Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help with trojan

Unread postby iowabucks » November 20th, 2011, 10:20 pm

Hey everyone, i had another trojan attack last night. Everything was going fine and all of a sudden i had a bunch of boxes pop up saying something about a missing file. I should have wrote it down but forgot. Afterwards a Windows box pops up saying i may have a problem with my hard drive and to launch this to repair it. I was leary of this so started Malware Bytes to check things out. The only way i could start it was in safe mode. It found 2 trojans. I always do regular scans monthly too, and do my best to keep my computer clean. After rebooting most everything worked but i didn't have my desktop photo or half of my desktop icons or start menu items. I did a system restore and got all of that back but it seems somewhere along the line i lost a driver, it keeps looking for everytime i boot up but doesn't find it. It was for some unspecified hardware.

I just want to make sure i got rid of everything. I have had help on here before and everyone was always helpful and courtious, so this is the first place i thought of. I do also have a Hijack this logfile if it is needed.

Thanks, Jerry.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jerry at 19:47:52 on 2011-11-20
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.1932 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\a-squared Free\a2service.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.archerytalk.com/vb/forumdisplay.php?f=1
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - C:\Windows\SysWOW64\dvmurl.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: facebook.com\%20www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 66.207.0.3 66.207.0.2
TCP: Interfaces\{98E5A55E-A998-4205-9578-EB9E15529319} : DhcpNameServer = 66.207.0.3 66.207.0.2
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 a2free;a-squared Free Service;C:\Program Files (x86)\a-squared Free\a2service.exe [2010-11-30 1872320]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-5-27 297752]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-10-1 17152]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-4-23 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-25 135664]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-5-27 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-25 135664]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-5-27 30528]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;D:\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe --> D:\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
S3 U6000ALL;U6000 TV Box(ALL);C:\Windows\system32\DRIVERS\U6000ALL.sys --> C:\Windows\system32\DRIVERS\U6000ALL.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-1 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-21 01:31:46 388096 ----a-r- C:\Users\Jerry\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-21 01:31:46 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-20 14:28:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{734AD158-5C0D-495C-B042-0D049512EF89}\offreg.dll
2011-11-20 14:19:40 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-20 14:19:36 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-20 14:19:36 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-20 14:19:23 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-20 14:19:23 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-20 14:19:23 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-18 14:10:16 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{734AD158-5C0D-495C-B042-0D049512EF89}\mpengine.dll
2011-11-01 20:53:24 -------- d-----w- C:\Windows\$regcmp$
2011-11-01 04:50:59 16432 ----a-w- C:\Windows\System32\lsdelete.exe
.
==================== Find3M ====================
.
2011-11-21 01:26:29 270776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-21 01:26:29 270776 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-21 01:25:55 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-29 00:35:28 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-10-13 20:29:40 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-10-13 20:29:40 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
.
============= FINISH: 19:54:46.25 ===============
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am
Advertisement
Register to Remove

Re: Need help with trojan

Unread postby askey127 » November 21st, 2011, 8:10 am

Hi iowabucks,
Please do all of these tasks at one time, with no surfing in between.
You may want to print this out before you start.
The analytical tools we use may not work properly with AVG installed, and your version is obsolete.
For this reason and others, we will be removing your AVG antivirus in the following instructions, and installing a different antivirus later.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop BUT DON'T RUN IT YET.
-----------------------------------------------------------
Download and Rename the ComboFix Program
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the download file.
We will remove your Antivirus BEFORE we run ComboFix.
.
Download ComboFix from here
Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
**Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
SAVE IT AS zzz.exe to your desktop, BUT DON'T RUN IT YET.
---------------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

AVG
Lavasoft Ad-Aware
a-squared free
Super AntiSpyware

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
Run ComboFix (zzz.exe)
  • Right click zzz.exe on your desktop and choose "Run as administrator". OK any disclaimers and start the scan.
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

Don't do any surfing until you complete the following:
-----------------------------------------------------------
Install, Update, Scan with Microsoft Security Essentials
Right Click the Installer for Microsoft Security Essentials and "Run as administrator".
Let it Install, update itself, and run a scan. Have it delete anything it finds.

So we will be looking for the contents of the log from Combofix (zzz.exe). It will be saved at C:\Combofix.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 21st, 2011, 3:57 pm

I have noticed a couple things the last day. If i do a google search and try to go to a certain website, some of the time it takes me somewhere else totally different. And if i watch any Youtube videos, or videos i may have saved on my computer, there is no audio. But my Multiplayer games i have do have audio. Strange.

When Combofix restarted my computer, it came up with this error.
Registry Editor
Cannot export C:/Qoobox/Quarantine/Registry_backups/MSConfigStartup_Reg CleanExportSchedular^Registry:HKCU:Run,Regdad:Error openingthe file. There may be a disk or file system error."

Combofix report.

ComboFix 11-11-21.01 - Jerry 11/21/2011 8:37.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4094.2335 [GMT -6:00]
Running from: c:\users\Jerry\Desktop\zzz.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xmlAB28.tmp
c:\programdata\xmlAE64.tmp
c:\programdata\xmlAF8D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 19:11 . 2011-11-21 19:11 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{734AD158-5C0D-495C-B042-0D049512EF89}\offreg.dll
2011-11-21 15:07 . 2011-11-21 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 01:31 . 2011-11-21 01:31 388096 ----a-r- c:\users\Jerry\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-21 01:31 . 2011-11-21 01:31 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-20 14:19 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-20 14:19 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-20 14:19 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-20 14:19 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-20 14:19 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-20 14:19 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-18 14:10 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{734AD158-5C0D-495C-B042-0D049512EF89}\mpengine.dll
2011-11-01 20:53 . 2011-11-01 22:38 -------- d-----w- c:\windows\$regcmp$
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 01:26 . 2009-05-29 15:44 270776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-21 01:26 . 2009-05-28 19:01 270776 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-21 01:25 . 2009-05-28 19:01 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-10-13 20:29 . 2011-10-13 20:29 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2011-09-06 13:56 . 2011-10-12 23:31 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-12 23:33 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 23:33 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 23:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 23:33 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 23:33 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 23:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00 . 2009-05-28 18:17 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:20 . 2011-10-12 23:32 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-12 23:32 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:19 . 2011-10-12 23:32 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:15 . 2011-10-12 23:32 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 23:32 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-25 16:14 . 2011-10-12 23:32 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-25 13:54 . 2011-10-12 23:32 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-12 23:32 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-16 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2008-10-08 47104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SABKUTIL;SABKUTIL;c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-05-28 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-07-06 30528]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\sisoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
R3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\DRIVERS\U6000ALL.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-17 606048]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 03:05]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 03:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 134416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.archerytalk.com/vb/forumdisplay.php?f=1
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: facebook.com\%20www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 66.207.0.3 66.207.0.2
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-RegClean Expert Scheduler^Registry: HKCU:RUN - c:\program files (x86)\Registry Clean Expert\RCHelper.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyTune5Pro - c:\program files (x86)\Gigabyte\ET5Pro\Uninst.isu
AddRemove-PIXresizer_is1 - d:\program files\PIXresizer\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Xfire - d:\xfire\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
@DACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-21 13:46:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 19:46
.
Pre-Run: 678,820,352,000 bytes free
Post-Run: 679,410,216,960 bytes free
.
- - End Of File - - 792B9CE635B1DD9BF96D7D94C7ECDA85
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 21st, 2011, 7:24 pm

iowabucks,
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • Now quit all running programs.
  • Double click RogueKiller.exe to run it.
  • When prompted, type 1 and hit Enter.
  • A RKreport.txt should appear on your desktop.
  • Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
  • Please post the contents of the RKreport.txt in your next Reply.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right Click on the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 21st, 2011, 8:44 pm

RogueKiller V6.1.10 [11/18/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Jerry [Admin rights]
Mode: Scan -- Date : 11/21/2011 18:42:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby iowabucks » November 21st, 2011, 8:53 pm

OTL only had one text file come up after running it. It is the first time i have ran it as far as i know.




========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 18:41:48 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Desktop\RK_Quarantine
[2011/11/21 13:47:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/21 13:12:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/21 08:29:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/21 08:29:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/21 08:29:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/21 08:28:04 | 000,000,000 | ---D | C] -- C:\zzz
[2011/11/21 08:20:45 | 004,303,424 | R--- | C] (Swearware) -- C:\Users\Jerry\Desktop\zzz.exe
[2011/11/21 08:19:37 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Users\Jerry\Desktop\mseinstall.exe
[2011/11/20 19:42:06 | 000,000,000 | R--D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/20 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/20 19:31:46 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/01 14:53:24 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2008/10/07 22:42:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2008/10/07 22:23:46 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 18:40:55 | 000,672,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/21 18:40:55 | 000,577,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/21 18:40:55 | 000,100,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/21 18:36:24 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 18:36:24 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 18:36:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 18:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 13:58:54 | 000,062,556 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/21 13:58:54 | 000,062,556 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/21 13:58:54 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/21 13:53:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 13:47:59 | 000,017,416 | ---- | M] () -- C:\Users\Jerry\Desktop\New Rich Text Format (2).rtf
[2011/11/21 13:11:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/21 08:21:22 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\Jerry\Desktop\zzz.exe
[2011/11/21 08:19:38 | 010,165,440 | ---- | M] (Microsoft Corporation) -- C:\Users\Jerry\Desktop\mseinstall.exe
[2011/11/20 19:26:29 | 000,270,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/20 19:26:29 | 000,270,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/20 19:25:55 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/20 08:03:54 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/20 08:03:54 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/01 16:48:21 | 000,001,079 | ---- | M] () -- C:\Users\Jerry\Desktop\Auslogics BoostSpeed.lnk
[2011/10/31 20:18:16 | 000,019,494 | ---- | M] () -- F:\Documents\cc_20111031_211810.reg
[2011/10/25 18:33:18 | 000,065,536 | ---- | M] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/21 13:47:32 | 000,017,416 | ---- | C] () -- C:\Users\Jerry\Desktop\New Rich Text Format (2).rtf
[2011/11/21 08:29:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/21 08:29:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/21 08:29:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/21 08:29:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/21 08:29:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/13 17:48:01 | 002,309,386 | ---- | C] () -- C:\Users\Jerry\Desktop\DSC05412.JPG
[2011/11/13 17:47:49 | 002,299,174 | ---- | C] () -- C:\Users\Jerry\Desktop\DSC05411.JPG
[2011/11/01 16:48:21 | 000,001,079 | ---- | C] () -- C:\Users\Jerry\Desktop\Auslogics BoostSpeed.lnk
[2011/10/31 20:18:13 | 000,019,494 | ---- | C] () -- F:\Documents\cc_20111031_211810.reg
[2011/10/13 14:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/08/17 14:16:52 | 000,000,571 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/08/17 14:16:52 | 000,000,049 | ---- | C] () -- C:\Windows\Progs_.ini
[2011/04/25 23:03:14 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/25 23:03:14 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/31 23:36:35 | 000,000,620 | ---- | C] () -- C:\Users\Jerry\AppData\Local\mapc2mapc.ini
[2010/06/08 18:41:33 | 000,000,680 | -H-- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2010/05/31 18:21:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/12/11 16:16:10 | 000,870,128 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2009/12/11 16:16:10 | 000,000,004 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\20E5E8
[2009/09/24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/09/07 22:01:48 | 000,017,043 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\UserTile.png
[2009/08/14 21:55:02 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/06/17 21:52:53 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/06/03 22:09:49 | 000,721,356 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/03 10:15:39 | 010,444,800 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009/06/01 15:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/01 15:24:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/06/01 15:24:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/05/29 14:55:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2009/05/29 14:52:43 | 000,000,208 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/05/28 21:36:48 | 000,065,536 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 21:00:03 | 000,144,896 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/05/28 21:00:03 | 000,071,168 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/05/28 13:01:42 | 000,270,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/05/28 13:01:41 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/05/27 19:42:21 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/27 18:32:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/05/27 18:16:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/05/27 16:01:09 | 000,001,460 | -H-- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps64.dat
[2008/10/07 23:08:38 | 000,020,936 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2008/10/07 22:41:40 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2008/10/07 22:31:14 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2008/10/07 22:31:14 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2008/10/07 22:23:50 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2008/09/12 20:22:40 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/08/19 17:39:18 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008/01/20 20:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/08 19:12:12 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/05 13:07:11 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\1psiG60XV55.dll
[2006/11/02 09:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/08/24 22:19:25 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\1psi60XV55.dll
[2004/07/29 02:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2004/01/18 19:11:47 | 000,076,800 | R--- | C] () -- C:\Windows\SysWow64\1psi60X.dll
[2003/06/28 14:34:20 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll

========== LOP Check ==========

[2011/11/01 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Auslogics
[2009/06/09 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/30 11:07:21 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\DassaultSystemes
[2011/11/20 07:59:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\DiskSpaceFan
[2011/11/20 07:59:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\gtk-2.0
[2009/05/29 09:35:30 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ideazon
[2010/06/17 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\iExpert Software
[2011/07/10 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\LimeWire
[2011/01/31 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Mobile Atlas Creator
[2010/06/27 09:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\MotionDSP
[2009/09/07 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Mp3tag
[2009/10/30 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PandoraRecovery
[2009/11/11 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PeerNetworking
[2010/01/17 17:11:32 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Publish Providers
[2010/01/14 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Sony
[2010/03/25 13:02:28 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SuperAdBlocker.com
[2010/05/31 15:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Systweak
[2010/05/07 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\TS3Client
[2009/06/01 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ulead Systems
[2009/11/06 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\VistaCodecs
[2010/02/11 00:45:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\WinBatch
[2011/11/21 13:58:50 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0CE7F3C9
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 21st, 2011, 10:45 pm

iowabucks,
What you have posted is the last part of OTL.txt
Could you highlight the entire file please, and post it.

Also please check if you have OTL.exe on your desktop, is there a file called Extras.txt on your desktop somewhere.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 21st, 2011, 11:26 pm

OTL logfile created on: 11/21/2011 6:46:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jerry\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 60.68% Memory free
8.19 Gb Paging File | 6.51 Gb Available in Paging File | 79.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 761.72 Gb Total Space | 632.73 Gb Free Space | 83.07% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 169.79 Gb Total Space | 128.38 Gb Free Space | 75.61% Space Free | Partition Type: NTFS

Computer Name: JERRY-PC | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 18:45:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Downloads\OTL.exe
PRC - [2011/05/16 11:58:36 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/01/10 08:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/12/02 20:06:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008/12/29 17:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/10 08:24:20 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 08:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/02 20:06:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/23 04:39:00 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 18:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/30 10:28:28 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/27 20:18:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/29 17:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/01 02:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/03/30 22:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/02/22 14:31:20 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2010/02/22 14:31:20 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/02/22 14:31:05 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2010/02/22 14:31:04 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/10/08 00:22:36 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2008/10/08 00:22:30 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2008/10/08 00:22:28 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2008/10/08 00:22:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2008/10/08 00:22:24 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2008/10/08 00:22:22 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2008/10/08 00:22:18 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2008/10/08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2008/10/08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2008/10/08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2008/10/08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2008/10/08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2008/10/08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2008/05/01 23:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 20:46:34 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 20:46:34 | 000,017,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2008/01/20 20:46:08 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mstape.sys -- (MSTAPE)
DRV:64bit: - [2008/01/20 20:46:05 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 20:46:01 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/07/23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/07/13 02:58:54 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\U6000ALL.sys -- (U6000ALL) U6000 TV Box(ALL)
DRV:64bit: - [2007/04/11 14:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/04/11 14:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/03/20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Alpham264.sys -- (Alpham2)
DRV - [2010/07/06 23:11:01 | 000,022,336 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/06 15:15:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2007/10/16 15:15:26 | 000,036,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\ET5Drv.sys -- (ET5Drv)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.archerytalk.com/vb/forumdisplay.php?f=1
IE - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 73 08 20 39 DF C9 01 [binary data]
IE - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/11/30 10:57:28 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/11/30 10:57:28 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/10/26 18:16:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/20 07:58:44 | 000,000,000 | ---D | M]

[2009/05/29 09:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions
[2009/05/29 09:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/11/21 13:11:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\..Trusted Domains: facebook.com ([%20www] https in Trusted sites)
O15 - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab (CDownloadCtrl Object)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.207.0.3 66.207.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98E5A55E-A998-4205-9578-EB9E15529319}: DhcpNameServer = 66.207.0.3 66.207.0.2
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative64)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 18:41:48 | 000,000,000 | ---D | C] -- C:\Users\Jerry\Desktop\RK_Quarantine
[2011/11/21 13:47:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/21 13:12:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/21 08:29:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/21 08:29:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/21 08:29:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/21 08:28:04 | 000,000,000 | ---D | C] -- C:\zzz
[2011/11/21 08:20:45 | 004,303,424 | R--- | C] (Swearware) -- C:\Users\Jerry\Desktop\zzz.exe
[2011/11/21 08:19:37 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Users\Jerry\Desktop\mseinstall.exe
[2011/11/20 19:42:06 | 000,000,000 | R--D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/20 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/20 19:31:46 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/01 14:53:24 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2008/10/07 22:42:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2008/10/07 22:23:46 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 18:40:55 | 000,672,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/21 18:40:55 | 000,577,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/21 18:40:55 | 000,100,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/21 18:36:24 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 18:36:24 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 18:36:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 18:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 13:58:54 | 000,062,556 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/21 13:58:54 | 000,062,556 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/21 13:58:54 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/21 13:53:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 13:47:59 | 000,017,416 | ---- | M] () -- C:\Users\Jerry\Desktop\New Rich Text Format (2).rtf
[2011/11/21 13:11:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/21 08:21:22 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\Jerry\Desktop\zzz.exe
[2011/11/21 08:19:38 | 010,165,440 | ---- | M] (Microsoft Corporation) -- C:\Users\Jerry\Desktop\mseinstall.exe
[2011/11/20 19:26:29 | 000,270,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/20 19:26:29 | 000,270,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/20 19:25:55 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/20 08:03:54 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/20 08:03:54 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/01 16:48:21 | 000,001,079 | ---- | M] () -- C:\Users\Jerry\Desktop\Auslogics BoostSpeed.lnk
[2011/10/31 20:18:16 | 000,019,494 | ---- | M] () -- F:\Documents\cc_20111031_211810.reg
[2011/10/25 18:33:18 | 000,065,536 | ---- | M] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/21 13:47:32 | 000,017,416 | ---- | C] () -- C:\Users\Jerry\Desktop\New Rich Text Format (2).rtf
[2011/11/21 08:29:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/21 08:29:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/21 08:29:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/21 08:29:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/21 08:29:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/13 17:48:01 | 002,309,386 | ---- | C] () -- C:\Users\Jerry\Desktop\DSC05412.JPG
[2011/11/13 17:47:49 | 002,299,174 | ---- | C] () -- C:\Users\Jerry\Desktop\DSC05411.JPG
[2011/11/01 16:48:21 | 000,001,079 | ---- | C] () -- C:\Users\Jerry\Desktop\Auslogics BoostSpeed.lnk
[2011/10/31 20:18:13 | 000,019,494 | ---- | C] () -- F:\Documents\cc_20111031_211810.reg
[2011/10/13 14:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/08/17 14:16:52 | 000,000,571 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/08/17 14:16:52 | 000,000,049 | ---- | C] () -- C:\Windows\Progs_.ini
[2011/04/25 23:03:14 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/25 23:03:14 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/31 23:36:35 | 000,000,620 | ---- | C] () -- C:\Users\Jerry\AppData\Local\mapc2mapc.ini
[2010/06/08 18:41:33 | 000,000,680 | -H-- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2010/05/31 18:21:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/12/11 16:16:10 | 000,870,128 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2009/12/11 16:16:10 | 000,000,004 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\20E5E8
[2009/09/24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/09/07 22:01:48 | 000,017,043 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\UserTile.png
[2009/08/14 21:55:02 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/06/17 21:52:53 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/06/03 22:09:49 | 000,721,356 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/03 10:15:39 | 010,444,800 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009/06/01 15:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/01 15:24:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/06/01 15:24:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/05/29 14:55:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2009/05/29 14:52:43 | 000,000,208 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/05/28 21:36:48 | 000,065,536 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 21:00:03 | 000,144,896 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/05/28 21:00:03 | 000,071,168 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/05/28 13:01:42 | 000,270,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/05/28 13:01:41 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/05/27 19:42:21 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/27 18:32:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/05/27 18:16:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/05/27 16:01:09 | 000,001,460 | -H-- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps64.dat
[2008/10/07 23:08:38 | 000,020,936 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2008/10/07 22:41:40 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2008/10/07 22:31:14 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2008/10/07 22:31:14 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2008/10/07 22:23:50 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2008/09/12 20:22:40 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/08/19 17:39:18 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008/01/20 20:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/08 19:12:12 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/05 13:07:11 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\1psiG60XV55.dll
[2006/11/02 09:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/08/24 22:19:25 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\1psi60XV55.dll
[2004/07/29 02:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2004/01/18 19:11:47 | 000,076,800 | R--- | C] () -- C:\Windows\SysWow64\1psi60X.dll
[2003/06/28 14:34:20 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll

========== LOP Check ==========

[2011/11/01 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Auslogics
[2009/06/09 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/30 11:07:21 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\DassaultSystemes
[2011/11/20 07:59:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\DiskSpaceFan
[2011/11/20 07:59:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\gtk-2.0
[2009/05/29 09:35:30 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ideazon
[2010/06/17 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\iExpert Software
[2011/07/10 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\LimeWire
[2011/01/31 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Mobile Atlas Creator
[2010/06/27 09:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\MotionDSP
[2009/09/07 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Mp3tag
[2009/10/30 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PandoraRecovery
[2009/11/11 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PeerNetworking
[2010/01/17 17:11:32 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Publish Providers
[2010/01/14 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Sony
[2010/03/25 13:02:28 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SuperAdBlocker.com
[2010/05/31 15:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Systweak
[2010/05/07 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\TS3Client
[2009/06/01 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ulead Systems
[2009/11/06 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\VistaCodecs
[2010/02/11 00:45:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\WinBatch
[2011/11/21 13:58:50 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0CE7F3C9

< End of report >



Extras

OTL Extras logfile created on: 11/21/2011 6:46:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jerry\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 60.68% Memory free
8.19 Gb Paging File | 6.51 Gb Available in Paging File | 79.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 761.72 Gb Total Space | 632.73 Gb Free Space | 83.07% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 169.79 Gb Total Space | 128.38 Gb Free Space | 75.61% Space Free | Partition Type: NTFS

Computer Name: JERRY-PC | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files\OFFICE11\msohtmed.exe" %1
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files\OFFICE11\msohtmed.exe" %1
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = C5 15 B3 E3 02 E3 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1669760302-2667445884-3644838314-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F33DCE1-D80E-49B5-A0FA-01A0995DFE35}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{62AE4B00-51B8-40D3-BBFC-1DAB38DA9472}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{718D9B79-1BC7-4146-99B5-B18CA7C81FD6}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20159EA4-DC6A-47FB-97E3-D4368F8D34E0}" = protocol=17 | dir=in | app=d:\program files\activision\call of duty - world at war\codwawmp.exe |
"{3C2B7B1C-8C96-499B-ACFB-84D0995DF56C}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{40B65221-8E5C-47FE-BDF4-D14584A8CA41}" = protocol=6 | dir=in | app=d:\program files\activision\call of duty - world at war\codwawmp.exe |
"{43DB5D1C-6444-4148-AD72-0A6C79C48106}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{484F0FCE-7B89-40A0-BD1D-492559B305F8}" = protocol=6 | dir=in | app=d:\program files\activision\call of duty - world at war\codwaw.exe |
"{518244B4-9815-4912-9066-386981B5D90C}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{574F9498-4209-4723-ADB5-270D53B4019E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5D643ED0-04CE-4730-9673-69125BBF2FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{5F7E0A23-530D-4ADB-A3F1-DA7453F3C4D3}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{5FBC34EB-DBD3-45FF-9897-34E054C89D60}" = protocol=17 | dir=in | app=d:\program files\activision\call of duty - world at war\codwaw.exe |
"{74F433A7-3FAA-4872-8CB9-EF8B2E861C56}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{81DE9F97-463D-4F35-A714-9F30A881FC2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{86126D22-206A-40E5-AB9E-8356A17182A4}" = protocol=1 | dir=in | app=d:\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{8D183727-E8DD-4DC1-8EA0-815E1860FB1B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A073AFC5-FD75-4917-91EC-E21DA9A40AB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{AF68BECD-1E2F-439D-9B44-D5E97B5023A4}" = protocol=1 | dir=in | app=d:\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{B7A29928-8798-4C90-BF9D-665F8A9ECAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{CC784AF9-486F-4E9A-A878-A61592AF57B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D7CBE5B3-A829-4E1A-89D1-25BD0907BB9C}" = protocol=1 | dir=in | app=d:\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |
"{DD86516A-317F-44E9-A2DB-8BCC9054FE74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{E372E0CC-E66B-470A-8739-2CD87F4E9F09}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F2A4F378-B8EF-4088-B016-3463E0CBDBE9}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{F8369438-4488-4332-97DE-843B7E370491}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{0263EFE5-0D44-4309-B5D7-1CCCED515FEB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5E9F3B9C-3749-4E8E-9DC7-E805CF151888}C:\users\jerry\appdata\roaming\systweak\advanced system protector\quarantine\monitoring.cyberoam-web-filter-control_31_05_2010_17_02_56.dat1477111538\update.exe" = protocol=6 | dir=in | app=c:\users\jerry\appdata\roaming\systweak\advanced system protector\quarantine\monitoring.cyberoam-web-filter-control_31_05_2010_17_02_56.dat1477111538\update.exe |
"TCP Query User{97C87728-4AAE-4FF6-A3CF-CE74B7B40122}C:\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\xfire\xfire.exe |
"TCP Query User{AAD6F3EE-7AAA-4AF8-AFDA-7CDA4C3642CB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C9687C33-F41E-4BCD-8252-A457F8FCB19F}C:\program files (x86)\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty\codmp.exe |
"TCP Query User{D72CD4B8-8008-4A6B-8A9E-3F470DAD33BE}C:\users\jerry\downloads\keygen.sony.vegas.movie.studio.platinum.edition.pro.9.0.exe" = protocol=6 | dir=in | app=c:\users\jerry\downloads\keygen.sony.vegas.movie.studio.platinum.edition.pro.9.0.exe |
"TCP Query User{EA5484BD-5558-4DB9-8C2E-B608E1052151}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{FB7303E4-0A11-4062-B87C-F4B354954776}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FD18F229-F42C-4FCC-8AC8-68A56C939F88}D:\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\xfire\xfire.exe |
"UDP Query User{14772A71-93F6-4B28-8CA8-2B2823E0A301}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1F903E72-6A36-4E3B-B998-7EC592B06519}C:\program files (x86)\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty\codmp.exe |
"UDP Query User{3C32574C-816A-4526-85BF-E09764DA72F2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{57F71ACB-3432-47C9-838C-A85AF80811A8}D:\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\xfire\xfire.exe |
"UDP Query User{7E0072F4-CF7F-45D2-9064-C9C8D3E6F38C}C:\users\jerry\appdata\roaming\systweak\advanced system protector\quarantine\monitoring.cyberoam-web-filter-control_31_05_2010_17_02_56.dat1477111538\update.exe" = protocol=17 | dir=in | app=c:\users\jerry\appdata\roaming\systweak\advanced system protector\quarantine\monitoring.cyberoam-web-filter-control_31_05_2010_17_02_56.dat1477111538\update.exe |
"UDP Query User{8049F415-FF0D-4C27-B164-B98344411353}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{852FE9B4-E83B-47E7-AB79-58F79C501E57}C:\users\jerry\downloads\keygen.sony.vegas.movie.studio.platinum.edition.pro.9.0.exe" = protocol=17 | dir=in | app=c:\users\jerry\downloads\keygen.sony.vegas.movie.studio.platinum.edition.pro.9.0.exe |
"UDP Query User{B451A8C1-69DA-4EFE-860C-C104A2B1AEE3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{F06E5BD3-133C-498B-BBE2-CED7B57B2898}C:\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\xfire\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8A90CB5C-A6D1-440F-A86D-7F32CEABE062}" = Image Resizer Powertoy Clone for Windows
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"Free Registry Defrag_is1" = Free Registry Defrag
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C74D5C3-EBB9-408E-972F-B9802F13D5E4}" = 3DVIA Shape for Maps
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B7.0108.01
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4BC4FDB7-5745-48CF-896F-7029CC183842}" = Creative ZEN
"{5B6455A4-E812-479B-A762-C2356244CF97}" = AV Grabber
"{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
"{69FB248E-690D-434F-94A7-248D5F1ECD70}" = AMD OverDrive
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0b
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5d
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced System Protector_is1" = Advanced System Protector
"Afterburner" = MSI Afterburner 1.6.0
"AudioCS" = Creative Audio Control Panel
"CCleaner" = CCleaner
"Console Launcher" = Creative Console Launcher
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Disk Space Fan_is1" = Disk Space Fan 2.2.7.820
"Download Manager" = Download Manager 2.3.10
"EasyTune5Pro" = EasyTune5Pro
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"HD Tune_is1" = HD Tune 2.55
"Indeo® software" = Indeo® software
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5B6455A4-E812-479B-A762-C2356244CF97}" = EZ Grabber
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LimeWire" = LimeWire 5.5.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mp3tag" = Mp3tag v2.44
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Photo-grapher_is1" = Photo-grapher 1
"PIXresizer_is1" = PIXresizer 2.0.4
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"Shaft Selector XpertV4426" = Shaft Selector Xpert
"Software For ArchersV2426" = Software For Archers
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinISD Pro [alpha]" = WinISD Pro [alpha]
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2011 1:50:26 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 11601
Description =

Error - 1/22/2011 1:50:26 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/22/2011 1:50:32 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/22/2011 1:50:33 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 11601
Description =

Error - 1/22/2011 1:50:33 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/22/2011 1:50:35 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/22/2011 1:50:38 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/22/2011 1:50:39 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 11601
Description =

Error - 1/22/2011 1:50:39 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/22/2011 1:50:41 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 1024
Description =

[ Media Center Events ]
Error - 6/10/2009 8:18:41 PM | Computer Name = Jerry-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/21/2011 9:48:44 AM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/21/2011 9:48:44 AM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/21/2011 10:51:36 AM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/21/2011 11:05:56 AM | Computer Name = Jerry-PC | Source = Application Popup | ID = 1060
Description = \??\C:\zzz\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/21/2011 11:08:46 AM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/21/2011 11:16:21 AM | Computer Name = Jerry-PC | Source = DCOM | ID = 10010
Description =

Error - 11/21/2011 3:12:47 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/21/2011 3:12:47 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/21/2011 8:37:57 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/21/2011 8:37:57 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 22nd, 2011, 8:42 am

iowabucks,
Don't use any program purporting to clean, boost,optimize or otherwise help your Registry.
They don't do much, and there is a chance they could break your system.
We will replace Adobe Reader and Java shortly.
-------------------------------------------------
Run RogueKiller
  • Now quit all running programs.
  • Double click RogueKiller.exe to run it.
  • When prompted, type 2 and hit Enter.
  • A RKreport.txt should appear on your desktop.
  • Please post the contents of the RKreport.txt in your next Reply.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 9.4.5
Free Registry Defrag
Java(TM) 6 Update 23
HiJackThis
Auslogics BoostSpeed
Coupon Printer for Windows
LimeWire 5.5.16

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    [2011/11/01 16:48:21 | 000,001,079 | ---- | C] () -- C:\Users\Jerry\Desktop\Auslogics BoostSpeed.lnk
    [2011/11/20 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2011/11/20 19:31:46 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
    O15 - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\..Trusted Domains: facebook.com ([%20www] https in Trusted sites)
    O15 - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    
    :Files
    C:\Users\Jerry\AppData\Roaming\LimeWire
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So we are looking for the log from RogueKiller and the new OTL log.
Did MS Security Essentials report finding anything when you ran the first scan?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 22nd, 2011, 10:00 am

Nothing was found by Microsoft essentials. I tried running OTL 3 times, and each time it stopped running. The windows box said a problem caused the program to stop working correctly. I did copy and paste the correct lines.

I also had a music blog website pop up when Rougekiller ended and the textfile posted.

Any idea why i have no audio while trying to watch a YouTube video, but my games and homemade videos do have audio?


RogueKiller V6.1.10 [11/18/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Jerry [Admin rights]
Mode: Remove -- Date : 11/22/2011 07:59:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 22nd, 2011, 4:53 pm

iowabucks,
No sound on Videos: http://www.google.com/support/youtube/b ... swer=58132
------------------------------------------
UNINSTALL Flash Player using this:
http://kb2.adobe.com/cps/141/tn_14157.html
-------------------
REBOOT
-------------------
Get the Newest Version Flash Player
http://get.adobe.com/flashplayer/ (Be sure to UNCHECK any Toolbar or "partner" offers)

------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are different versions with different names. If one of them won't run ,then download and try to run one of the other ones.
After the download, Vista and Win7 users will need to right click the icon and choose Run as Administrator. XP Users can just double-click.
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools. Either ignore the warnings or shutdown your antivirus.
Please download Rkill from one of the following links (note the different names) and save to your Desktop:
iExplore.exe
Rkill.exe
eXplorer.exe
RKill.com
RKill.scr
Rkill.pif
uSeRiNiT.exe
  • Double-click on the iExplore, Rkill, eXplorer, or uSeRiNiT desktop icon to run the tool.(If using Vista or Windows 7 right-click on it and choose Run As Administrator).
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
  • If it doesn't run on the first try, please try to run it another two or three times.
  • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided after trying each a few times, please let me know.
------------------------------------------------
Now please retry a scan with OTL.

Let me know what happens.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 22nd, 2011, 5:29 pm

I did get the OTL to run after a reboot. Then i ran RKill. Then OTL again. So this logfile posted would be the second time, but after Rkill. I saved the first logfile if you need to see it.


All processes killed
========== OTL ==========
File C:\Users\Jerry\Desktop\Auslogics BoostSpeed.lnk not found.
Folder C:\Program Files (x86)\Trend Micro\ not found.
Folder C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\%20www\ not found.
Registry key HKEY_USERS\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhap-app-4-0\ not found.
Registry key HKEY_USERS\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhapreg\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
========== FILES ==========
File\Folder C:\Users\Jerry\AppData\Roaming\LimeWire not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: Default

User: Jerry
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Default
->Flash cache emptied: 0 bytes

User: Jerry
->Flash cache emptied: 1122 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jerry
->Temp folder emptied: 2735244 bytes
->Temporary Internet Files folder emptied: 16095575 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 898 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 10657792 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2510 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 28.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11222011_150949

Files\Folders moved on Reboot...
File\Folder C:\Users\Jerry\AppData\Local\Temp\fla9EF0.tmp not found!
File\Folder C:\Users\Jerry\AppData\Local\Temp\ppcrlui_4456_2 not found!
C:\Users\Jerry\AppData\Local\Temp\VGXFDDE.tmp moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Temp\~DF6BC5.tmp not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7H1KC8D\1299087876@x23[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7H1KC8D\1688201847@x23[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7H1KC8D\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7H1KC8D\fw-nonplayer-banner[2].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7H1KC8D\login_status[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7H1KC8D\login_status[2].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7H1KC8D\redirect_v94_cim_11_16_0[1].htm moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7H1KC8D\sandbox[1].htm not found!
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7H1KC8D\sandbox[2].htm not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3TA7VX8\11918205549@x23[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3TA7VX8\ads[1].htm moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3TA7VX8\afr[1].htm not found!
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3TA7VX8\channels[1].htm not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3TA7VX8\iframe[1].htm moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PGEYJ0J\11931370440@x23[1].htm not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PGEYJ0J\emily[2].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PGEYJ0J\ff2[1].htm moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PGEYJ0J\this-is-it-for-now[1].htm not found!
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PGEYJ0J\xd_receiver[4].htm not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03PER39U\1919198561@x23[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03PER39U\in[1].htm moved successfully.
File move failed. C:\Windows\SysNative\SET449C.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET5059.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 23rd, 2011, 8:23 am

Were you able to successfully update the flash player in the browser you use for YouTube?
Did the links about audio make sense?

Please start Malwarebytes Anti-malware, choose update from the tab and have it update itself.
You may have to Restart it (it will replace the engine) and update again to get the latest database.
Then run a quick scan with it and paste the log back here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 23rd, 2011, 12:33 pm

askey127 wrote:Were you able to successfully update the flash player in the browser you use for YouTube?

Yes i did. It was very easy. I did have audio on Youtube videos afterwards, but later in the day i didn't. Not sure what thats all about. i just tried it after the reboot and still don't have audio.

Everything seems to be running pretty smoothly but i did also notice when i did a google search yesterday, the first couple links i clicked on took me to different pages altogether. Then after that it went where it was supposed to.

I still have a windows box pop up after every reboot saying i need to install a driver for an unknown device. If i try, it can never find one online. I go to device manager and try to figure out what the device is that needs it, but can't figure it out. Not very specific. I could probably get by without even fixing it. It might possibly be for Microsoft 6to4 Adaptor.

These are just small problems and nothing major to me. Nothing i can't do without. I would like to get the audio on videos figured out though.

Thanks for your time and all the help so far. It's greatly appreciated. I have had to come to this and another malware forum for similar help a couple times and always get things straightened out no matter how bad it looks at first. I really would dread the idea of taking it to a computer store to get it fixed.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8224

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/23/2011 10:32:13 AM
mbam-log-2011-11-23 (10-32-13).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 330805
Time elapsed: 40 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 23rd, 2011, 5:32 pm

You may want to check whether your browser is blocking third party cookies. Flash tries to set this cokkie up when it is re-installed.
Your machine looks free of malware to me.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware