Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help removing hijack.folderoptions

Started by tubui , Aug 29 2010 11:16 PM

Please log in to reply

#1
tubui

Posted 29 August 2010 - 11:16 PM

Member

Member
156 posts

Hi, I need desperate help. I was just attacked by a swarm of malaware, and I used Malwarebytes to remove it but 2 problems exist still:
1. the infected registry key hijack.folderoptions
2. I keep getting Windows Explorer has stopped working, and it would freeze my desktop until I click restart the program.

My Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4504

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/29/2010 11:26:28 PM
mbam-log-2010-08-29 (23-26-28).txt

Scan type: Quick scan
Objects scanned: 130285
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I updated it to the latest definition.

My OS is Win7 Ultimate 64bit.

Please help!!! Thank you.

#2
emeraldnzl

Posted 30 August 2010 - 01:22 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hi tubui,

This won't fix you machines problems but it will give me a chance to have a look at what is going on. Tell me if you have problems running this tool.

Now

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so.

o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

#3
tubui

Posted 30 August 2010 - 02:08 AM

Member

Topic Starter
Member
156 posts

Hi. I was unable to scan because it would freeze up due to the "windows explorer has stopped working" error. So I did taskmgr and end process to explorer.exe and then I opened OTL using open a process. Hope this doesn't do anything. Posting logs soon.

#4
tubui

Posted 30 August 2010 - 02:10 AM

Member

Topic Starter
Member
156 posts

OTL txt

OTL logfile created on: 8/30/2010 4:07:35 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Tu Bui\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 73.00% Memory free
24.00 Gb Paging File | 21.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 40.01 Gb Free Space | 53.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 931.51 Gb Total Space | 550.51 Gb Free Space | 59.10% Space Free | Partition Type: NTFS

Computer Name: TUBUI-SUPERPC
Current User Name: Tu Bui
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/30 04:04:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tu Bui\Desktop\OTL.exe
PRC - [2010/08/24 16:34:19 | 001,242,448 | ---- | M] (Valve Corporation) -- Z:\Steam\Steam.exe
PRC - [2010/07/23 19:33:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/23 19:33:52 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/19 18:58:46 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/09 01:18:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2010/05/20 15:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/04/19 16:54:07 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/20 07:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

========== Modules (SafeList) ==========

MOD - [2010/08/30 04:04:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tu Bui\Desktop\OTL.exe
MOD - [2010/02/14 02:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHookX32.dll
MOD - [2010/02/14 02:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll
MOD - [2009/07/13 21:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/13 21:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/13 21:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/04/06 22:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/03 16:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2010/06/19 18:58:46 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/08 23:20:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/04/06 22:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/06 21:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/20 07:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 07:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/27 02:37:14 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009/08/10 14:07:40 | 000,119,680 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 82 15 C5 58 0E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {64E27C06-0E10-4D01-96B3-BA396C439A49}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49177
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{64E27C06-0E10-4D01-96B3-BA396C439A49}: C:\Users\Tu Bui\AppData\Local\{64E27C06-0E10-4D01-96B3-BA396C439A49}\ [2010/08/29 22:02:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 19:33:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/17 10:01:37 | 000,000,000 | ---D | M]

[2010/05/11 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\Tu Bui\AppData\Roaming\Mozilla\Extensions
[2010/08/29 22:00:36 | 000,000,000 | ---D | M] -- C:\Users\Tu Bui\AppData\Roaming\Mozilla\Firefox\Profiles\oufvb1me.default\extensions
[2010/06/17 19:59:43 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Tu Bui\AppData\Roaming\Mozilla\Firefox\Profiles\oufvb1me.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/08/29 22:00:36 | 000,000,000 | ---D | M] -- C:\Users\Tu Bui\AppData\Roaming\Mozilla\Firefox\Profiles\oufvb1me.default\extensions\[email protected]
[2010/08/29 18:47:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/02 19:09:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/22 08:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/05/14 21:03:07 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Proxifier] C:\Program Files (x86)\Proxifier\Proxifier.exe (Initex Software)
O4 - HKCU..\Run: [Steam] Z:\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\PrxerDrv.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\PrxerDrv.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b6ffd1c6-63c2-11df-9f00-6cf049e44a1c}\Shell - "" = AutoRun
O33 - MountPoints2\{b6ffd1c6-63c2-11df-9f00-6cf049e44a1c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c6048c5a-6179-11df-8336-6cf049e44a1c}\Shell - "" = AutoRun
O33 - MountPoints2\{c6048c5a-6179-11df-8336-6cf049e44a1c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/30 04:04:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Tu Bui\Desktop\OTL.exe
[2010/08/29 23:16:05 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\ElevatedDiagnostics
[2010/08/29 23:10:59 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/29 22:02:00 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\{64E27C06-0E10-4D01-96B3-BA396C439A49}
[2010/08/29 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\lydvepumx
[2010/08/29 22:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/29 22:00:17 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\Windows Server
[2010/08/29 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Roaming\6D1CC5F5736EC9CE8756D4A62C9F8EDD
[2010/08/29 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\Google
[2010/08/17 10:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/08/17 10:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/08/17 10:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/08/17 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\Adobe
[2010/08/02 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Roaming\skypePM
[2010/08/02 19:09:35 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Roaming\Skype
[2010/08/02 19:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/02 19:09:18 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/08/02 19:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2010/08/30 04:08:14 | 002,359,296 | -HS- | M] () -- C:\Users\Tu Bui\NTUSER.DAT
[2010/08/30 04:04:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tu Bui\Desktop\OTL.exe
[2010/08/30 03:22:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2274480031-1119906254-3913601150-1001UA.job
[2010/08/30 02:35:46 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/30 02:35:46 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/30 02:35:46 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/29 23:32:53 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 23:32:53 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 23:27:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/29 23:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/29 23:27:45 | 1072,553,982 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/29 22:55:31 | 002,097,199 | -H-- | M] () -- C:\Users\Tu Bui\AppData\Local\IconCache.db
[2010/08/29 22:02:00 | 000,000,120 | ---- | M] () -- C:\Users\Tu Bui\AppData\Local\Hmemusef.dat
[2010/08/29 22:02:00 | 000,000,000 | ---- | M] () -- C:\Users\Tu Bui\AppData\Local\Vdekezez.bin
[2010/08/29 22:00:21 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\b8exua3.dll
[2010/08/29 19:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2274480031-1119906254-3913601150-1001Core.job
[2010/08/17 22:31:41 | 000,000,000 | RHS- | M] () -- C:\logwmemory.bin
[2010/08/02 19:10:09 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat

========== Files Created - No Company Name ==========

[2010/08/29 22:02:00 | 000,000,120 | ---- | C] () -- C:\Users\Tu Bui\AppData\Local\Hmemusef.dat
[2010/08/29 22:02:00 | 000,000,000 | ---- | C] () -- C:\Users\Tu Bui\AppData\Local\Vdekezez.bin
[2010/08/29 22:00:21 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\b8exua3.dll
[2010/08/29 19:17:35 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2274480031-1119906254-3913601150-1001UA.job
[2010/08/29 19:17:34 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2274480031-1119906254-3913601150-1001Core.job
[2010/08/09 00:51:54 | 000,000,000 | RHS- | C] () -- C:\logwmemory.bin
[2010/08/02 19:10:09 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/14 14:38:56 | 000,000,141 | ---- | C] () -- C:\Windows\RealFlight.INI
[2010/06/08 23:52:07 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini
[2010/06/08 23:37:43 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2010/06/07 05:07:01 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/05/16 17:05:40 | 000,000,600 | ---- | C] () -- C:\Users\Tu Bui\AppData\Local\PUTTY.RND
[2010/05/16 12:48:37 | 000,000,200 | ---- | C] () -- C:\Users\Tu Bui\AppData\Roaming\Current.prx
[2010/05/14 21:03:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/11 22:28:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mvcli.ini
[2010/05/11 20:49:02 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/09/29 21:44:52 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/29 23:27:45 | 1072,553,982 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/14 20:31:42 | 000,000,347 | -H-- | M] () -- C:\IPH.PH
[2010/08/17 22:31:41 | 000,000,000 | RHS- | M] () -- C:\logwmemory.bin
[2010/08/29 23:27:49 | 4293,386,238 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/02/14 03:07:34 | 000,303,616 | ---- | M] (Realtime Soft Ltd) -- C:\Windows\UltraMon.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/11 20:42:18 | 000,000,221 | -HS- | M] () -- C:\Users\Tu Bui\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/08/30 04:04:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tu Bui\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/06/26 17:24:18 | 000,013,023 | ---- | M] () -- C:\Windows\VX1000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2010/07/23 19:33:52 | 000,910,296 | ---- | M] (Mozilla Corporation) MD5=BACCDA841C689D1CBA941F478E8ED24B -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/08/23 01:59:37 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/08/23 01:59:37 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/08/23 01:59:37 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/08/23 01:59:37 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/08/23 01:59:37 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/08/23 01:59:37 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

#5
tubui

Posted 30 August 2010 - 02:11 AM

Member

Topic Starter
Member
156 posts

OTL extra

OTL Extras logfile created on: 8/30/2010 4:07:35 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Tu Bui\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 73.00% Memory free
24.00 Gb Paging File | 21.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 40.01 Gb Free Space | 53.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 931.51 Gb Total Space | 550.51 Gb Free Space | 59.10% Space Free | Partition Type: NTFS

Computer Name: TUBUI-SUPERPC
Current User Name: Tu Bui
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient CAC x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Proxifier_is1" = Proxifier version 2.91
"PunkBusterSvc" = PunkBuster Services
"RealFlightG4Pro" = RealFlight G4 R/C Simulator
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2010 2:36:20 AM | Computer Name = TuBui-SuperPC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x12e0 Faulting application start time: 0x01cb480da479d0fc Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: e5ae8e12-b400-11df-a2dc-6cf049e44a1c

Error - 8/30/2010 2:36:36 AM | Computer Name = TuBui-SuperPC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x10dc Faulting application start time: 0x01cb480dae786763 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: efafe3a3-b400-11df-a2dc-6cf049e44a1c

Error - 8/30/2010 2:36:44 AM | Computer Name = TuBui-SuperPC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xb10 Faulting application start time: 0x01cb480db5106d7a Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: f41486bb-b400-11df-a2dc-6cf049e44a1c

Error - 8/30/2010 3:26:08 AM | Computer Name = TuBui-SuperPC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x130 Faulting application start time: 0x01cb481498dbfdb7 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: db26c2c0-b407-11df-a2dc-6cf049e44a1c

Error - 8/30/2010 3:57:41 AM | Computer Name = TuBui-SuperPC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x5bc Faulting application start time: 0x01cb4819020ac905 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 43450470-b40c-11df-a2dc-6cf049e44a1c

Error - 8/30/2010 4:04:08 AM | Computer Name = TuBui-SuperPC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0xde8 Faulting application start time: 0x01cb4819eaf24292 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 29e74b58-b40d-11df-a2dc-6cf049e44a1c

Error - 8/30/2010 4:04:20 AM | Computer Name = TuBui-SuperPC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x288 Faulting application start time: 0x01cb4819effa0b06 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 31340a9f-b40d-11df-a2dc-6cf049e44a1c

Error - 8/30/2010 4:05:25 AM | Computer Name = TuBui-SuperPC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x98 Faulting application start time: 0x01cb481a166c724c Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 57a3c77c-b40d-11df-a2dc-6cf049e44a1c

Error - 8/30/2010 4:05:54 AM | Computer Name = TuBui-SuperPC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2b
Faulting
process id: 0x114c Faulting application start time: 0x01cb481a27a14ceb Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 68d2d5a5-b40d-11df-a2dc-6cf049e44a1c

Error - 8/30/2010 4:06:58 AM | Computer Name = TuBui-SuperPC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.11.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 514 Start Time:
01cb481a286ae16f Termination Time: 4 Application Path: C:\Users\Tu Bui\Desktop\OTL.exe

Report
Id: 8cfb7f81-b40d-11df-a2dc-6cf049e44a1c

[ System Events ]
Error - 8/10/2010 2:09:37 PM | Computer Name = TuBui-SuperPC | Source = SCardSvr | ID = 610
Description =

Error - 8/10/2010 2:09:37 PM | Computer Name = TuBui-SuperPC | Source = SCardSvr | ID = 610
Description =

Error - 8/10/2010 2:09:37 PM | Computer Name = TuBui-SuperPC | Source = SCardSvr | ID = 610
Description =

Error - 8/10/2010 2:09:49 PM | Computer Name = TuBui-SuperPC | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL client credential
private key. The error code returned from the cryptographic module is 0x8009030d.
The internal error state is 10003.

Error - 8/10/2010 2:14:50 PM | Computer Name = TuBui-SuperPC | Source = SCardSvr | ID = 610
Description =

Error - 8/10/2010 2:14:50 PM | Computer Name = TuBui-SuperPC | Source = SCardSvr | ID = 610
Description =

Error - 8/10/2010 2:14:50 PM | Computer Name = TuBui-SuperPC | Source = SCardSvr | ID = 610
Description =

Error - 8/29/2010 10:59:44 PM | Computer Name = TuBui-SuperPC | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%2

Error - 8/29/2010 11:27:52 PM | Computer Name = TuBui-SuperPC | Source = Service Control Manager | ID = 7000
Description = The MSCamSvc service failed to start due to the following error: %%2

Error - 8/30/2010 2:33:01 AM | Computer Name = TuBui-SuperPC | Source = DCOM | ID = 10010
Description =

< End of report >

Thank you and I hope you can help me fix this annoying problem!

#6
emeraldnzl

Posted 30 August 2010 - 02:23 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello tubui,

Please run the System File Checker to scan your system for corrupt or missing system files. Windows will replace missing/corrupt system files.

1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and select Run as Administrator.

2. Click Continue or supply Administrator credentials if prompted.

3. In the Command Prompt window type the following, and press Enter:

sfc /scannow (Note the space... it should be there)

4. You should see the following on-screen messages:

Beginning the system scan. This process will take some time.

Beginning verification phase of system scan.

Verification % complete.

5. Once the scan has completed you will receive an onscreen message resembling one of the following:

…found no integrity violations

…found corruption but repaired it

…found corruption that it could not repair

Please reply with the completion message that you received.

After that

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\{64E27C06-0E10-4D01-96B3-BA396C439A49}: C:\Users\Tu Bui\AppData\Local\{64E27C06-0E10-4D01-96B3-BA396C439A49}\ [2010/08/29 22:02:00 | 000,000,000 | ---D | M]
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

:Commands
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

By the way: You don't have to post back in quotes. It can be confusing. Just post normally.

Edited by emeraldnzl, 30 August 2010 - 02:25 AM.

#7
tubui

Posted 31 August 2010 - 07:34 AM

Member

Topic Starter
Member
156 posts

Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log

THe system file repair changes will take effect after the next reboot.

#8
tubui

Posted 31 August 2010 - 07:38 AM

Member

Topic Starter
Member
156 posts

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{64E27C06-0E10-4D01-96B3-BA396C439A49} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64E27C06-0E10-4D01-96B3-BA396C439A49}\ not found.
File C:\Users\Tu Bui\AppData\Local\{64E27C06-0E10-4D01-96B3-BA396C439A49}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ not found.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tu Bui
->Temp folder emptied: 1253226 bytes
->Temporary Internet Files folder emptied: 530517 bytes
->Java cache emptied: 14329377 bytes
->FireFox cache emptied: 88274939 bytes
->Flash cache emptied: 87456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 1586476306 bytes

Total Files Cleaned = 1,613.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.11.0 log created on 08312010_093607

Files\Folders moved on Reboot...
File\Folder C:\Users\Tu Bui\AppData\Local\Temp\~DF1278F653D326727C.TMP not found!

Registry entries deleted on Reboot...

#9
tubui

Posted 31 August 2010 - 07:46 AM

Member

Topic Starter
Member
156 posts

The Windows explorer error has gone away, but after scanning Malwarebytes again, I still get the hijack.folderoptions infected file.

#10
emeraldnzl

Posted 31 August 2010 - 02:33 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello tubui,

The Windows explorer error has gone away, but after scanning Malwarebytes again, I still get the hijack.folderoptions infected file.

Please post the log from that Malwarebytes scan you carried out.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the entire report in your next reply.

#11
tubui

Posted 31 August 2010 - 03:31 PM

Member

Topic Starter
Member
156 posts

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4513

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/31/2010 10:12:42 AM
mbam-log-2010-08-31 (10-12-42).txt

Scan type: Full scan (C:\|Z:\|)
Objects scanned: 259454
Time elapsed: 15 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12
emeraldnzl

Posted 31 August 2010 - 03:53 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello tubui,

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

:Commands
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

Next

Close all windows and open OTL again.
Click Run Scan and let the program run uninterrupted
It will produce a log for you. Post the log here.

When you return please post
OTL fix log
OTL scan log

#13
tubui

Posted 31 August 2010 - 04:37 PM

Member

Topic Starter
Member
156 posts

I did not get the fix log on reboot.

#14
tubui

Posted 31 August 2010 - 04:38 PM

Member

Topic Starter
Member
156 posts

OTL logfile created on: 8/31/2010 6:37:03 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Tu Bui\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 87.00% Memory free
24.00 Gb Paging File | 22.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 41.43 Gb Free Space | 55.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 1397.26 Gb Total Space | 48.74 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive Y: | 1397.26 Gb Total Space | 259.73 Gb Free Space | 18.59% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 550.51 Gb Free Space | 59.10% Space Free | Partition Type: NTFS

Computer Name: TUBUI-SUPERPC
Current User Name: Tu Bui
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/30 04:04:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tu Bui\Desktop\OTL.exe
PRC - [2010/08/24 16:34:19 | 001,242,448 | ---- | M] (Valve Corporation) -- Z:\Steam\Steam.exe
PRC - [2010/07/23 19:33:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/19 18:58:46 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/20 15:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/04/19 16:54:07 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/20 07:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

========== Modules (SafeList) ==========

MOD - [2010/08/30 04:04:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tu Bui\Desktop\OTL.exe
MOD - [2010/02/14 02:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHookX32.dll
MOD - [2010/02/14 02:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll
MOD - [2009/07/13 21:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/13 21:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/13 21:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/04/06 22:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/03 16:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2010/06/19 18:58:46 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/08 23:20:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/04/06 22:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/06 21:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/20 07:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 07:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/27 02:37:14 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009/08/10 14:07:40 | 000,119,680 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 82 15 C5 58 0E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49177
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 19:33:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/17 10:01:37 | 000,000,000 | ---D | M]

[2010/05/11 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\Tu Bui\AppData\Roaming\Mozilla\Extensions
[2010/08/31 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\Tu Bui\AppData\Roaming\Mozilla\Firefox\Profiles\oufvb1me.default\extensions
[2010/06/17 19:59:43 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Tu Bui\AppData\Roaming\Mozilla\Firefox\Profiles\oufvb1me.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/08/29 22:00:36 | 000,000,000 | ---D | M] -- C:\Users\Tu Bui\AppData\Roaming\Mozilla\Firefox\Profiles\oufvb1me.default\extensions\[email protected]
[2010/08/31 09:53:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/02 19:09:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/22 08:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/08/31 09:36:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Proxifier] C:\Program Files (x86)\Proxifier\Proxifier.exe (Initex Software)
O4 - HKCU..\Run: [Steam] Z:\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\PrxerDrv.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\PrxerDrv.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b6ffd1c6-63c2-11df-9f00-6cf049e44a1c}\Shell - "" = AutoRun
O33 - MountPoints2\{b6ffd1c6-63c2-11df-9f00-6cf049e44a1c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c6048c5a-6179-11df-8336-6cf049e44a1c}\Shell - "" = AutoRun
O33 - MountPoints2\{c6048c5a-6179-11df-8336-6cf049e44a1c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/31 09:35:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/30 04:04:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Tu Bui\Desktop\OTL.exe
[2010/08/29 23:16:05 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\ElevatedDiagnostics
[2010/08/29 23:10:59 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/29 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\lydvepumx
[2010/08/29 22:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/29 22:00:17 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\Windows Server
[2010/08/29 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Roaming\6D1CC5F5736EC9CE8756D4A62C9F8EDD
[2010/08/29 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\Google
[2010/08/17 10:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/08/17 10:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/08/17 10:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/08/17 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Local\Adobe
[2010/08/02 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Roaming\skypePM
[2010/08/02 19:09:35 | 000,000,000 | ---D | C] -- C:\Users\Tu Bui\AppData\Roaming\Skype
[2010/08/02 19:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/02 19:09:18 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/08/02 19:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2010/08/31 18:35:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/31 18:35:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/31 18:35:18 | 1072,553,982 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 18:34:20 | 002,359,296 | -HS- | M] () -- C:\Users\Tu Bui\NTUSER.DAT
[2010/08/31 18:22:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2274480031-1119906254-3913601150-1001UA.job
[2010/08/31 17:35:19 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 17:35:19 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 17:34:43 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/31 17:34:43 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/31 17:34:43 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/31 09:42:04 | 002,097,343 | -H-- | M] () -- C:\Users\Tu Bui\AppData\Local\IconCache.db
[2010/08/31 09:36:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/30 04:04:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tu Bui\Desktop\OTL.exe
[2010/08/29 22:02:00 | 000,000,120 | ---- | M] () -- C:\Users\Tu Bui\AppData\Local\Hmemusef.dat
[2010/08/29 22:02:00 | 000,000,000 | ---- | M] () -- C:\Users\Tu Bui\AppData\Local\Vdekezez.bin
[2010/08/29 19:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2274480031-1119906254-3913601150-1001Core.job
[2010/08/17 22:31:41 | 000,000,000 | RHS- | M] () -- C:\logwmemory.bin
[2010/08/02 19:10:09 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat

========== Files Created - No Company Name ==========

[2010/08/29 22:02:00 | 000,000,120 | ---- | C] () -- C:\Users\Tu Bui\AppData\Local\Hmemusef.dat
[2010/08/29 22:02:00 | 000,000,000 | ---- | C] () -- C:\Users\Tu Bui\AppData\Local\Vdekezez.bin
[2010/08/29 19:17:35 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2274480031-1119906254-3913601150-1001UA.job
[2010/08/29 19:17:34 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2274480031-1119906254-3913601150-1001Core.job
[2010/08/09 00:51:54 | 000,000,000 | RHS- | C] () -- C:\logwmemory.bin
[2010/08/02 19:10:09 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/14 14:38:56 | 000,000,141 | ---- | C] () -- C:\Windows\RealFlight.INI
[2010/06/08 23:52:07 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini
[2010/06/08 23:37:43 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2010/06/07 05:07:01 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/05/16 17:05:40 | 000,000,600 | ---- | C] () -- C:\Users\Tu Bui\AppData\Local\PUTTY.RND
[2010/05/16 12:48:37 | 000,000,200 | ---- | C] () -- C:\Users\Tu Bui\AppData\Roaming\Current.prx
[2010/05/14 21:03:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/11 22:28:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mvcli.ini
[2010/05/11 20:49:02 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/09/29 21:44:52 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
< End of report >

#15
tubui

Posted 31 August 2010 - 04:44 PM

Member

Topic Starter
Member
156 posts

I did not get a fixed log after running fix for OTL.exe

But I scanned Malwarebytes again and it found 0 infected files. So am I good?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4518

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/31/2010 6:43:31 PM
mbam-log-2010-08-31 (18-43-31).txt

Scan type: Quick scan
Objects scanned: 131236
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)