hao\default.pls
[2010-11-07 17:58:37 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\Fallout3.lnk
[2010-11-06 19:27:06 | 000,009,844 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\Trading calculator.xlsx
[2010-11-01 14:37:34 | 000,512,272 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2010-11-01 14:37:34 | 000,444,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-01 14:37:34 | 000,092,220 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2010-11-01 14:37:34 | 000,072,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-10-30 19:29:55 | 000,009,469 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\plan.xlsx
[2010-10-22 00:14:56 | 013,969,285 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Bureaublad\Isn't it beautiful.mp3
[2010-10-19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010-10-16 11:42:35 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Chi Hao\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-11-14 16:01:18 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\9du25brn.exe
[2010-11-14 14:57:52 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\CKScanner.exe
[2010-11-14 14:57:42 | 000,869,086 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\SecurityCheck.exe
[2010-11-13 14:29:13 | 000,010,510 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\footy.docx
[2010-11-12 14:08:45 | 000,134,761 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\foto 5.jpg
[2010-11-12 14:08:45 | 000,098,819 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\foto 3.jpg
[2010-11-12 14:08:45 | 000,092,519 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\sexy marina.jpg
[2010-11-12 14:08:45 | 000,086,906 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\foto 2.jpg
[2010-11-12 14:08:45 | 000,070,980 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\foto.jpg
[2010-11-11 15:28:06 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\fa-208 groep 5C.xls
[2010-11-11 15:27:27 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\fa-207 groep 1D.xls
[2010-11-10 13:40:08 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010-11-08 21:37:17 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Assassin's Creed.lnk
[2010-11-08 13:42:53 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2010-11-07 17:56:40 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\Fallout3.lnk
[2010-10-26 12:33:36 | 000,012,992 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Bureaublad\Lay criteria.xlsx
[2010-06-25 18:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010-02-10 23:33:40 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Local Settings\Application Data\fusioncache.dat
[2010-02-06 19:49:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009-08-10 17:48:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009-08-10 17:48:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009-08-10 17:48:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Application Data\$_hpcst$.hpc
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-05-16 15:33:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009-05-10 15:36:06 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009-05-10 15:36:06 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009-05-10 15:36:06 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009-05-10 15:33:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009-05-10 15:33:22 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009-01-31 15:10:57 | 000,000,098 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2008-11-28 00:37:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-11-18 22:49:01 | 000,000,436 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008-11-06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-11-06 17:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008-10-28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008-08-02 13:48:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008-08-02 13:48:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008-03-23 21:28:55 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-03-23 21:28:55 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Application Data\PnkBstrK.sys
[2008-03-23 21:27:33 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008-03-22 13:05:33 | 000,000,024 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2008-03-05 15:32:58 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2008-02-20 15:12:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\winsys.ini
[2008-01-30 17:34:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008-01-30 16:34:42 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-01-29 19:51:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-01-29 19:21:09 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-01-29 19:21:02 | 000,047,726 | ---- | C] () -- C:\WINDOWS\System32\drivers\FDCENT.SYS
[2008-01-28 23:27:40 | 000,183,296 | ---- | C] () -- C:\Documents and Settings\Chi Hao\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-01-28 22:06:07 | 000,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2008-01-28 22:06:07 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2008-01-28 22:06:05 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2008-01-28 22:06:05 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2008-01-28 22:06:05 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2008-01-28 22:06:05 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2008-01-28 22:06:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2008-01-28 22:06:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2008-01-28 22:06:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2008-01-28 22:06:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2008-01-28 22:06:05 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008-01-28 21:24:21 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008-01-28 20:57:36 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-01-28 20:09:34 | 000,015,446 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008-01-28 20:09:29 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008-01-28 20:09:28 | 000,015,121 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-01-28 20:09:21 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-10-04 17:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007-10-04 17:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007-10-04 17:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007-10-04 17:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-10-04 17:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-12-30 00:04:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2004-10-11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2002-10-15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Unicode (All) ==========
[2010-11-08 17:05:38 | 000,000,000 | ---D | M](C:\Documents and Settings\Chi Hao\Bureaublad\Bodyguards and Assassins ????) -- C:\Documents and Settings\Chi Hao\Bureaublad\Bodyguards and Assassins 十月圍城
[2010-05-13 15:16:21 | 000,000,000 | ---D | C](C:\Documents and Settings\Chi Hao\Bureaublad\Bodyguards and Assassins ????) -- C:\Documents and Settings\Chi Hao\Bureaublad\Bodyguards and Assassins 十月圍城
[2009-09-03 22:17:41 | 000,000,276 | ---- | M] ()(C:\Documents and Settings\Chi Hao\Bureaublad\???????? - Google Video's.URL) -- C:\Documents and Settings\Chi Hao\Bureaublad\怀玉传奇千金妈祖 - Google Video's.URL
[2009-09-03 22:17:41 | 000,000,276 | ---- | C] ()(C:\Documents and Settings\Chi Hao\Bureaublad\???????? - Google Video's.URL) -- C:\Documents and Settings\Chi Hao\Bureaublad\怀玉传奇千金妈祖 - Google Video's.URL

< End of report >

Extra:
OTL Extras logfile created on: 14-11-2010 16:02:20 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Chi Hao\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46,58 Gb Total Space | 11,73 Gb Free Space | 25,18% Space Free | Partition Type: NTFS
Drive D: | 46,58 Gb Total Space | 25,84 Gb Free Space | 55,47% Space Free | Partition Type: NTFS
Drive E: | 46,58 Gb Total Space | 16,01 Gb Free Space | 34,36% Space Free | Partition Type: NTFS
Drive F: | 46,58 Gb Total Space | 1,74 Gb Free Space | 3,73% Space Free | Partition Type: NTFS
Drive G: | 46,58 Gb Total Space | 1,77 Gb Free Space | 3,80% Space Free | Partition Type: NTFS
Drive J: | 58,22 Gb Total Space | 18,53 Gb Free Space | 31,83% Space Free | Partition Type: NTFS
Drive K: | 58,22 Gb Total Space | 9,62 Gb Free Space | 16,52% Space Free | Partition Type: NTFS
Drive L: | 58,22 Gb Total Space | 0,49 Gb Free Space | 0,84% Space Free | Partition Type: NTFS
Drive M: | 58,23 Gb Total Space | 1,54 Gb Free Space | 2,65% Space Free | Partition Type: NTFS

Computer Name: LAI-CHIHAO | User Name: Chi Hao | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1715567821-839522115-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56905:TCP" = 56905:TCP:*:Enabled:Pando Media Booster
"56905:UDP" = 56905:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56905:TCP" = 56905:TCP:*:Enabled:Pando Media Booster
"56905:UDP" = 56905:UDP:*:Enabled:Pando Media Booster
"6112:TCP" = 6112:TCP:*:Enabled:wc3
"6112:UDP" = 6112:UDP:*:Enabled:wc3

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\QvodPlayer\QvodTerminal.exe" = C:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QVOD -- File not found
"F:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = F:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- File not found
"F:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = F:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- File not found
"F:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = F:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- File not found
"F:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = F:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- File not found
"C:\Program Files\SPSSInc\SPSS16\spss.exe" = C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe) -- (SPSS Inc)
"C:\Program Files\SPSSInc\SPSS16\spss.com" = C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com) -- (SPSS Inc)
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033) -- (SPSS Inc.)
"E:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = E:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"F:\Program Files\Warcraft III\Warcraft III.exe" = F:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"F:\Program Files\Warcraft III\LC\pickup.listchecker.exe" = F:\Program Files\Warcraft III\LC\pickup.listchecker.exe:*:Enabled:pickup.listchecker -- ()
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client -- File not found
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM -- File not found
"F:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = F:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"F:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = F:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"F:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = F:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{11005483-57F9-400C-BF9F-CBC47540705A}" = Windows Live Photo Gallery
"{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3D5782A9-E8E0-4F25-BD76-0CC94E209F66}" = Samsung PC Studio
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager
"{43FFE159-3199-4188-A1CD-629166AD1043}" = Nero 7 Ultra Edition
"{4540AF51-951E-4280-8FE0-3845116B323F}" = EetMeter2002
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{4FF03FA9-8CC6-4133-97D7-4B12BA73BA3D}" = ViewerLite 5.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66867BB8-FBC5-450B-8533-C6BE2C9C4068}" = Windows Live Family Safety
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E1FBCB0-500C-4A0D-AC9C-B1B76E75666B}" = Windows Live aanmeldhulp
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1043-7B44-A81200000003}" = Adobe Reader 8.1.2 - Nederlands
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E51109E7-3818-4BC2-B3FD-A59AC2378A2B}" = Windows Live Toolbar
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0207194-35B9-4476-B02E-395EE52B5960}" = ASUS nVidia Driver
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F784C4A8-2D71-4376-9E47-F9F8AABC377E}" = ASUS Utilities
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-stuurprogrammapakket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-stuurprogrammapakket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-stuurprogrammapakket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"ASIO4ALL" = ASIO4ALL
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"ATITool" = ATITool Overclocking Utility
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DaphnisUK" = DaphnisUK
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivXLand Media Subtitler" = DivXLand Media Subtitler
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Guild Wars" = Guild Wars
"Hardcore" = Hardcore
"Hide Files and Folders_is1" = Hide Files and Folders v2.7
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.1 (Standard)
"Magic ISO Maker v5.3 (build 0221)" = Magic ISO Maker v5.3 (build 0221)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDL ISIS Draw 2.5 Standalone" = MDL ISIS Draw 2.5 Standalone
"Megota Software SFPack Uninstall" = SFPack
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"mp3-2-wav" = mp3-2-wav converter 1.14
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NJStar Chinese Word Processor" = NJStar Chinese Word Processor
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Upgrade Tool_is1" = Philips Upgrade Tool
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"RealPlayer 12.0" = RealPlayer
"Sakura" = Sakura
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Sawer" = Sawer
"sfArk" = sfArk
"SopCast" = SopCast 3.0.3
"SpeedFan" = SpeedFan (remove only)
"StyleXP" = StyleXP (remove only)
"SystemRequirementsLab" = System Requirements Lab
"Toxic Biohazard" = Toxic Biohazard
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"WinCurveFit" = WinCurveFit
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Write-N-Cite" = Write-N-Cite
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Fallout 3 - Complete DLC Pack" = Fallout 3 - Complete DLC Pack
"Ligand Explorer" = Ligand Explorer
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31-10-2010 13:31:43 | Computer Name = LAI-CHIHAO | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: mplayerc.exe, versie: 6.4.9.1, vastgelopen
module: splitter.ax, versie: 1.8.122.18, vastgelopen op: 0x00007ea3.

Error - 31-10-2010 13:36:31 | Computer Name = LAI-CHIHAO | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: mplayerc.exe, versie: 6.4.9.1, vastgelopen
module: splitter.ax, versie: 1.8.122.18, vastgelopen op: 0x00007ea3.

Error - 7-11-2010 14:23:59 | Computer Name = LAI-CHIHAO | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 2.1.6805.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8-11-2010 9:59:30 | Computer Name = LAI-CHIHAO | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: mplayerc.exe, versie: 6.4.9.1, vastgelopen
module: realmediasplitter.ax, versie: 1.2.0.0, vastgelopen op: 0x000049af.

Error - 8-11-2010 9:59:37 | Computer Name = LAI-CHIHAO | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: mplayerc.exe, versie: 6.4.9.1, vastgelopen
module: realmediasplitter.ax, versie: 1.2.0.0, vastgelopen op: 0x000049af.

Error - 8-11-2010 10:38:21 | Computer Name = LAI-CHIHAO | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: mplayerc.exe, versie: 6.4.9.1, vastgelopen
module: splitter.ax, versie: 1.8.122.18, vastgelopen op: 0x0001770b.

Error - 10-11-2010 8:47:15 | Computer Name = LAI-CHIHAO | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 10-11-2010 16:33:25 | Computer Name = LAI-CHIHAO | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: AssassinsCreed_Dx9.exe, versie: 1.0.2.1, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 11-11-2010 20:12:21 | Computer Name = LAI-CHIHAO | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: firefox.exe, versie: 1.9.2.3909, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 11-11-2010 20:12:24 | Computer Name = LAI-CHIHAO | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: plugin-container.exe, versie: 1.9.2.3909,
vastgelopen module: ntdll.dll, versie: 5.1.2600.5755, vastgelopen op: 0x0000100b.

[ OSession Events ]
Error - 30-12-2008 8:49:01 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21-1-2009 17:16:24 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19955
seconds with 3420 seconds of active time. This session ended with a crash.

Error - 23-2-2009 15:43:21 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22-6-2009 9:59:04 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22-6-2009 9:59:15 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22-6-2009 9:59:22 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1-7-2009 8:58:19 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18-11-2009 9:43:06 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4-3-2010 12:21:38 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8-6-2010 8:21:15 | Computer Name = LAI-CHIHAO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 82
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12-11-2010 20:09:46 | Computer Name = LAI-CHIHAO | Source = AtcL001 | ID = 194
Description =

Error - 12-11-2010 20:10:00 | Computer Name = LAI-CHIHAO | Source = System Error | ID = 1003
Description = Foutcode; 10000050, parameter1: 9cd64000, parameter2: 00000001, parameter3:
bf1cba13, parameter4: 00000000.

Error - 12-11-2010 20:10:52 | Computer Name = LAI-CHIHAO | Source = DCOM | ID = 10010
Description = De server {209500FC-6B45-4693-8871-6296C4843751} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

Error - 12-11-2010 20:10:56 | Computer Name = LAI-CHIHAO | Source = DCOM | ID = 10010
Description = De server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

Error - 13-11-2010 7:54:19 | Computer Name = LAI-CHIHAO | Source = DCOM | ID = 10010
Description = De server {209500FC-6B45-4693-8871-6296C4843751} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

Error - 14-11-2010 8:18:26 | Computer Name = LAI-CHIHAO | Source = DCOM | ID = 10010
Description = De server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

Error - 14-11-2010 8:18:38 | Computer Name = LAI-CHIHAO | Source = DCOM | ID = 10010
Description = De server {209500FC-6B45-4693-8871-6296C4843751} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

Error - 14-11-2010 9:58:06 | Computer Name = LAI-CHIHAO | Source = PlugPlayManager | ID = 11
Description = Het apparaat Root\LEGACY_MFEAVFK\0000 is uit het systeem verdwenen
zonder dat de verwijdering is voorbereid.

Error - 14-11-2010 9:58:06 | Computer Name = LAI-CHIHAO | Source = PlugPlayManager | ID = 11
Description = Het apparaat Root\LEGACY_MFEBOPK\0000 is uit het systeem verdwenen
zonder dat de verwijdering is voorbereid.

Error - 14-11-2010 9:58:06 | Computer Name = LAI-CHIHAO | Source = PlugPlayManager | ID = 11
Description = Het apparaat Root\LEGACY_MFEHIDK\0000 is uit het systeem verdwenen
zonder dat de verwijdering is voorbereid.


< End of report >
chi_man
Regular Member
 
Posts: 34
Joined: October 30th, 2006, 1:33 pm

Re: win32/dynamer!dtc

Unread postby deltalima » November 14th, 2010, 12:37 pm

Hi chi_man,

GMER crashes the computer in normal mode, but it works in safe mode. However, I found out that it takes some time to scan and I kinda need the computer now, so I think you don't mind if I scan GMER later this evening when Im having dinner and not using the pc?


OK, a safe mode scan will be fine. Please post the log later when completed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: win32/dynamer!dtc

Unread postby chi_man » November 15th, 2010, 4:35 pm

Here's the GMER log scanned from safe mode

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-15 21:28:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500AAKS-00VSA0 rev.01.01B01
Running: 9du25brn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pflcqpog.sys


---- System - GMER 1.0.15 ----

SSDT spng.sys ZwCreateKey [0xB9EA80E0]
SSDT spng.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spng.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spng.sys ZwOpenKey [0xB9EA80C0]
SSDT spng.sys ZwQueryKey [0xB9EC7108]
SSDT spng.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spng.sys ZwSetValueKey [0xB9EC719A]

INT 0x63 ? 8AD09BF8
INT 0x63 ? 8AD09BF8
INT 0x63 ? 8AD09BF8
INT 0x63 ? 8AD09BF8
INT 0x63 ? 8AD09BF8
INT 0x83 ? 8AD0CBF8
INT 0x84 ? 8AB2CF00
INT 0x94 ? 8AB2CF00
INT 0xA4 ? 8AB2CF00
INT 0xA4 ? 8AB2CF00
INT 0xA4 ? 8AB2CF00
INT 0xA4 ? 8AB2CF00
INT 0xB4 ? 8AB2CF00

Code \SystemRoot\system32\DRIVERS\FStarForce.sys (FStarForce/SNEG) KeInsertQueueDpc

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeInsertQueueDpc 804FB7B0 5 Bytes JMP BA4A1F50 \SystemRoot\system32\DRIVERS\FStarForce.sys (FStarForce/SNEG)
? spng.sys Het systeem kan het opgegeven bestand niet vinden. !
.text USBPORT.SYS!DllUnload B9C6E8AC 5 Bytes JMP 8AB2C4E0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spng.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spng.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spng.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spng.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spng.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spng.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AC981F8

AttachedDevice \FileSystem\Ntfs \Ntfs FDCENT.SYS (Filter Device/Silence of Troubles United Company Ltd.)
AttachedDevice \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT-kernel & -systeem/Microsoft Corporation)

