Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RE: Please need help


  • This topic is locked This topic is locked
25 replies to this topic

#1 LouieSchwann

LouieSchwann

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 18 April 2012 - 05:24 AM

Sorry it took a while. I was grounded. =w=
Okay, so here is the results...


Hope it helps to find a solution for my computer. Thanks in advance. :D

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:42 AM

Posted 22 April 2012 - 06:24 PM

Hello LouieSchwann, and welcome to the Malware Removal Forums!

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

Did you not get an Attach.txt while running DDS? Please post that here if you could!

==========

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing these steps I will review your topic an do my best to resolve your issues.

  • If you have already posted a DDS log, please run a fresh scan and post it here, as your situation may have changed.
  • Please Copy/Paste your logs anytime you can instead of attaching them!!

bloopie

#3 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 22 April 2012 - 11:49 PM

Thanks for replying, bloopie. Actually, I just downloaded HiJackThis and performed a scan.. but I didn't do any steps at all. I remember that one should be careful dealing with HiJackThis. I scanned my computer using Microsoft Security Essentials. It's the only anti-virus software that's installed in our netbook. That's the only things I've done so far. And yes, I still have our Windows 7 installer here. My only problems was.. I just feel that my computer is getting slow and even my internet. So I thought of it as a Malware or something. That's why I asked help here. I had the same problems like this back then. We always do reformat with the help of a computer programmer a lot of times. I'm just an amateur computer specialist or something and I have a concern for my computer that I don't want to reformat again and again. Unless, it really needs reformat because of broken stuff or something.

And oh uh, this is the results of the newly DDS scan I performed earlier.

This is what the DDS file contains:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by lenovo at 12:34:48 on 2012-04-23
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.570 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "c:\users\lenovo\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Google Update] "c:\users\lenovo\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3AB21E5E-068E-455A-B5C2-984D1FCE033B} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lenovo\appdata\roaming\mozilla\firefox\profiles\6lqnr30d.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\users\lenovo\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\lenovo\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\lenovo\appdata\roaming\igg\web3d\1.0.0.37\NPIGGWeb3DUpdater.dll
FF - plugin: c:\users\lenovo\appdata\roaming\igg\web3d\1.0.0.37\NPJoyConnectShell.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsla91234b2;MpKsla91234b2;c:\programdata\microsoft\microsoft antimalware\definition updates\{b2920901-e568-48db-a957-221ec36ea7ac}\MpKsla91234b2.sys [2012-4-23 29904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-1-20 23136]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-19 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-19 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-1-7 166912]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
SUnknown MpKsl10c3f345;MpKsl10c3f345; [x]
.
=============== Created Last 30 ================
.
2012-04-23 04:17:51 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b2920901-e568-48db-a957-221ec36ea7ac}\MpKsla91234b2.sys
2012-04-22 21:06:43 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b2920901-e568-48db-a957-221ec36ea7ac}\mpengine.dll
2012-04-15 20:50:31 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-13 05:52:49 583577322 ----a-w- C:\wl_setup_6.0.2_20120331.exe
2012-04-09 06:19:24 -------- d-----w- c:\program files\Audacity
2012-04-05 06:51:54 -------- d-----w- c:\program files\Cheat Engine 6.1
.
==================== Find3M ====================
.
2012-04-15 20:54:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 08:38:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:36:36.28 ===============


And this the Attach.txt file contains:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 1/7/2012 2:08:00 PM
System Uptime: 4/23/2012 4:53:01 AM (8 hours ago)
.
Motherboard: LENOVO | | Mariana2
Processor: Intel® Atom™ CPU N280 @ 1.66GHz | CPU | 1333/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 98.357 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl10c3f345
Device ID: ROOT\LEGACY_MPKSL10C3F345\0000
Manufacturer:
Name: MpKsl10c3f345
PNP Device ID: ROOT\LEGACY_MPKSL10C3F345\0000
Service: MpKsl10c3f345
.
==== System Restore Points ===================
.
RP46: 4/13/2012 4:33:19 PM - Windows Update
RP47: 4/15/2012 4:38:54 AM - Windows Update
RP48: 4/19/2012 2:59:32 AM - Windows Update
RP49: 4/23/2012 5:05:51 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Broadcom 802.11 Wireless Driver
CameraRecoder
CCleaner
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon Nest SEA
Facebook Video Calling 1.2.0.159
Game Booster 3
Google Chrome
Google Update Helper
IGG Web3D Player version 1.0.0.37
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 31
K-Lite Codec Pack 8.1.0 (Full)
Microsoft Antimalware
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Mozilla Firefox 11.0 (x86 en-US)
osu!
PhotoScape
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype Click to Call
Skype™ 5.8
Synaptics Pointing Device Driver
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VLC media player 1.1.11
WinRAR 4.11 (32-bit)
YouTube Downloader 3.5
.
==== Event Viewer Messages From Past Week ========
.
4/23/2012 4:53:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
4/19/2012 2:48:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/16/2012 4:49:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

That's all of the things you've requested. I hope it helps on fixing my computer. Thanks in advance. :D

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:42 AM

Posted 23 April 2012 - 07:50 AM

Hi again LouieSchwann,

Your logs are looking pretty clean, however we need to discuss a couple of things:

Going over your logs I noticed that you have utorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall utorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Also, please refrain from using CCleaner's registry cleaning utility. One minor mistake in your registry and your computer could be rendered unbootable, and those programs are not fool-proof!

==========

We need to create an OTL Report for a deeper look on your machine
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Things I would like to see in your next reply!
  • OTL.txt
  • Extra.txt
bloopie

#5 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 24 April 2012 - 04:04 PM

I downloaded OTL.exe.. I tried to check the "Scan all users" and started a scan. It goes nice and smoothly at first but
when it says, "Scanning Modules," it eventually stops and goes into "Not Responding" status. How can I continue scanning?
:wacko:

Edited by LouieSchwann, 24 April 2012 - 04:05 PM.


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:42 AM

Posted 24 April 2012 - 04:13 PM

Hello again,

Right-click the OTL.exe from your desktop, and delete it.

Then download a fresh copy from here, and try to run the scan again following the directions from my last post.

bloopie

#7 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 25 April 2012 - 11:47 PM

It still stucked in there. What should I do now, sir? And desktop.ini start to appear on my desktop. How to hide those?

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:42 AM

Posted 26 April 2012 - 01:11 PM

Hello again,

I appreciate you taking the time to stick with me! Rest assured I will stay with you until we fix your machine, or I will direct you to another forum so that you get the best help we can offer! :thumbup2:

That file popping up seems to be a result of OTL not completing it's run, so lets try the following:

===========

Try to run OTL in safemode. Then post the resultant log here for review if successful.

Also, as another check, please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply along with the OTL.txt.

bloopie

#9 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 26 April 2012 - 03:22 PM

It worked! As for the desktop.ini, it suddenly appeared when I did something in my desktop. I forgot what it is but after that happened it started to re-appear again and again even after I hide it. I don't know how to deal with it.
And after scanning, I saw this MBR.dat. What is this sort of file? I won't give up on this problem.


Anyways, this is the OTL.txt:

OTL logfile created on: 4/27/2012 3:32:03 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\lenovo\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.95 Mb Total Physical Memory | 590.98 Mb Available Physical Memory | 58.28% Memory free
1.99 Gb Paging File | 1.59 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 97.43 Gb Free Space | 65.41% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: lenovo | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\lenovo\Downloads\OTL(1).exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 43 F1 06 1A 1C CD 01 [binary data]
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\lenovo\AppData\Roaming\IGG\Web3D\1.0.0.37\NPIGGWeb3DUpdater.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\lenovo\AppData\Roaming\IGG\Web3D\1.0.0.37\NPJoyConnectShell.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lenovo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lenovo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 12:44:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/07 16:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Extensions
[2012/04/26 05:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\6lqnr30d.default\extensions
[2012/03/18 05:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/15 07:44:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/26 12:44:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 12:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 12:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: IGG Web3D Updater NP Plugin for Mozilla (Enabled) = C:\Users\lenovo\AppData\Roaming\IGG\Web3D\1.0.0.37\NPIGGWeb3DUpdater.dll
CHR - plugin: JoyConnect NP Plugin for Mozilla (Enabled) = C:\Users\lenovo\AppData\Roaming\IGG\Web3D\1.0.0.37\NPJoyConnectShell.dll
CHR - Extension: YouTube = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Paghahanap sa Google = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Paghahanap sa Google = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000..\Run: [Facebook Update] C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AB21E5E-068E-455A-B5C2-984D1FCE033B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 12:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/26 12:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/25 04:53:38 | 000,000,000 | ---D | C] -- C:\Users\lenovo\AppData\Local\ElevatedDiagnostics
[2012/04/16 04:50:31 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/15 07:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/15 07:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/13 13:52:49 | 583,577,322 | ---- | C] (IGG,Inc. ) -- C:\wl_setup_6.0.2_20120331.exe
[2012/04/09 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\lenovo\AppData\Roaming\Audacity
[2012/04/09 14:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012/04/05 14:53:11 | 000,000,000 | ---D | C] -- C:\Users\lenovo\Documents\My Cheat Tables
[2012/04/05 14:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.1
[2012/04/04 18:25:00 | 000,000,000 | ---D | C] -- C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnH Solutions

========== Files - Modified Within 30 Days ==========

[2012/04/27 03:30:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/27 03:30:00 | 797,405,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/27 03:06:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 02:57:24 | 000,017,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 02:57:24 | 000,017,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 02:54:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/27 02:50:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 20:35:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2630626476-2545431373-2476714586-1000UA.job
[2012/04/26 20:34:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2630626476-2545431373-2476714586-1000UA.job
[2012/04/26 05:35:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2630626476-2545431373-2476714586-1000Core.job
[2012/04/26 05:34:28 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2630626476-2545431373-2476714586-1000Core.job
[2012/04/23 08:47:33 | 000,617,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/23 08:47:33 | 000,104,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/16 15:43:53 | 000,002,368 | ---- | M] () -- C:\Users\lenovo\Desktop\Google Chrome.lnk
[2012/04/16 04:54:58 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/16 04:54:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/15 07:44:03 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/13 15:50:36 | 583,577,322 | ---- | M] (IGG,Inc. ) -- C:\wl_setup_6.0.2_20120331.exe

========== Files Created - No Company Name ==========

[2012/04/16 04:50:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/15 07:44:03 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/07 15:41:09 | 000,000,124 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2012/01/07 15:01:43 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/07 15:01:40 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/01/07 15:01:40 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/01/07 15:01:40 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== Files - Unicode (All) ==========
[2012/02/03 21:10:58 | 008,515,224 | ---- | M] ()(C:\Users\lenovo\Documents\????????????.mp3) -- C:\Users\lenovo\Documents\コネクト【カラオケ字幕】.mp3
[2012/02/03 21:09:26 | 008,515,224 | ---- | C] ()(C:\Users\lenovo\Documents\????????????.mp3) -- C:\Users\lenovo\Documents\コネクト【カラオケ字幕】.mp3
[2012/02/03 21:09:03 | 009,362,845 | ---- | M] ()(C:\Users\lenovo\Documents\Super Junior ?????_Mr.Simple_MUSICVIDEO.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_Mr.Simple_MUSICVIDEO.mp3
[2012/02/03 21:08:31 | 006,515,869 | ---- | M] ()(C:\Users\lenovo\Documents\Super Junior ?????_SUPERMAN_MUSIC VIDEO.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_SUPERMAN_MUSIC VIDEO.mp3
[2012/02/03 21:06:03 | 006,515,869 | ---- | C] ()(C:\Users\lenovo\Documents\Super Junior ?????_SUPERMAN_MUSIC VIDEO.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_SUPERMAN_MUSIC VIDEO.mp3
[2012/02/03 21:06:02 | 006,481,309 | ---- | M] ()(C:\Users\lenovo\Documents\Super Junior ?????_A-CHA_Music Video.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_A-CHA_Music Video.mp3
[2012/02/03 21:05:38 | 009,362,845 | ---- | C] ()(C:\Users\lenovo\Documents\Super Junior ?????_Mr.Simple_MUSICVIDEO.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_Mr.Simple_MUSICVIDEO.mp3
[2012/02/03 21:04:28 | 006,481,309 | ---- | C] ()(C:\Users\lenovo\Documents\Super Junior ?????_A-CHA_Music Video.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_A-CHA_Music Video.mp3
[2012/02/03 20:12:55 | 008,803,992 | ---- | M] ()(C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (????) + Mp3 Download and Lyrics.mp3) -- C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (그리워서) + Mp3 Download and Lyrics.mp3
[2012/02/03 20:08:24 | 008,803,992 | ---- | C] ()(C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (????) + Mp3 Download and Lyrics.mp3) -- C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (그리워서) + Mp3 Download and Lyrics.mp3
[2012/02/03 19:44:47 | 015,370,116 | ---- | M] ()(C:\Users\lenovo\Documents\????????????.flv) -- C:\Users\lenovo\Documents\コネクト【カラオケ字幕】.flv
[2012/02/03 19:40:47 | 015,370,116 | ---- | C] ()(C:\Users\lenovo\Documents\????????????.flv) -- C:\Users\lenovo\Documents\コネクト【カラオケ字幕】.flv
[2012/02/03 19:10:57 | 012,591,275 | ---- | M] ()(C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (????) + Mp3 Download and Lyrics.flv) -- C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (그리워서) + Mp3 Download and Lyrics.flv
[2012/02/03 19:03:09 | 012,591,275 | ---- | C] ()(C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (????) + Mp3 Download and Lyrics.flv) -- C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (그리워서) + Mp3 Download and Lyrics.flv
[2012/02/03 18:48:23 | 079,461,239 | ---- | M] ()(C:\Users\lenovo\Documents\Super Junior ?????_SUPERMAN_MUSIC VIDEO.mp4) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_SUPERMAN_MUSIC VIDEO.mp4
[2012/02/03 18:39:47 | 073,145,867 | ---- | M] ()(C:\Users\lenovo\Documents\Super Junior ?????_A-CHA_Music Video.mp4) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_A-CHA_Music Video.mp4
[2012/02/03 18:31:56 | 079,461,239 | ---- | C] ()(C:\Users\lenovo\Documents\Super Junior ?????_SUPERMAN_MUSIC VIDEO.mp4) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_SUPERMAN_MUSIC VIDEO.mp4
[2012/02/03 18:31:48 | 099,030,277 | ---- | M] ()(C:\Users\lenovo\Documents\Super Junior ?????_Mr.Simple_MUSICVIDEO.mp4) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_Mr.Simple_MUSICVIDEO.mp4
[2012/02/03 18:16:47 | 073,145,867 | ---- | C] ()(C:\Users\lenovo\Documents\Super Junior ?????_A-CHA_Music Video.mp4) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_A-CHA_Music Video.mp4
[2012/02/03 17:34:30 | 099,030,277 | ---- | C] ()(C:\Users\lenovo\Documents\Super Junior ?????_Mr.Simple_MUSICVIDEO.mp4) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_Mr.Simple_MUSICVIDEO.mp4

< End of report >

This is the Extra.txt:

OTL Extras logfile created on: 4/27/2012 3:32:03 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\lenovo\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.95 Mb Total Physical Memory | 590.98 Mb Available Physical Memory | 58.28% Memory free
1.99 Gb Paging File | 1.59 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 97.43 Gb Free Space | 65.41% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: lenovo | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D0A154F-9B41-4E02-91C4-665C8CC631EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097BCBED-F70B-48E4-82B4-93F429DD4EF1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1E2DAC05-833B-496C-868E-4E54BF4E2B4F}" = protocol=17 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe |
"{407240BA-C66B-47DB-A8DC-2E18358E078F}" = dir=in | app=c:\users\lenovo\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{475B1071-640D-40A6-967A-2C0B2C1B298E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54A06DB2-F16B-49F5-BE61-251416A764FC}" = protocol=6 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe |
"{6B719AE1-1515-41D6-B4C7-0FF31130A39E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C3B58F6E-3247-4F1B-93BD-54B04780C1B6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D132FA8F-DCE9-402A-869C-BC9C6C2185E6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1A1C76-89EB-4073-83C2-7C66BED7A96D}" = CameraRecoder
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Game Booster_is1" = Game Booster 3
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IGG Web3D Player_is1" = IGG Web3D Player version 1.0.0.37

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2012 4:58:36 PM | Computer Name = lenovo-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/24/2012 5:01:18 PM | Computer Name = lenovo-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.41.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: fc4 Start Time:
01cd225d4cdd8c58 Termination Time: 31 Application Path: C:\Users\lenovo\Downloads\OTL.exe

Report
Id: 9d3d0680-8e50-11e1-b6f8-002622d17565

Error - 4/24/2012 5:02:00 PM | Computer Name = lenovo-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.41.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: b90 Start Time:
01cd225d6a1396b8 Termination Time: 0 Application Path: C:\Users\lenovo\Downloads\OTL.exe

Report
Id: b6e361d8-8e50-11e1-b6f8-002622d17565

Error - 4/24/2012 6:11:43 PM | Computer Name = lenovo-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/25/2012 5:02:44 PM | Computer Name = lenovo-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/25/2012 5:05:39 PM | Computer Name = lenovo-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e40 Start Time:
01cd2326ecceb83e Termination Time: 16 Application Path: C:\Users\lenovo\Downloads\OTL.exe

Report
Id: 632c6906-8f1a-11e1-b4e9-002622d17565

Error - 4/26/2012 12:44:58 AM | Computer Name = lenovo-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/26/2012 3:16:20 AM | Computer Name = lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/26/2012 4:10:16 AM | Computer Name = lenovo-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 690 Start
Time: 01cd23671c2f2797 Termination Time: 351 Application Path: C:\Windows\Explorer.EXE

Report
Id: 33a9d616-8f77-11e1-b62a-002622d17565

Error - 4/26/2012 2:51:37 PM | Computer Name = lenovo-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/2/2012 11:26:57 PM | Computer Name = lenovo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/3/2012 3:45:33 AM | Computer Name = lenovo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/3/2012 2:44:44 PM | Computer Name = lenovo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/3/2012 9:43:57 PM | Computer Name = lenovo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/3/2012 9:43:57 PM | Computer Name = lenovo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/3/2012 9:43:58 PM | Computer Name = lenovo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/3/2012 9:43:58 PM | Computer Name = lenovo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/4/2012 4:21:42 PM | Computer Name = lenovo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/4/2012 10:33:08 PM | Computer Name = lenovo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/5/2012 1:07:07 AM | Computer Name = lenovo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >

And finally, the aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 03:39:00
-----------------------------
03:39:00.466 OS Version: Windows 6.1.7601 Service Pack 1
03:39:00.466 Number of processors: 2 586 0x1C02
03:39:00.466 ComputerName: LENOVO-PC UserName: lenovo
03:39:01.714 Initialize success
03:39:22.306 AVAST engine download error: 0
03:39:34.334 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
03:39:34.334 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 00000009 Size: 152627MB BusType: 11
03:39:34.365 Disk 0 MBR read successfully
03:39:34.381 Disk 0 MBR scan
03:39:34.381 Disk 0 Windows 7 default MBR code
03:39:34.412 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
03:39:34.443 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
03:39:34.443 Disk 0 scanning sectors +312578048
03:39:34.537 Disk 0 scanning C:\Windows\system32\drivers
03:39:40.184 Service scanning
03:39:48.405 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
03:39:59.450 Modules scanning
03:40:07.811 Disk 0 trace - called modules:
03:40:07.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
03:40:07.874 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84042030]
03:40:07.889 3 CLASSPNP.SYS[8727459e] -> nt!IofCallDriver -> [0x83f5ac10]
03:40:07.905 5 ACPI.sys[86a223d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x832a6030]
03:40:07.936 Scan finished successfully
03:40:19.777 Disk 0 MBR has been saved successfully to "C:\Users\lenovo\Downloads\MBR.dat"
03:40:19.792 The log file has been saved successfully to "C:\Users\lenovo\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 04:05:49
-----------------------------
04:05:49.280 OS Version: Windows 6.1.7601 Service Pack 1
04:05:49.280 Number of processors: 2 586 0x1C02
04:05:49.280 ComputerName: LENOVO-PC UserName: lenovo
04:06:03.008 Initialize success
04:06:04.880 AVAST engine download error: 0
04:06:12.960 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
04:06:12.960 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 00000009 Size: 152627MB BusType: 11
04:06:12.992 Disk 0 MBR read successfully
04:06:13.007 Disk 0 MBR scan
04:06:13.007 Disk 0 Windows 7 default MBR code
04:06:13.038 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
04:06:13.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
04:06:13.070 Disk 0 scanning sectors +312578048
04:06:13.163 Disk 0 scanning C:\Windows\system32\drivers
04:06:18.810 Service scanning
04:06:26.423 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
04:06:36.298 Modules scanning
04:06:44.238 Disk 0 trace - called modules:
04:06:44.285 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
04:06:44.316 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84044030]
04:06:44.332 3 CLASSPNP.SYS[8726959e] -> nt!IofCallDriver -> [0x83f68918]
04:06:44.363 5 ACPI.sys[86a173d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x83f56030]
04:06:44.394 Scan finished successfully
04:07:03.177 Disk 0 MBR has been saved successfully to "C:\Users\lenovo\Downloads\MBR.dat"
04:07:03.208 The log file has been saved successfully to "C:\Users\lenovo\Downloads\aswMBR.txt"

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:42 AM

Posted 26 April 2012 - 08:57 PM

Hi there,

Those logs aren't showing much there we need to worry about.

The MBR.dat file you are seeing is a copy of your Master Boot Record produced by the aswMBR I had you run. Not a problem there.

About your desktop.ini file, we could use a registry file to see if that will cure it.

==========

:step1:
Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Open Erunt.exe (use the shortcut on your desktop if you used the installer). Follow the prompts leaving the values at default.

==========

:step2:
Click the following link to download and save it to your desktop:
download

  • Right-click on the downloaded .reg file and click on Merge.
  • Click on Run, Yes, Yes, and OK when prompted.
  • Restart the computer to apply.
  • When done, you can delete the downloaded .reg file if you like.

==========

:step3:
Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Other Troubleshooting Tips:
==========

:step4:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

==========

In your next reply please include:

  • The MBAM log
  • The ESET log
  • Please tell me how your computer is running now and if you had any problems with the above instructions!

bloopie

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:42 AM

Posted 29 April 2012 - 05:33 PM

Hello again,

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, we will be forced to close this topic!

bloopie

Edited by bloopie, 29 April 2012 - 07:15 PM.


#12 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 01 May 2012 - 01:30 AM

Ahh. Sorry, Sorry. I was getting grounded sometimes..
@_@
I think I messed up. There was a random message everytime I booted my netbook. ERUNT can't do a backup anymore..
But before that, I already made a backup.. I still didn't done the Malwarebytes scan. I'm so scared. Should I still continue to scan? @_@

EDIT: Gah. I tried scanning on normal mode. Malwarebytes scan comes into "Not Responding" state. Even the Malwarebytes Chameleon. So, I tried it in Safe Mode. The results were fine.. But I doubt that it's not legit. What should I do now? Should I post the results here? @_@

Edited by LouieSchwann, 01 May 2012 - 03:23 AM.


#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:42 AM

Posted 01 May 2012 - 08:20 PM

Hi again,

Don't worry, stay calm and we'll see if we can get you fixed up, okay?

Could you please tell me the exact random message you are receiving on bootup? Write it down or take a screenshot to show me please.

Does ERUNT give you any kind of error message?

==========

And yes, please post the results of the MBAM scan you ran in safemode. :thumbup2:

bloopie

#14 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 02 May 2012 - 03:24 AM

Err.. Bloopie, sir. I can only put the MBAM scan log here. I scanned my system with the ESET online scanner but.. I can't access it's scan logs. All I can see is the finish button right after the scan and nothing follows. I might give the screenshot tomorrow.. On my time, it's GMT + 8.. so right now it's 4:21pm. After 10 hours or so, I might edit this reply and put the screenie.

Anyways, here's the MBAM scan log. @_@

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
lenovo :: LENOVO-PC [administrator]

Protection: Disabled

5/1/2012 3:35:01 PM
mbam-log-2012-05-01 (15-35-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243159
Time elapsed: 34 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:42 AM

Posted 02 May 2012 - 02:46 PM

Hi again,

I scanned my system with the ESET online scanner but.. I can't access it's scan logs.

That's okay, a log will not be produced if nothing is found so that's good. :thumbup2:

I might give the screenshot tomorrow.

No problem, take your time. As long as you don't disappear for five days the thread will be open (I'll give you a three day bump in the middle as you've already seen). :wink:

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users