Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus/Malware


  • This topic is locked This topic is locked
24 replies to this topic

#1 ABCJessie

ABCJessie

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 13 September 2010 - 08:38 PM

Greetings! I hope I've provided enough information for the experts! Please let me know if I've missed anything.

I think that my MSN account has a keylogger?virus?malware? as I've received a massive inflow of failed delivery notifications of spam apparently sent by me to individuals on my list. I was signed on MSN messenger when all of a sudden, I would see a slew of PostMaster Failed Delivery notifications (many IDs are probably outdated and I have yet to clean them up) pop up. This has happened several times and it seems that this malware is timed to activate (maybe?) on a scheduled run.

The following are the timestamps on the first 'Delivery Status Notification (failed)' for each spam batch:
  • 8/30/2010 23:07:02 +0000 < First instance
  • 8/31/2010 17:48:10 +0000
  • 9/02/2010 17:29:37 +0000
  • 9/05/2010 19:35:31 +0000
  • 9/08/2010 18:43:44 +0000
  • 9/10/2010 12:37:25 +0000
  • 9/13/2010 20:30:13 +0000

Last instance of the popups, I ran Hijackthis immediately just in case it may catch something and have appended that along with the Attach.txt below. It seems that sometimes I drop offline as well but that could simply be a router issue.
______________________________________________________________________________________
GMER:

It seems that running GMER as per the directions for the forum posts also creates an Issue. I receive the following messages:
  • "C:Windowssystem32configsystem: The system cannot find the file specified" when opening Gmer.
  • "C:Windowssystem32configsystem: The process cannot access the file because it is being used by another process" when clicking "scan" but Gmer will still scan after clicking "Ok."

I can only check off the following: Services, Registry, Files, C:\, and ADS.
Result of GMER scan was empty: "GMER hasn't found any system modification."

Please help! sad.gif

DDS LOG:

DDS (Ver_10-03-17.01) - NTFSX64
Run by jessie at 20:47:34.98 on Mon 09/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8191.6369 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\lxctcoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\system\svchost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jessie\Downloads\OTL.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jessie\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Pando Media Booster] c:\program files (x86)\pando networks\media booster\PMB.exe
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\jessie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WebCamRT.exe]
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to &Evernote - c:\program files (x86)\evernote\evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files (x86)\evernote\evernote3.5\enbar.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1271683990991
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
mRun-x64: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun-x64: [snpstd3] c:\windows\vsnpstd3.exe
mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-18 121936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-18 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-18 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]
R2 Win_Updater;Windows Updater;c:\windows\syswow64\system\svchost.exe [2010-7-27 1198592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-8 40384]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-18 1255736]

=============== Created Last 30 ================

2010-09-13 01:42:53 0 d-----w- c:\program files (x86)\Evernote
2010-09-12 23:56:46 0 d-----w- c:\program files (x86)\Regensoft
2010-09-12 23:56:44 0 d-----w- c:\program files (x86)\AviSynth 2.5
2010-09-12 23:56:37 0 d-----w- c:\program files (x86)\Red Kawa
2010-09-12 23:44:25 305 ---ha-w- c:\users\jessie\.iTunes Preferences.plist
2010-09-12 23:44:25 0 d-----w- c:\users\jessie\Automatically Add to iTunes
2010-09-09 11:17:02 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-04 05:52:47 188968 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-09-03 15:54:29 0 d-----w- c:\windows\syswow64\Atheros_L1e
2010-09-03 15:52:21 0 d-----w- c:\program files\Microsoft IntelliType Pro
2010-09-03 15:46:16 0 d-----w- c:\programdata\NVIDIA Corporation
2010-09-03 15:43:09 64040 ----a-w- c:\windows\system32\drivers\L1E62x64.sys
2010-09-03 15:38:54 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-09-03 15:38:54 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-09-03 15:38:53 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-09-03 15:38:53 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-09-03 15:38:53 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-09-03 15:38:52 552960 ----a-w- c:\windows\system32\msdri.dll
2010-09-03 15:38:52 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-09-03 15:38:52 204288 ----a-w- c:\windows\syswow64\MSNP.ax
2010-09-03 15:38:52 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-09-03 04:37:28 0 d-----w- c:\program files\iTunes
2010-09-03 04:37:28 0 d-----w- c:\program files\iPod
2010-09-03 04:37:28 0 d-----w- c:\program files (x86)\iTunes
2010-08-28 14:50:34 0 d-----w- c:\program files (x86)\PopCap Games
2010-08-25 08:40:41 635722995 ----a-w- c:\windows\MEMORY.DMP
2010-08-21 07:37:47 0 ----a-w- c:\users\jessie\jagex__preferences3.dat
2010-08-21 07:37:46 99 ----a-w- c:\users\jessie\jagex_runescape_preferences2.dat
2010-08-21 07:36:16 46 ----a-w- c:\users\jessie\jagex_runescape_preferences.dat
2010-08-21 07:36:04 0 d-----w- C:\.jagex_cache_32
2010-08-19 23:20:54 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-19 23:20:54 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-19 23:20:54 145184 ----a-w- c:\windows\syswow64\java.exe

==================== Find3M ====================

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11:54 167592 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-09-07 14:47:33 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-21 21:14:26 130572 ----a-w- c:\windows\fonts\Swkeys1.ttf
2010-07-21 21:14:26 11560 ----a-w- c:\windows\fonts\SWMacro.otf
2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-16 04:38:54 392704 ----a-w- c:\windows\syswow64\ICH.exe
2010-07-09 20:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 20:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 20:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 20:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-30 04:10:58 592784 ----a-w- c:\windows\system32\itpcoin80.dll
2010-06-30 04:10:58 592272 ----a-w- c:\windows\system32\ipcoin80.dll
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:48:11.32 ===============

If it helps any it seems that there are a few posts on Techforums as well describing the same issue. wacko.gif

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 16 September 2010 - 05:32 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:21 AM

Posted 20 September 2010 - 03:14 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:21 AM

Posted 27 September 2010 - 05:44 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:21 AM

Posted 27 September 2010 - 11:53 PM

Reopened as requested.

Please follow the instructions in my first reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 ABCJessie

ABCJessie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 28 September 2010 - 06:23 AM


Description: My MSN account has a keylogger?virus?malware? as I've received a massive inflow of failed delivery notifications of spam apparently sent by me to individuals on my list. My inbox also shows hundreds of emails going out which were never sent by me.

Also, this could be unrelated but my internet drops intermittently for no reason.


OTL LOG:

OTL logfile created on: 9/27/2010 8:05:19 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\jessie\Desktop\Removal
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 69.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 34.70 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESSIE-PC
Current User Name: jessie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/21 01:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/09/20 20:20:14 | 000,199,168 | ---- | M] (Zecter Inc.) -- C:\Program Files (x86)\Zecter\ZumoCast\ZumoCast.exe
PRC - [2010/09/13 20:43:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\jessie\Desktop\Removal\OTL.exe
PRC - [2010/09/13 13:15:20 | 002,817,024 | ---- | M] (Lucion Technologies, LLC) -- C:\Program Files (x86)\FileCenter\Main\FileAgent.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/10 19:39:39 | 001,198,592 | ---- | M] (Micro Software ©) -- C:\Windows\SysWOW64\system\svchost.exe
PRC - [2010/08/10 19:39:39 | 001,198,592 | ---- | M] (Micro Software ©) -- C:\Windows\SysWOW64\system\svchost.exe
PRC - [2010/08/10 19:39:39 | 001,198,592 | ---- | M] (Micro Software ©) -- C:\Windows\SysWOW64\system\svchost.exe
PRC - [2010/08/10 19:39:39 | 001,198,592 | ---- | M] (Micro Software ©) -- C:\Windows\SysWOW64\system\svchost.exe
PRC - [2010/08/10 19:39:39 | 001,198,592 | ---- | M] (Micro Software ©) -- C:\Windows\SysWOW64\system\svchost.exe
PRC - [2010/08/10 19:39:39 | 001,198,592 | ---- | M] (Micro Software ©) -- C:\Windows\SysWOW64\system\svchost.exe
PRC - [2010/08/10 19:39:39 | 001,198,592 | ---- | M] (Micro Software ©) -- C:\Windows\SysWOW64\system\svchost.exe
PRC - [2010/08/10 19:39:39 | 001,198,592 | ---- | M] (Micro Software ©) -- C:\Windows\SysWOW64\system\svchost.exe
PRC - [2010/08/10 19:39:39 | 001,198,592 | ---- | M] (Micro Software ©) -- C:\Windows\SysWOW64\system\svchost.exe
PRC - [2010/08/10 00:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/04/18 22:43:27 | 002,938,552 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\jessie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 20:43:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\jessie\Desktop\Removal\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2006/11/22 10:11:54 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxctcoms.exe -- (lxct_device)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2006/11/22 10:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxctcoms.exe -- (lxct_device)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/29 11:17:57 | 000,064,040 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/11/10 07:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/03/27 18:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4065564070-2358498162-4284854356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4065564070-2358498162-4284854356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4065564070-2358498162-4284854356-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 10 C9 FE 08 5A CB 01 [binary data]
IE - HKU\S-1-5-21-4065564070-2358498162-4284854356-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4065564070-2358498162-4284854356-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FileAgent] C:\Program Files (x86)\FileCenter\Main\FileAgent.exe (Lucion Technologies, LLC)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4065564070-2358498162-4284854356-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4065564070-2358498162-4284854356-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-4065564070-2358498162-4284854356-1000..\Run: [WebCamRT.exe] File not found
O4 - HKU\S-1-5-21-4065564070-2358498162-4284854356-1000..\Run: [ZumoCast] C:\Program Files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jessie\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1271683990991 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/cinematycoon.cab (TikGames Online Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b39643c4-4b5a-11df-a9c1-0023548eb2c2}\Shell - "" = AutoRun
O33 - MountPoints2\{b39643c4-4b5a-11df-a9c1-0023548eb2c2}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/26 17:43:59 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Roaming\KingArthur
[2010/09/26 16:39:17 | 000,000,000 | R--D | C] -- C:\Users\jessie\Documents\My Dropbox
[2010/09/26 16:32:19 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Roaming\Dropbox
[2010/09/26 16:27:40 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Roaming\ZumoCast
[2010/09/26 16:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zecter
[2010/09/26 10:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMacsoft
[2010/09/26 10:41:02 | 000,000,000 | ---D | C] -- C:\Users\jessie\Desktop\imsoft.pack
[2010/09/26 10:41:02 | 000,000,000 | ---D | C] -- C:\Users\jessie\Desktop\iMacsoft.iPad.to.PC.Transfer.v2.5.0.0921.Incl.Keygen-MAZE
[2010/09/22 23:53:30 | 004,218,880 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2010/09/22 23:53:20 | 000,053,528 | ---- | C] (Tracker Software Products Ltd.) -- C:\Windows\SysNative\pxc40pm.dll
[2010/09/22 23:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileCenter
[2010/09/22 19:10:04 | 042,396,423 | ---- | C] (Lucion Technologies, LLC ) -- C:\Users\jessie\Desktop\FileCenterSetup_v6.6.0.7469.exe
[2010/09/22 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\jessie\Desktop\Lucion.FileCenter.Professional.Plus.v6.6.0.7469.Cracked-EAT
[2010/09/22 19:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCenter
[2010/09/22 19:02:09 | 000,000,000 | ---D | C] -- C:\Users\jessie\Desktop\Lucion.FileCenter.Professional.Plus.v6.6.0.7469.Cr
[2010/09/21 00:08:10 | 000,000,000 | ---D | C] -- C:\Users\jessie\Desktop\Fall 2010 RES3200 EL6 (1879)
[2010/09/19 12:03:48 | 000,000,000 | ---D | C] -- C:\Users\jessie\Documents\Simpo PDF to Word
[2010/09/19 12:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simpo PDF to Word
[2010/09/18 23:35:45 | 000,000,000 | ---D | C] -- C:\Users\jessie\Documents\Red Kawa
[2010/09/18 23:35:45 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Roaming\Red Kawa
[2010/09/18 23:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2010/09/18 23:22:54 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Roaming\DivX
[2010/09/18 23:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/09/15 00:57:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/14 03:09:18 | 000,000,000 | ---D | C] -- C:\Users\jessie\Books
[2010/09/13 22:46:15 | 000,000,000 | R--D | C] -- C:\Users\jessie\Documents\Books
[2010/09/13 21:40:56 | 000,000,000 | ---D | C] -- C:\Users\jessie\Desktop\Removal
[2010/09/12 21:48:46 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Local\Evernote
[2010/09/12 21:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2010/09/12 19:56:59 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Local\Geckofx
[2010/09/12 19:56:54 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Roaming\Mozilla
[2010/09/12 19:56:46 | 000,000,000 | ---D | C] -- C:\Users\jessie\Documents\Regensoft
[2010/09/12 19:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Regensoft
[2010/09/12 19:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010/09/12 19:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa
[2010/09/12 19:44:25 | 000,000,000 | ---D | C] -- C:\Users\jessie\Automatically Add to iTunes
[2010/09/09 07:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/03 11:54:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2010/09/03 11:54:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/03 11:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/09/03 11:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/09/03 11:43:09 | 000,064,040 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1E62x64.sys
[2010/09/03 11:43:09 | 000,000,000 | ---D | C] -- C:\Users\jessie\Desktop\AR81FamilyWinSetup-1.0.0.49_WHQL
[2010/09/03 00:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/03 00:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/03 00:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/01 18:01:57 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Roaming\vlc
[2010/08/25 04:40:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/21 03:36:04 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/08/20 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\jessie\Documents\Remote Assistance Logs
[2010/08/19 19:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/10 19:40:01 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Roaming\Bicyclestudios
[2010/08/10 19:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Bicyclestudios
[2010/08/10 19:39:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\weber
[2010/08/10 19:39:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system
[2010/07/18 16:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/07/18 14:48:59 | 000,000,000 | ---D | C] -- C:\Users\jessie\AppData\Roaming\BitTorrent
[2010/07/18 14:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010/07/10 05:38:00 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/10 05:38:00 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/29 23:04:46 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/05/19 07:21:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctserv.dll
[2010/05/19 07:21:05 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctusb1.dll
[2010/05/19 07:21:05 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctpmui.dll
[2010/05/19 07:21:05 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctinpa.dll
[2010/05/19 07:21:05 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctiesc.dll
[2010/05/19 07:21:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcthbn3.dll
[2010/05/19 07:21:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcomc.dll
[2010/05/19 07:21:04 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctlmpm.dll
[2010/05/19 07:21:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctcomm.dll
[2010/05/19 07:21:04 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctprox.dll
[2010/05/19 07:21:04 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxctpplc.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

========== Files - Modified Within 90 Days ==========

[2010/09/27 20:06:07 | 003,932,160 | -HS- | M] () -- C:\Users\jessie\NTUSER.DAT
[2010/09/27 20:06:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4065564070-2358498162-4284854356-1000UA.job
[2010/09/27 18:29:45 | 000,014,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 18:29:45 | 000,014,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 16:06:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4065564070-2358498162-4284854356-1000Core.job
[2010/09/27 06:27:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/27 06:27:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/27 06:27:04 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/27 06:26:03 | 001,980,643 | -H-- | M] () -- C:\Users\jessie\AppData\Local\IconCache.db
[2010/09/26 16:39:17 | 000,001,021 | ---- | M] () -- C:\Users\jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/09/26 16:39:16 | 000,001,041 | ---- | M] () -- C:\Users\jessie\Desktop\Dropbox.lnk
[2010/09/26 10:42:16 | 000,001,258 | ---- | M] () -- C:\Users\jessie\Application Data\Microsoft\Internet Explorer\Quick Launch\iMacsoft iPad to PC Transfer.lnk
[2010/09/26 10:42:16 | 000,001,234 | ---- | M] () -- C:\Users\jessie\Desktop\iMacsoft iPad to PC Transfer.lnk
[2010/09/22 23:53:10 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\FileCenter.lnk
[2010/09/21 06:50:00 | 042,396,423 | ---- | M] (Lucion Technologies, LLC ) -- C:\Users\jessie\Desktop\FileCenterSetup_v6.6.0.7469.exe
[2010/09/19 12:16:05 | 000,000,992 | ---- | M] () -- C:\Users\jessie\Desktop\Simpo PDF to Word.lnk
[2010/09/19 12:13:47 | 008,455,163 | ---- | M] () -- C:\Users\jessie\Desktop\Simpo_PDF_to_Word_v3.0.0.rar
[2010/09/16 18:59:40 | 000,301,071 | ---- | M] () -- C:\Users\jessie\Documents\BookRenter Customer Support Log - September 16.jpg
[2010/09/16 18:41:50 | 000,730,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/16 18:41:50 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/16 18:41:50 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/13 13:15:56 | 000,490,496 | ---- | M] () -- C:\Windows\SysWow64\FcHK32.dll
[2010/09/12 21:42:58 | 000,001,019 | ---- | M] () -- C:\Users\jessie\Desktop\Evernote3.5.lnk
[2010/09/12 19:56:46 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
[2010/09/12 19:56:40 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Videora iPad Converter.lnk
[2010/09/12 19:44:25 | 000,000,305 | -H-- | M] () -- C:\Users\jessie\.iTunes Preferences.plist
[2010/09/08 17:38:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/07 10:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/09/07 10:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/09/07 10:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/09/07 10:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/09/04 01:52:47 | 000,188,968 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/03 12:02:44 | 000,109,232 | ---- | M] () -- C:\Users\jessie\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/03 11:56:17 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/03 11:42:43 | 002,460,608 | ---- | M] () -- C:\Users\jessie\Desktop\AR81FamilyWinSetup-1.0.0.49_WHQL.rar
[2010/09/03 00:37:38 | 000,002,447 | ---- | M] () -- C:\Users\jessie\Desktop\iTunes.lnk
[2010/08/30 17:37:34 | 635,722,995 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/21 03:47:23 | 000,000,099 | ---- | M] () -- C:\Users\jessie\jagex_runescape_preferences2.dat
[2010/08/21 03:38:21 | 000,000,046 | ---- | M] () -- C:\Users\jessie\jagex_runescape_preferences.dat
[2010/08/21 03:37:47 | 000,000,000 | ---- | M] () -- C:\Users\jessie\jagex__preferences3.dat
[2010/08/19 19:06:47 | 000,055,513 | ---- | M] () -- C:\Users\jessie\Desktop\Home Network.jpg
[2010/08/10 19:39:39 | 000,004,286 | ---- | M] () -- C:\Windows\SysWow64\ico.ico
[2010/07/29 18:51:39 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/24 17:32:44 | 001,605,632 | ---- | M] () -- C:\Users\jessie\Documents\Personal contact manager.accdb
[2010/07/23 06:57:59 | 000,088,576 | ---- | M] () -- C:\Users\jessie\Desktop\contacts.xls
[2010/07/21 22:37:01 | 000,577,735 | ---- | M] () -- C:\Users\jessie\Documents\PersonalContactManager.accdt
[2010/07/16 00:38:54 | 000,392,704 | ---- | M] () -- C:\Windows\SysWow64\ICH.exe
[2010/07/12 03:35:30 | 000,053,528 | ---- | M] (Tracker Software Products Ltd.) -- C:\Windows\SysNative\pxc40pm.dll
[2010/07/10 05:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/10 05:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/10 05:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

========== Files Created - No Company Name ==========

[2010/09/26 16:39:17 | 000,001,021 | ---- | C] () -- C:\Users\jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/09/26 16:39:16 | 000,001,041 | ---- | C] () -- C:\Users\jessie\Desktop\Dropbox.lnk
[2010/09/26 10:42:16 | 000,001,258 | ---- | C] () -- C:\Users\jessie\Application Data\Microsoft\Internet Explorer\Quick Launch\iMacsoft iPad to PC Transfer.lnk
[2010/09/26 10:42:16 | 000,001,234 | ---- | C] () -- C:\Users\jessie\Desktop\iMacsoft iPad to PC Transfer.lnk
[2010/09/22 23:53:10 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\FileCenter.lnk
[2010/09/22 23:53:06 | 000,490,496 | ---- | C] () -- C:\Windows\SysWow64\FcHK32.dll
[2010/09/19 12:16:05 | 000,000,992 | ---- | C] () -- C:\Users\jessie\Desktop\Simpo PDF to Word.lnk
[2010/09/19 12:12:47 | 008,455,163 | ---- | C] () -- C:\Users\jessie\Desktop\Simpo_PDF_to_Word_v3.0.0.rar
[2010/09/18 23:30:17 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2010/09/18 23:30:17 | 000,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2010/09/16 18:59:40 | 000,301,071 | ---- | C] () -- C:\Users\jessie\Documents\BookRenter Customer Support Log - September 16.jpg
[2010/09/16 18:41:50 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/12 21:42:58 | 000,001,019 | ---- | C] () -- C:\Users\jessie\Desktop\Evernote3.5.lnk
[2010/09/12 19:56:46 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
[2010/09/12 19:56:40 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Videora iPad Converter.lnk
[2010/09/12 19:44:25 | 000,000,305 | -H-- | C] () -- C:\Users\jessie\.iTunes Preferences.plist
[2010/09/04 01:52:47 | 000,188,968 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/03 11:42:36 | 002,460,608 | ---- | C] () -- C:\Users\jessie\Desktop\AR81FamilyWinSetup-1.0.0.49_WHQL.rar
[2010/09/03 00:37:38 | 000,002,447 | ---- | C] () -- C:\Users\jessie\Desktop\iTunes.lnk
[2010/08/25 04:40:41 | 635,722,995 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/21 03:37:47 | 000,000,000 | ---- | C] () -- C:\Users\jessie\jagex__preferences3.dat
[2010/08/21 03:37:46 | 000,000,099 | ---- | C] () -- C:\Users\jessie\jagex_runescape_preferences2.dat
[2010/08/21 03:36:16 | 000,000,046 | ---- | C] () -- C:\Users\jessie\jagex_runescape_preferences.dat
[2010/08/19 19:06:47 | 000,055,513 | ---- | C] () -- C:\Users\jessie\Desktop\Home Network.jpg
[2010/08/10 19:39:39 | 000,004,286 | ---- | C] () -- C:\Windows\SysWow64\ico.ico
[2010/07/23 06:57:58 | 000,088,576 | ---- | C] () -- C:\Users\jessie\Desktop\contacts.xls
[2010/07/21 22:37:01 | 000,577,735 | ---- | C] () -- C:\Users\jessie\Documents\PersonalContactManager.accdt
[2010/07/21 22:37:00 | 001,605,632 | ---- | C] () -- C:\Users\jessie\Documents\Personal contact manager.accdb
[2010/07/16 00:38:54 | 000,392,704 | ---- | C] () -- C:\Windows\SysWow64\ICH.exe
[2010/05/22 21:59:27 | 000,007,606 | ---- | C] () -- C:\Users\jessie\AppData\Local\Resmon.ResmonCfg
[2010/05/19 07:21:05 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCTinst.dll
[2010/04/25 19:21:17 | 000,007,680 | ---- | C] () -- C:\Users\jessie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 07:02:43 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/04/19 10:31:41 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2010/04/19 10:28:25 | 000,001,632 | ---- | C] () -- C:\Windows\_delis32.ini
[2010/04/19 00:38:54 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

========== LOP Check ==========

[2010/05/20 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\jessie\AppData\Roaming\5400 Series
[2010/04/19 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\jessie\AppData\Roaming\acccore
[2010/08/10 19:40:01 | 000,000,000 | ---D | M] -- C:\Users\jessie\AppData\Roaming\Bicyclestudios
[2010/09/27 06:26:04 | 000,000,000 | ---D | M] -- C:\Users\jessie\AppData\Roaming\BitTorrent
[2010/09/27 06:27:45 | 000,000,000 | ---D | M] -- C:\Users\jessie\AppData\Roaming\Dropbox
[2010/09/26 17:43:59 | 000,000,000 | ---D | M] -- C:\Users\jessie\AppData\Roaming\KingArthur
[2010/04/18 22:39:55 | 000,000,000 | ---D | M] -- C:\Users\jessie\AppData\Roaming\Leadertech
[2010/09/18 23:35:45 | 000,000,000 | ---D | M] -- C:\Users\jessie\AppData\Roaming\Red Kawa
[2010/09/26 16:28:40 | 000,000,000 | ---D | M] -- C:\Users\jessie\AppData\Roaming\ZumoCast
[2009/07/14 01:08:49 | 000,011,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


EXTRAS LOG:

OTL Extras logfile created on: 9/27/2010 8:05:19 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\jessie\Desktop\Removal
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 69.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 34.70 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESSIE-PC
Current User Name: jessie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4065564070-2358498162-4284854356-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\jessie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Lexmark 5400 Series" = Lexmark 5400 Series
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8BC914BF-F80D-47D9-BD1E-809EB6A7C23C}_is1" = FileCenter 6.6
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Atlantica" = Atlantica
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"iMacsoft iPad to PC Transfer" = iMacsoft iPad to PC Transfer
"PROPLUS" = Microsoft Office Professional Plus 2007
"Simpo PDF to Word_is1" = Simpo PDF to Word 3.0.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Videora iPad Converter" = Videora iPad Converter 6
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"YouTube Downloader App" = YouTube Downloader App 3.00
"ZumoCast" = ZumoCast

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4065564070-2358498162-4284854356-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2010 5:01:03 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

Error - 9/16/2010 5:01:06 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

Error - 9/16/2010 5:01:08 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

Error - 9/16/2010 5:01:11 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

Error - 9/16/2010 5:01:13 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

Error - 9/16/2010 5:01:16 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

Error - 9/16/2010 5:01:18 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

Error - 9/16/2010 5:01:20 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

Error - 9/16/2010 5:01:21 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

Error - 9/16/2010 5:01:23 AM | Computer Name = jessie-PC | Source = svchost.exe | ID = 0
Description =

[ OSession Events ]
Error - 6/5/2010 9:42:56 PM | Computer Name = jessie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/18/2010 7:35:07 PM | Computer Name = jessie-PC | Source = DCOM | ID = 10010
Description =

Error - 9/18/2010 10:14:24 PM | Computer Name = jessie-PC | Source = volsnap | ID = 393251
Description = The shadow copies of volume C: were aborted because the shadow copy
storage failed to grow.

Error - 9/25/2010 11:49:13 PM | Computer Name = jessie-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 9/26/2010 3:21:00 AM | Computer Name = jessie-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 9/26/2010 11:00:39 AM | Computer Name = jessie-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 9/27/2010 6:11:04 AM | Computer Name = jessie-PC | Source = BROWSER | ID = 8032
Description =

Error - 9/27/2010 6:26:09 AM | Computer Name = jessie-PC | Source = DCOM | ID = 10005
Description =

Error - 9/27/2010 6:26:09 AM | Computer Name = jessie-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 9/27/2010 6:26:09 AM | Computer Name = jessie-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 9/27/2010 6:31:21 AM | Computer Name = jessie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >


Unfortunately when I tried to run RKUnhookerLE, I received the following message and it failed to run: "Error loading driver, NTSTATUS code: 0xC000036B."

#6 ABCJessie

ABCJessie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 28 September 2010 - 06:26 AM

Thanks again!

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:21 AM

Posted 28 September 2010 - 06:53 AM

Hi there,
This is most likely just a hacked password. Did you change your password to a strong password and did you still get these notifications?

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Edited by elise025, 28 September 2010 - 06:53 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 ABCJessie

ABCJessie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 28 September 2010 - 10:08 PM

I changed my password 4 times, each time with both caps and small case with numbers included, but mails were still being sent out from my email. Seems like Malware bytes found a trojan...that can't be good. sad.gif

OTL LOG:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jessie
->Temp folder emptied: 722847457 bytes
->Temporary Internet Files folder emptied: 365223035 bytes
->Java cache emptied: 6247115 bytes
->Google Chrome cache emptied: 279017788 bytes
->Flash cache emptied: 153567 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5214629 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 520591726 bytes

Total Files Cleaned = 1,811.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09282010_192213

Files\Folders moved on Reboot...
C:\Users\jessie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

MALWARE BYTES LOG:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4713

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/28/2010 11:04:18 PM
mbam-log-2010-09-28 (23-04-18).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 389560
Time elapsed: 42 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\ICH.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ICH.exe (Spyware.Password) -> Quarantined and deleted successfully.

Edited by ABCJessie, 28 September 2010 - 10:09 PM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:21 AM

Posted 29 September 2010 - 04:33 AM

Can you please rerun an MBAM quick scan and see if everything is clean now? If so, change your password once again and see if spam is still being sent.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 ABCJessie

ABCJessie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 29 September 2010 - 05:50 AM

I ran the quick scan and it looks like everything's clean. I'll change my password know and thanks for all your help!

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:21 AM

Posted 29 September 2010 - 07:26 AM

Lets also run one last scan.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 ABCJessie

ABCJessie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 30 September 2010 - 06:35 PM

Unfortunately...it didn't work. Another spam batch was sent out yesterday after the password was changed. I'll run the scan now and post up the new log.

Thanks again for all the help, I really do appreciate it.

- Clueless and grateful

Edited by ABCJessie, 30 September 2010 - 06:40 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:21 AM

Posted 01 October 2010 - 02:19 AM

Please scan also with MBAM.

Download TCPView from http://live.sysinternals.com/tcpview.exe

Once the file is downloaded, double-click on it to execute the program.

When the program starts, click on the Options menu option and uncheck Resolve addresses.

Then click on the File menu option and select Save as....

A window will open asking where you would like to save the log file. Save it to your desktop as tcpview.txt

Please post its contents in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#14 ABCJessie

ABCJessie
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 01 October 2010 - 09:10 AM

Scan Results stated no threats found. I ran another scan with Malwarebytes and same conclusion.

Edited by ABCJessie, 01 October 2010 - 09:10 AM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,575 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:21 AM

Posted 01 October 2010 - 10:11 AM

Okay, please run TCP view as instructed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users