Device \FileSystem\Fastfat \FatCdrom 8A8C11F8
Device \Driver\usbuhci \Device\USBPDO-0 8AB2B500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AC9A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AC9A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AC9A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AC9A1F8
Device \Driver\usbuhci \Device\USBPDO-1 8AB2B500
Device \Driver\usbuhci \Device\USBPDO-2 8AB2B500
Device \Driver\usbehci \Device\USBPDO-3 8AB2A500
Device \Driver\usbuhci \Device\USBPDO-4 8AB2B500
Device \Driver\usbuhci \Device\USBPDO-5 8AB2B500
Device \Driver\usbuhci \Device\USBPDO-6 8AB2B500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AD0A1F8
Device \Driver\usbehci \Device\USBPDO-7 8AB2A500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AD0A1F8
Device \Driver\Cdrom \Device\CdRom0 8AB47500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AD0A1F8
Device \Driver\Cdrom \Device\CdRom1 8AB47500
Device \Driver\Ftdisk \Device\HarddiskVolume4 8AD0A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8AD0A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 8AD0A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume7 8AD0A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume8 8AD0A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume9 8AD0A1F8
Device \Driver\usbuhci \Device\USBFDO-0 8AB2B500
Device \Driver\usbuhci \Device\USBFDO-1 8AB2B500
Device \Driver\usbuhci \Device\USBFDO-2 8AB2B500
Device \Driver\usbehci \Device\USBFDO-3 8AB2A500
Device \Driver\usbuhci \Device\USBFDO-4 8AB2B500
Device \Driver\Ftdisk \Device\FtControl 8AD0A1F8
Device \Driver\usbuhci \Device\USBFDO-5 8AB2B500
Device \Driver\usbuhci \Device\USBFDO-6 8AB2B500
Device \Driver\usbehci \Device\USBFDO-7 8AB2A500
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8AC991F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8AC991F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target1Lun0 8AC991F8
Device \FileSystem\Fastfat \Fat 8A8C11F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A91E500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a940207e5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a940207e5@0017d55f5895 0x9D 0x44 0xA3 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a940207e5
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a940207e5@0017d55f5895 0x9D 0x44 0xA3 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\000a940207e5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\000a940207e5@0017d55f5895 0x9D 0x44 0xA3 0x96 ...

---- EOF - GMER 1.0.15 ----
chi_man
Regular Member
 
Posts: 34
Joined: October 30th, 2006, 1:33 pm

Re: win32/dynamer!dtc

Unread postby deltalima » November 15th, 2010, 4:47 pm

Hi chi_man,

Please uninstall Spybot - Search & Destroy as it may interfere with our fix and can be reinstalled later if required.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O2 - BHO: (no name) - {3225E4FA-2EBB-4D90-876B-A30CBA4B4DE5} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O4 - HKLM..\Run: [msnmrg] File not found
    O4 - HKU\S-1-5-21-1715567821-839522115-725345543-1003..\Run: [] File not found
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: win32/dynamer!dtc

Unread postby chi_man » November 15th, 2010, 5:11 pm

Oh almost forgot to answer your previous question about malwarebytes. I haven't used it lately, instead I've been using spybot S&D just a week ago... It found some minor malwares but they were all fixed. Can't remember what kind of malware though.

As for how the pc is running at the moment, the startup is quite slow, it used to be quite fast but now it has slowed down and the first minute of internet always freezes somehow. After that minute everything functions normally and fast. I'll post the ESET Log when its done.

Here's the OTL Log:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3225E4FA-2EBB-4D90-876B-A30CBA4B4DE5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3225E4FA-2EBB-4D90-876B-A30CBA4B4DE5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msnmrg deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-839522115-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3116024 bytes
->Temporary Internet Files folder emptied: 815688 bytes

User: All Users

User: Chi Hao
->Temp folder emptied: 707785877 bytes
->Temporary Internet Files folder emptied: 7641457 bytes
->Java cache emptied: 129705579 bytes
->FireFox cache emptied: 112261150 bytes
->Opera cache emptied: 18695454 bytes
->Flash cache emptied: 364861 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 3125795 bytes

User: NetworkService
->Temp folder emptied: 2148714 bytes
->Temporary Internet Files folder emptied: 1675335 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2661894 bytes
%systemroot%\System32 .tmp files removed: 2845 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 126788867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91158778 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.152,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11152010_220129

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Chi Hao\Local Settings\Temp\[TorrentReactor.to] - Maria Ozawa Squirts and pee while tied up fucked.torrent not found!

Registry entries deleted on Reboot...
chi_man
Regular Member
 
Posts: 34
Joined: October 30th, 2006, 1:33 pm

Re: win32/dynamer!dtc

Unread postby deltalima » November 15th, 2010, 5:26 pm

your previous question about malwarebytes. I haven't used it lately, instead I've been using spybot S&D


Please run Malwarebytes, update and run a quick scan and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware