Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with skype names, plus virus.


  • This topic is locked This topic is locked
26 replies to this topic

#1 xer 21

xer 21

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 14 December 2010 - 04:02 AM

So i'm having some problems that wont go away. i first noticed it when i got a fake alert from a program masquerading as "microsoft security essentials alert" (i do use MSE though) but it wouldnt let me close the window. so i restarted, ran malwarebytes, and had it clean some stuff up. then, i get on call of duty 4, later that day, and i keep getting kicked out by punkbuster for having an unathorized program running. i wasnt cheating, the guys on the server know this (i've been there for years), so they told me that the program running was likely a virus. i keep running stuff to scan for it but it isnt going away. so i tried to do a system restore, which usually works, but that didnt help.

then, shortly after that, i get popups every few minutes telling me "SkypeNames" has stopped working. so i shut down skype and i keep getting the message. i uninstall skype and i keep getting the message. unless i minimize the windows, they stay on top of every open window i have. they keep coming up until 32 of them open at which point they will stop. system restore doesnt work either.

i tried having a friend sort this out, but he managed to crash my computer. so im coming to you guys.


i already have a hijack this log, v.2.02, so its a little old though.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:50 PM, on 12/13/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportshawaii.com/sh/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files (x86)\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Registration .LNK = C:\Program Files (x86)\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1caf22fe87deda4) (gupdate1caf22fe87deda4) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kinetic Books License Service - Kinetic Books - C:\Program Files (x86)\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 13855 bytes



hope you guys can help me. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:31 PM

Posted 23 December 2010 - 11:22 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 24 December 2010 - 05:11 PM

Here is the OTL/txt File:

OTL logfile created on: 12/24/2010 12:12:03 PM - Run 7
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Owner\Desktop\New Folder (3)
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
5.00 Gb Paging File | 2.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 18.23 Gb Free Space | 6.12% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/24 11:48:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\New Folder (3)\OTL.exe
PRC - [2010/11/21 11:59:41 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/11/12 22:23:14 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/10/30 01:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/05/26 12:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/05/10 07:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/01/18 21:33:35 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2005/04/01 15:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [1999/12/12 07:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/24 11:48:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\New Folder (3)\OTL.exe
MOD - [2010/08/31 05:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2006/11/01 22:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/01/07 15:24:16 | 000,470,240 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 15:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2008/01/18 22:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/12 22:23:14 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/28 15:41:22 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/09/15 21:44:27 | 000,079,360 | ---- | M] (Kinetic Books) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe -- (Kinetic Books License Service)
SRV - [2008/08/25 14:26:18 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/07/27 08:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/04/01 15:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [1999/12/12 07:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/12/01 13:39:06 | 000,144,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/01/18 13:48:33 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/12 09:07:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/09/12 09:07:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/05/22 13:08:37 | 000,036,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2009/02/17 07:11:25 | 000,031,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/18 21:09:56 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/18 20:47:12 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/18 20:38:16 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/18 20:30:09 | 000,903,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2007/08/28 17:04:20 | 000,067,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2007/05/01 03:00:00 | 000,052,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/10/09 16:09:03 | 000,742,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV - [2008/06/12 20:48:20 | 000,012,528 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sportshawaii.com/sh/index.php
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/26 21:58:37 | 000,000,000 | ---D | M]

[2009/04/13 21:06:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/13 21:06:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/02/24 23:08:44 | 000,297,277 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10269 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [VnrBlock21] C:\Program Files (x86)\VnrBlock\VnrBlock21.exe File not found
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c37f379c-5a0b-11de-9a43-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{c37f37a1-5a0b-11de-9a43-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{e3435fa4-048c-11df-8b23-00044b025ba3}\Shell - "" = AutoRun
O33 - MountPoints2\{e3435fa4-048c-11df-8b23-00044b025ba3}\Shell\AutoRun\command - "" = H:\Support\AutoRun\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 12:27:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Command and Conquer Generals Data
[2010/12/18 22:42:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\.VirtualBox
[2010/12/18 22:31:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/12/18 22:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/12/17 22:56:00 | 000,000,000 | ---D | C] -- C:\westwood
[2010/12/17 00:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DX-Ball
[2010/12/16 01:32:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\failsafe demeo lab
[2010/12/15 23:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxima-5.22.1
[2010/12/15 11:28:07 | 026,625,650 | ---- | C] (The Maxima Development Team ) -- C:\Users\Owner\Desktop\maxima-5.22.1.exe
[2010/12/15 05:59:07 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/15 05:59:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/15 05:59:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/12/15 05:58:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/15 05:58:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/12/15 05:58:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 05:58:40 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/12/15 05:58:39 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/15 05:58:39 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/12/15 05:58:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/15 05:58:39 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/15 05:58:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/12/15 05:58:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/12/15 05:58:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/12/15 05:58:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/15 05:58:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/12/15 05:58:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/15 05:57:39 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/15 05:57:37 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/04 00:34:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5E54C469-2BE4-49F0-A52B-B9048D787AAF}
[2008/04/20 22:17:08 | 003,240,116 | ---- | C] (Macrovision Corporation) -- C:\Program Files\ISSetup.dll
[2008/04/20 22:17:08 | 002,962,496 | ---- | C] (SEGA ) -- C:\Program Files\setup.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/24 11:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/24 11:51:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/24 10:40:14 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/24 10:40:14 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/23 19:20:23 | 000,058,039 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/23 19:20:22 | 000,058,039 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/23 08:39:44 | 000,423,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/23 08:39:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/23 08:39:11 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 23:23:27 | 000,000,221 | ---- | M] () -- C:\Users\Owner\Desktop\Assassin's Creed II.url
[2010/12/19 00:03:22 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer The First Decade.lnk
[2010/12/18 23:13:25 | 000,655,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/18 23:13:25 | 000,363,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/18 23:13:25 | 000,290,720 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/18 22:32:37 | 000,000,965 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010/12/18 22:32:37 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010/12/18 17:35:57 | 000,002,675 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/12/18 02:11:15 | 000,188,113 | ---- | M] () -- C:\Program Files (x86)\SAVEGAME.005
[2010/12/18 02:10:30 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\HALLFAME.DAT
[2010/12/18 02:09:24 | 000,002,254 | ---- | M] () -- C:\Program Files (x86)\REDALERT.INI
[2010/12/18 01:21:00 | 000,190,882 | ---- | M] () -- C:\Program Files (x86)\SAVEGAME.004
[2010/12/18 00:20:29 | 000,189,248 | ---- | M] () -- C:\Program Files (x86)\SAVEGAME.003
[2010/12/17 23:46:54 | 000,171,370 | ---- | M] () -- C:\Program Files (x86)\SAVEGAME.002
[2010/12/17 23:44:14 | 000,169,580 | ---- | M] () -- C:\Program Files (x86)\SAVEGAME.001
[2010/12/17 23:42:08 | 000,169,000 | ---- | M] () -- C:\Program Files (x86)\SAVEGAME.000
[2010/12/17 22:57:04 | 064,171,360 | ---- | M] () -- C:\Program Files (x86)\SCORES.MIX
[2010/12/17 22:57:04 | 002,375,680 | ---- | M] () -- C:\Program Files (x86)\Ra95.exe
[2010/12/17 22:57:01 | 014,932,344 | ---- | M] () -- C:\Program Files (x86)\GENERAL.MIX
[2010/12/17 22:57:01 | 001,038,859 | ---- | M] () -- C:\Program Files (x86)\TEMPERAT.MIX
[2010/12/17 22:57:01 | 001,030,861 | ---- | M] () -- C:\Program Files (x86)\SNOW.MIX
[2010/12/17 22:57:01 | 001,006,778 | ---- | M] () -- C:\Program Files (x86)\SOUNDS.MIX
[2010/12/17 22:57:01 | 000,309,406 | ---- | M] () -- C:\Program Files (x86)\ALLIES.MIX
[2010/12/17 22:57:01 | 000,266,077 | ---- | M] () -- C:\Program Files (x86)\RUSSIAN.MIX
[2010/12/17 22:57:01 | 000,247,425 | ---- | M] () -- C:\Program Files (x86)\INTERIOR.MIX
[2010/12/17 22:57:01 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\TEMP_VTX.PAL
[2010/12/17 22:57:01 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\SNOW_VTX.PAL
[2010/12/17 22:57:01 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\INTR_VTX.PAL
[2010/12/17 22:57:01 | 000,000,000 | ---- | M] () -- C:\MAIN.MIX
[2010/12/17 22:57:00 | 002,177,047 | ---- | M] () -- C:\Program Files (x86)\CONQUER.MIX
[2010/12/17 22:57:00 | 000,469,922 | ---- | M] () -- C:\Program Files (x86)\EXPAND2.MIX
[2010/12/17 22:57:00 | 000,458,242 | ---- | M] () -- C:\Program Files (x86)\EXPAND.MIX
[2010/12/17 22:57:00 | 000,211,145 | ---- | M] () -- C:\Program Files (x86)\WOLAPI.MIX
[2010/12/17 22:57:00 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\PATCHW32.DLL
[2010/12/17 22:57:00 | 000,090,264 | ---- | M] () -- C:\Program Files (x86)\HIRES1.MIX
[2010/12/17 22:57:00 | 000,057,076 | ---- | M] () -- C:\Program Files (x86)\LORES1.MIX
[2010/12/17 22:57:00 | 000,054,335 | ---- | M] () -- C:\Program Files (x86)\EDHI.MIX
[2010/12/17 22:57:00 | 000,039,608 | ---- | M] () -- C:\Program Files (x86)\LAUNCHER.BMP
[2010/12/17 22:57:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\MPGDLL.DLL
[2010/12/17 22:57:00 | 000,008,230 | ---- | M] () -- C:\Program Files (x86)\EDLO.MIX
[2010/12/17 22:57:00 | 000,000,022 | ---- | M] () -- C:\Program Files (x86)\ra95.lcf
[2010/12/17 22:56:00 | 002,430,823 | ---- | M] () -- C:\Program Files (x86)\GAME.DAT
[2010/12/17 22:55:50 | 025,046,328 | ---- | M] () -- C:\Program Files (x86)\REDALERT.MIX
[2010/12/17 22:55:50 | 000,025,902 | ---- | M] () -- C:\Program Files (x86)\THIPX32.DLL
[2010/12/17 22:55:50 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\RESLIB.DLL
[2010/12/17 22:55:50 | 000,004,192 | ---- | M] () -- C:\Program Files (x86)\THIPX16.DLL
[2010/12/17 22:55:49 | 000,261,425 | ---- | M] () -- C:\Program Files (x86)\HMIDRV.386
[2010/12/17 22:55:49 | 000,108,498 | ---- | M] () -- C:\Program Files (x86)\RASETUP.EXE
[2010/12/17 22:55:49 | 000,083,152 | ---- | M] () -- C:\Program Files (x86)\HMIDET.386
[2010/12/17 22:55:48 | 001,165,315 | ---- | M] () -- C:\Program Files (x86)\EDIT.DAT
[2010/12/17 22:55:48 | 000,870,400 | ---- | M] () -- C:\Program Files (x86)\EDWIN.EXE
[2010/12/17 00:50:46 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/12/17 00:46:04 | 000,010,291 | ---- | M] () -- C:\Users\Owner\Documents\nostalgic games.docx
[2010/12/16 23:28:52 | 000,034,304 | ---- | M] () -- C:\Users\Owner\Documents\final study sheet here.doc
[2010/12/16 01:13:18 | 000,029,577 | ---- | M] () -- C:\Users\Owner\maxout.gnuplot
[2010/12/16 01:07:54 | 000,000,086 | ---- | M] () -- C:\Users\Owner\maxout.xmaxima
[2010/12/16 00:48:59 | 000,123,080 | ---- | M] () -- C:\Users\Owner\sdfplot.ps
[2010/12/15 23:36:37 | 000,001,010 | ---- | M] () -- C:\Users\Owner\Desktop\wxMaxima.lnk
[2010/12/15 11:28:00 | 026,625,650 | ---- | M] (The Maxima Development Team ) -- C:\Users\Owner\Desktop\maxima-5.22.1.exe
[2010/12/13 17:51:53 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/12/05 18:53:31 | 000,011,322 | ---- | M] () -- C:\Users\Owner\Documents\scdule spring 2011.xlsx
[2010/12/05 18:28:00 | 000,014,075 | ---- | M] () -- C:\Users\Owner\Documents\crn spring 2011.docx
[2010/12/01 13:39:06 | 000,144,784 | ---- | M] () -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010/12/01 13:39:04 | 000,318,992 | ---- | M] () -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010/11/25 11:41:52 | 000,012,241 | ---- | M] () -- C:\Users\Owner\Documents\eval.docx
[2010/11/25 00:20:01 | 000,000,010 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\install
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/22 23:23:27 | 000,000,221 | ---- | C] () -- C:\Users\Owner\Desktop\Assassin's Creed II.url
[2010/12/19 00:03:22 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer The First Decade.lnk
[2010/12/18 22:32:37 | 000,000,965 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010/12/18 22:32:37 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010/12/18 22:32:36 | 000,203,152 | ---- | C] () -- C:\Windows\SysNative\drivers\VBoxDrv.sys
[2010/12/18 22:31:04 | 000,053,968 | ---- | C] () -- C:\Windows\SysNative\drivers\VBoxUSBMon.sys
[2010/12/18 02:11:15 | 000,188,113 | ---- | C] () -- C:\Program Files (x86)\SAVEGAME.005
[2010/12/18 01:21:00 | 000,190,882 | ---- | C] () -- C:\Program Files (x86)\SAVEGAME.004
[2010/12/18 00:20:29 | 000,189,248 | ---- | C] () -- C:\Program Files (x86)\SAVEGAME.003
[2010/12/17 23:46:54 | 000,171,370 | ---- | C] () -- C:\Program Files (x86)\SAVEGAME.002
[2010/12/17 23:44:14 | 000,169,580 | ---- | C] () -- C:\Program Files (x86)\SAVEGAME.001
[2010/12/17 23:38:43 | 000,169,000 | ---- | C] () -- C:\Program Files (x86)\SAVEGAME.000
[2010/12/17 23:05:47 | 000,000,161 | ---- | C] () -- C:\Program Files (x86)\HALLFAME.DAT
[2010/12/17 22:57:01 | 000,000,000 | ---- | C] () -- C:\MAIN.MIX
[2010/12/17 22:57:00 | 000,469,922 | ---- | C] () -- C:\Program Files (x86)\EXPAND2.MIX
[2010/12/17 22:57:00 | 000,458,242 | ---- | C] () -- C:\Program Files (x86)\EXPAND.MIX
[2010/12/17 22:57:00 | 000,211,145 | ---- | C] () -- C:\Program Files (x86)\WOLAPI.MIX
[2010/12/17 22:57:00 | 000,142,336 | ---- | C] () -- C:\Program Files (x86)\PATCHW32.DLL
[2010/12/17 22:57:00 | 000,090,264 | ---- | C] () -- C:\Program Files (x86)\HIRES1.MIX
[2010/12/17 22:57:00 | 000,057,076 | ---- | C] () -- C:\Program Files (x86)\LORES1.MIX
[2010/12/17 22:57:00 | 000,039,608 | ---- | C] () -- C:\Program Files (x86)\LAUNCHER.BMP
[2010/12/17 22:57:00 | 000,032,768 | ---- | C] () -- C:\Program Files (x86)\MPGDLL.DLL
[2010/12/17 22:57:00 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\ra95.lcf
[2010/12/17 22:56:11 | 064,171,360 | ---- | C] () -- C:\Program Files (x86)\SCORES.MIX
[2010/12/17 22:56:11 | 001,038,859 | ---- | C] () -- C:\Program Files (x86)\TEMPERAT.MIX
[2010/12/17 22:56:11 | 001,030,861 | ---- | C] () -- C:\Program Files (x86)\SNOW.MIX
[2010/12/17 22:56:11 | 001,006,778 | ---- | C] () -- C:\Program Files (x86)\SOUNDS.MIX
[2010/12/17 22:56:11 | 000,309,406 | ---- | C] () -- C:\Program Files (x86)\ALLIES.MIX
[2010/12/17 22:56:11 | 000,266,077 | ---- | C] () -- C:\Program Files (x86)\RUSSIAN.MIX
[2010/12/17 22:56:11 | 000,247,425 | ---- | C] () -- C:\Program Files (x86)\INTERIOR.MIX
[2010/12/17 22:56:11 | 000,004,096 | ---- | C] () -- C:\Program Files (x86)\TEMP_VTX.PAL
[2010/12/17 22:56:11 | 000,004,096 | ---- | C] () -- C:\Program Files (x86)\SNOW_VTX.PAL
[2010/12/17 22:56:11 | 000,004,096 | ---- | C] () -- C:\Program Files (x86)\INTR_VTX.PAL
[2010/12/17 22:56:03 | 014,932,344 | ---- | C] () -- C:\Program Files (x86)\GENERAL.MIX
[2010/12/17 22:56:03 | 000,054,335 | ---- | C] () -- C:\Program Files (x86)\EDHI.MIX
[2010/12/17 22:56:03 | 000,008,230 | ---- | C] () -- C:\Program Files (x86)\EDLO.MIX
[2010/12/17 22:56:02 | 002,177,047 | ---- | C] () -- C:\Program Files (x86)\CONQUER.MIX
[2010/12/17 22:55:50 | 000,025,902 | ---- | C] () -- C:\Program Files (x86)\THIPX32.DLL
[2010/12/17 22:55:50 | 000,014,848 | ---- | C] () -- C:\Program Files (x86)\RESLIB.DLL
[2010/12/17 22:55:50 | 000,004,192 | ---- | C] () -- C:\Program Files (x86)\THIPX16.DLL
[2010/12/17 22:55:49 | 025,046,328 | ---- | C] () -- C:\Program Files (x86)\REDALERT.MIX
[2010/12/17 22:55:49 | 002,375,680 | ---- | C] () -- C:\Program Files (x86)\Ra95.exe
[2010/12/17 22:55:49 | 000,261,425 | ---- | C] () -- C:\Program Files (x86)\HMIDRV.386
[2010/12/17 22:55:49 | 000,108,498 | ---- | C] () -- C:\Program Files (x86)\RASETUP.EXE
[2010/12/17 22:55:49 | 000,083,152 | ---- | C] () -- C:\Program Files (x86)\HMIDET.386
[2010/12/17 22:55:49 | 000,002,254 | ---- | C] () -- C:\Program Files (x86)\REDALERT.INI
[2010/12/17 22:55:48 | 002,430,823 | ---- | C] () -- C:\Program Files (x86)\GAME.DAT
[2010/12/17 22:55:48 | 001,165,315 | ---- | C] () -- C:\Program Files (x86)\EDIT.DAT
[2010/12/17 22:55:48 | 000,870,400 | ---- | C] () -- C:\Program Files (x86)\EDWIN.EXE
[2010/12/17 00:46:03 | 000,010,291 | ---- | C] () -- C:\Users\Owner\Documents\nostalgic games.docx
[2010/12/16 23:28:51 | 000,034,304 | ---- | C] () -- C:\Users\Owner\Documents\final study sheet here.doc
[2010/12/16 01:13:18 | 000,029,577 | ---- | C] () -- C:\Users\Owner\maxout.gnuplot
[2010/12/16 00:48:59 | 000,123,080 | ---- | C] () -- C:\Users\Owner\sdfplot.ps
[2010/12/16 00:46:12 | 000,000,086 | ---- | C] () -- C:\Users\Owner\maxout.xmaxima
[2010/12/15 23:36:37 | 000,001,010 | ---- | C] () -- C:\Users\Owner\Desktop\wxMaxima.lnk
[2010/12/15 05:59:07 | 000,367,104 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/12/15 05:59:07 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/12/15 05:59:06 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/12/15 05:59:02 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe
[2010/12/15 05:59:00 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/12/15 05:58:56 | 009,259,520 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/12/15 05:58:52 | 012,474,368 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/12/15 05:58:51 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/12/15 05:58:49 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/12/15 05:58:43 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/12/15 05:58:42 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/12/15 05:58:42 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/12/15 05:58:42 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/12/15 05:58:41 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/12/15 05:58:41 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/12/15 05:58:41 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/12/15 05:58:41 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2010/12/15 05:58:41 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/15 05:58:40 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/12/15 05:58:40 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/12/15 05:58:40 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/12/15 05:58:40 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/12/15 05:58:40 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/12/15 05:58:40 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/12/15 05:58:39 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/12/15 05:58:39 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/12/15 05:58:39 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/12/15 05:58:38 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/12/15 05:58:38 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/12/15 05:58:25 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/12/15 05:57:39 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll
[2010/12/15 05:57:39 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll
[2010/12/15 05:57:39 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/15 05:57:37 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll
[2010/12/15 05:57:37 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe
[2010/12/05 18:30:13 | 000,011,322 | ---- | C] () -- C:\Users\Owner\Documents\scdule spring 2011.xlsx
[2010/12/05 18:27:58 | 000,014,075 | ---- | C] () -- C:\Users\Owner\Documents\crn spring 2011.docx
[2010/12/04 00:52:24 | 2145,968,128 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/01 13:39:06 | 000,164,304 | ---- | C] () -- C:\Windows\SysNative\drivers\VBoxNetFlt.sys
[2010/12/01 13:39:06 | 000,144,784 | ---- | C] () -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010/12/01 13:39:04 | 000,318,992 | ---- | C] () -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010/11/25 11:41:50 | 000,012,241 | ---- | C] () -- C:\Users\Owner\Documents\eval.docx
[2010/11/25 00:20:01 | 000,000,010 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\install
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/08 00:46:15 | 000,009,692 | -HS- | C] () -- C:\Users\Owner\AppData\Local\ksY41JP0et2Ke
[2010/02/13 19:14:42 | 000,008,344 | -HS- | C] () -- C:\Users\Owner\AppData\Local\GGru612642m
[2009/06/22 11:35:59 | 000,058,039 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/22 11:35:59 | 000,058,039 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/28 14:15:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/12/09 16:41:40 | 000,027,193 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheckdotnetfx30.txt
[2008/12/09 16:41:34 | 000,032,900 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3install.txt
[2008/12/09 16:41:34 | 000,001,578 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2008/12/09 16:41:34 | 000,000,604 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3error.txt
[2008/10/11 09:16:11 | 000,000,100 | ---- | C] () -- C:\Windows\wininit.ini
[2008/09/15 21:44:31 | 000,437,084 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI67DC.txt
[2008/09/15 21:44:31 | 000,011,364 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI67DC.txt
[2008/09/15 21:43:55 | 004,677,647 | ---- | C] () -- C:\Windows\SysWow64\kbpwprinc.dll
[2008/09/15 14:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/15 14:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/07/15 21:34:35 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2008/06/30 20:28:06 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2008/06/30 20:28:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2008/06/11 13:55:04 | 000,041,296 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2008/05/29 17:27:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/05/29 17:27:17 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/04/20 22:17:08 | 003,426,594 | ---- | C] () -- C:\Program Files\GameBi~1.cab
[2008/04/20 22:17:08 | 000,077,824 | ---- | C] () -- C:\Program Files\1040.mst
[2008/04/20 22:17:08 | 000,077,312 | ---- | C] () -- C:\Program Files\1036.mst
[2008/04/20 22:17:08 | 000,077,312 | ---- | C] () -- C:\Program Files\1034.mst
[2008/04/20 22:17:08 | 000,036,603 | ---- | C] () -- C:\Program Files\Docume~1.cab
[2008/04/20 22:17:08 | 000,003,584 | ---- | C] () -- C:\Program Files\2057.mst
[2008/03/11 21:32:51 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll
[2008/03/11 21:32:51 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2008/03/11 21:32:40 | 000,151,040 | -HS- | C] () -- C:\Windows\SysWow64\VistaUltm.dll
[2008/03/11 21:32:40 | 000,027,648 | -HS- | C] () -- C:\Windows\SysWow64\Smab0.dll
[2008/03/11 21:31:41 | 000,077,824 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 20:06:29 | 000,001,614 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/11/22 12:24:57 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2007/11/21 21:54:54 | 000,621,228 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2007/10/28 15:50:43 | 000,000,080 | ---- | C] () -- C:\Windows\CoD.ini
[2007/10/21 19:23:25 | 000,000,117 | ---- | C] () -- C:\Program Files\checksum.sfv
[2007/10/21 19:22:44 | 000,472,310 | ---- | C] () -- C:\Program Files\bf2_gamcenter_installer.bmp
[2007/10/19 19:03:10 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2007/08/21 08:29:45 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2007/08/21 08:01:16 | 000,001,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2004/02/11 15:14:06 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\ua_lsp.dll

< End of report >



no extra.txt file opened, minimized or otherwise.

Edited by xer 21, 24 December 2010 - 05:14 PM.


#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:31 AM

Posted 25 December 2010 - 07:57 PM

Hi xer 21,

We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

#5 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 26 December 2010 - 06:10 PM

ok, i'll post that log later today. just got back home from a short trip.

#6 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:31 AM

Posted 26 December 2010 - 06:39 PM

Ok, I'll be waiting for it.

#7 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 27 December 2010 - 07:09 PM

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-27 14:07:51
Windows 6.0.6001 Service Pack 1
Running: hg3inld0.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFC 0x53 0xBA 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0xFC 0x69 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0xFC 0x58 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2C 0xB4 0xBA 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFC 0x53 0xBA 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0xFC 0x69 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0xFC 0x58 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2C 0xB4 0xBA 0xA4 ...

---- EOF - GMER 1.0.15 ----

#8 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:31 AM

Posted 28 December 2010 - 07:12 AM

I see no evidence of infection :(

Let's take a deeper look:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

#9 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 28 December 2010 - 03:27 PM

Well I'll run combofix in a bit but I'm wondering about the skypenames issue. No matter what I do it doesn't go away. And I'm still getting popups at random times every so often, so I'm a bit confused here.

#10 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:31 AM

Posted 28 December 2010 - 08:20 PM

We can remove the skypenames plugin with combofix ;)

#11 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 29 December 2010 - 12:25 AM

i m having problems getting combofix to run. even when i turn active scanning off on microsoft securtiy essentials, it still says its running and detected by combofix. then, when it runs, some random exe says its stopped working, one of them was REG.exe other times its soem random looking combo of letters and numbers. then it asks if iwas trying to run "CFSscript" because "CFSscript appears misspelled. then combofix closes.

#12 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:31 AM

Posted 29 December 2010 - 06:24 PM

Hi xer21,


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Please Update MalwareBytes this way:

- Open Malwarebytes
- Select the Update tab
- Click on <Check for Update>
- Let it update to the latest version

Once the program is updated, select the "Scanner tab, then, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Edited by Judicandus, 29 December 2010 - 06:24 PM.


#13 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 31 December 2010 - 05:19 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:20 PM, on 12/31/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportshawaii.com/sh/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files (x86)\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Registration .LNK = C:\Program Files (x86)\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1caf22fe87deda4) (gupdate1caf22fe87deda4) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kinetic Books License Service - Kinetic Books - C:\Program Files (x86)\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 13086 bytes

the MBAM scan is still running.

#14 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 04 January 2011 - 04:51 PM

so mbam removed some still, but im still having problems. and i cant get combofix to run still.

#15 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:31 AM

Posted 04 January 2011 - 08:09 PM

Hi xer21,

Please post the malwarebytes log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users