Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Keylogger

Started by Tabby_Cat , Sep 26 2010 12:05 PM

  • This topic is locked This topic is locked

#1
Tabby_Cat
Posted 26 September 2010 - 12:05 PM

Tabby_Cat

    New Member

  • Member
  • Pip
  • 4 posts
Hi. I was recently informed that a keylogger had access to my e-mail and World of Warcraft account. I've followed all your steps on what to install/how to check for malware. However, I wanted to make sure that the keylogger wasn't still hidden on my computer. I have a copy of my OTL log, but I don't know what most of it means. If anyone could help me identify any possible infections on my computer, it would be greatly appreciated. Also, are there any additional steps I should take? Thanks. Here is my OTL log:


TL logfile created on: 9/26/2010 3:19:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Abbie\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 250.97 Gb Free Space | 55.64% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.65 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABBIE-PC
Current User Name: Abbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/26 15:18:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Abbie\Downloads\OTL.exe
PRC - [2010/09/17 10:41:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/26 00:10:09 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/01 02:34:14 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\OSD\OSD.exe
PRC - [2010/02/01 02:34:14 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\OSD\OSD_Service.exe
PRC - [2010/01/22 20:16:38 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2009/11/10 19:23:50 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2009/11/10 19:23:20 | 000,058,696 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2009/11/10 16:07:26 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2009/10/13 14:55:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 14:55:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/09/18 17:40:26 | 000,335,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/09/17 16:35:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/08/18 00:39:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/22 11:22:34 | 002,463,232 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/06/24 21:01:43 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
PRC - [2009/06/24 21:01:42 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
PRC - [2009/06/24 21:01:21 | 002,368,776 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
PRC - [2009/05/15 11:05:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/04/29 03:20:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2009/04/16 03:22:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2005/08/11 17:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/09/26 15:18:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Abbie\Downloads\OTL.exe
MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2009/07/13 22:45:21 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll
MOD - [2009/07/13 22:44:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 22:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/10 23:41:42 | 002,528,856 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/27 15:09:46 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/26 02:11:32 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/10 16:07:44 | 000,013,624 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/09/21 19:54:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 19:33:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2009/09/21 19:30:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/08/18 00:39:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 23:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/24 21:01:21 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV:64bit: - [2009/03/03 06:12:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe -- (AESTFilters)
SRV - [2010/07/01 16:40:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/02/01 02:34:14 | 000,012,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OSD\OSD_Service.exe -- (HappyOSD)
SRV - [2009/11/30 02:11:52 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/10/13 14:55:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/09/17 16:35:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/05/15 11:05:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2009/12/02 19:15:32 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/11/27 17:08:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/11/27 15:09:46 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/26 03:11:22 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/23 16:57:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/13 14:46:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/30 13:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/15 16:10:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/31 14:55:00 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/07/13 23:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 23:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 23:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 23:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/04 22:57:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 12:24:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 22:01:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/01 19:51:50 | 000,171,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:64bit: - [2009/07/01 15:16:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:16:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:16:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/25 20:34:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 20:08:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 19:43:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/13 09:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel®
DRV:64bit: - [2009/06/13 09:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/06/10 18:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 18:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 18:03:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/09 20:28:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008/09/25 01:06:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/01/18 13:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) Intel®
DRV:64bit: - [2007/04/12 03:00:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel®
DRV:64bit: - [2007/04/12 02:59:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel®
DRV:64bit: - [2006/11/01 16:21:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/04/16 02:58:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/31 23:12:06] [Kernel | Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2004/04/10 10:43:54 | 000,004,608 | ---- | M] ([email protected]) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\mbmiodrvr.sys -- (mbmiodrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.38

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/26 00:10:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/17 10:41:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/17 10:41:52 | 000,000,000 | ---D | M]

[2010/02/12 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Mozilla\Extensions
[2010/09/26 15:11:24 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Mozilla\Firefox\Profiles\r3xpn5kd.default\extensions
[2010/09/26 15:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abbie\AppData\Roaming\Mozilla\Firefox\Profiles\r3xpn5kd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/03/18 23:05:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/18 23:05:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2009/06/10 18:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe (HH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/26 15:11:26 | 000,000,000 | ---D | C] -- C:\Users\Abbie\AppData\Roaming\QuickScan
[2010/09/26 15:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/09/26 15:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/09/26 14:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/09/26 14:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/26 13:33:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/26 13:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/26 06:12:58 | 000,000,000 | ---D | C] -- C:\Users\Abbie\AppData\Roaming\Malwarebytes
[2010/09/26 06:12:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/26 06:12:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/26 06:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/26 06:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/26 05:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/19 14:35:42 | 000,093,872 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\drivers\SBREDrv.sys
[2010/09/19 14:35:42 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\sbbd.exe
[2010/09/19 14:30:41 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2010/09/19 14:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/09/18 23:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft Public Test
[2010/09/18 18:13:17 | 000,000,000 | ---D | C] -- C:\Users\Abbie\PTR Installer 4.0.0.12824 enUS
[2010/08/01 18:23:32 | 000,000,000 | ---D | C] -- C:\Users\Abbie\Desktop\True Blood - Season 3
[2010/07/06 23:41:33 | 000,000,000 | ---D | C] -- C:\Users\Abbie\Desktop\True Blood Season 2
[2010/07/04 21:05:57 | 000,000,000 | ---D | C] -- C:\Users\Abbie\Desktop\Glee - Season 01
[2010/07/04 21:02:08 | 000,000,000 | ---D | C] -- C:\Users\Abbie\Desktop\Glee Season 1 HDTV Ep's 14-22 (2009-2010)
[2010/07/01 23:40:56 | 000,000,000 | ---D | C] -- C:\Users\Abbie\Desktop\New folder
[2010/07/01 23:33:39 | 000,000,000 | ---D | C] -- C:\Users\Abbie\Desktop\wowchars
[2010/07/01 17:18:34 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/07/01 17:18:34 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/07/01 17:18:34 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/07/01 17:18:34 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/07/01 17:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/07/01 17:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2010/07/01 17:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2010/07/01 16:51:28 | 000,000,000 | ---D | C] -- C:\dell
[2010/07/01 16:46:29 | 000,020,968 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys
[2010/07/01 16:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/07/01 16:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2010/07/01 16:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2010/07/01 16:40:45 | 000,000,000 | ---D | C] -- C:\Users\Abbie\AppData\Local\Citrix
[2010/06/29 21:19:53 | 000,000,000 | ---D | C] -- C:\Users\Abbie\Desktop\Glee Season 1 HDTV Ep's 01-13 (2009)
[2010/06/29 21:18:30 | 000,000,000 | ---D | C] -- C:\Users\Abbie\Desktop\True Blood Season 1

========== Files - Modified Within 90 Days ==========

[2010/09/26 15:19:29 | 002,097,152 | -HS- | M] () -- C:\Users\Abbie\NTUSER.DAT
[2010/09/26 15:12:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 15:12:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 15:09:43 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/26 15:09:43 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/26 15:09:43 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/26 15:04:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/26 15:04:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/26 15:04:48 | 3212,169,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/26 15:04:02 | 016,504,513 | -H-- | M] () -- C:\Users\Abbie\AppData\Local\IconCache.db
[2010/09/26 15:03:02 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/09/26 14:25:54 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/09/26 13:34:35 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 13:32:43 | 000,000,930 | ---- | M] () -- C:\Users\Abbie\Desktop\NTREGOPT.lnk
[2010/09/26 13:32:43 | 000,000,911 | ---- | M] () -- C:\Users\Abbie\Desktop\ERUNT.lnk
[2010/09/19 16:50:38 | 000,524,288 | -HS- | M] () -- C:\Users\Abbie\NTUSER.DAT{e77104e6-c422-11df-95f6-0024d7067fc4}.TMContainer00000000000000000002.regtrans-ms
[2010/09/19 16:50:38 | 000,524,288 | -HS- | M] () -- C:\Users\Abbie\NTUSER.DAT{e77104e6-c422-11df-95f6-0024d7067fc4}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 16:50:38 | 000,065,536 | -HS- | M] () -- C:\Users\Abbie\NTUSER.DAT{e77104e6-c422-11df-95f6-0024d7067fc4}.TM.blf
[2010/09/19 16:50:20 | 516,366,600 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/19 16:46:42 | 001,167,964 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/09/19 14:01:03 | 000,507,400 | ---- | M] () -- C:\Users\Abbie\Desktop\sdasetup.exe
[2010/09/18 18:08:25 | 000,001,217 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/09/17 16:35:04 | 000,006,580 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/09/11 14:09:11 | 000,002,566 | ---- | M] () -- C:\Users\Abbie\Documents\quiz.wpd
[2010/09/07 03:56:27 | 000,004,694 | ---- | M] () -- C:\Users\Abbie\Documents\recipes.wpd
[2010/09/04 16:48:32 | 000,001,722 | ---- | M] () -- C:\Users\Abbie\Documents\wowraces.wpd
[2010/09/04 16:48:28 | 000,003,225 | ---- | M] () -- C:\Users\Abbie\Documents\christmas.wpd
[2010/09/04 12:42:50 | 000,002,178 | ---- | M] () -- C:\Users\Abbie\Documents\connie insurance.wpd
[2010/08/22 10:52:32 | 000,002,383 | ---- | M] () -- C:\Users\Abbie\Documents\wehb.wpd
[2010/08/13 17:25:42 | 000,012,529 | ---- | M] () -- C:\Users\Abbie\Documents\urgle.wpd
[2010/08/12 07:59:13 | 000,286,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/02 23:04:17 | 000,008,451 | ---- | M] () -- C:\Users\Abbie\Documents\hournal.wpd
[2010/08/02 20:44:01 | 000,000,894 | ---- | M] () -- C:\Users\Abbie\Desktop\Downloads.lnk
[2010/07/27 01:37:53 | 000,003,602 | ---- | M] () -- C:\Users\Abbie\Documents\blah.wpd
[2010/07/25 15:47:42 | 000,002,727 | ---- | M] () -- C:\Users\Abbie\Documents\Sturdyyyiiiee.wpd
[2010/07/25 14:55:49 | 000,002,260 | ---- | M] () -- C:\Users\Abbie\Documents\sturdiestofindividuals.wpd
[2010/07/11 17:32:15 | 000,008,990 | ---- | M] () -- C:\Users\Abbie\Documents\Brian.wpd
[2010/07/08 23:47:20 | 000,003,661 | ---- | M] () -- C:\Users\Abbie\Documents\ihkb.wpd
[2010/07/01 22:22:48 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\lpcio.dll
[2010/07/01 17:18:44 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\3DMark06.lnk
[2010/07/01 17:18:34 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/07/01 17:18:34 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/07/01 17:18:34 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/07/01 17:18:34 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/07/01 16:46:30 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010/07/01 16:40:43 | 000,061,224 | ---- | M] () -- C:\Users\Abbie\GoToAssistDownloadHelper.exe

========== Files Created - No Company Name ==========

[2010/09/26 15:03:02 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/09/26 14:25:54 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/09/26 13:32:43 | 000,000,930 | ---- | C] () -- C:\Users\Abbie\Desktop\NTREGOPT.lnk
[2010/09/26 13:32:43 | 000,000,911 | ---- | C] () -- C:\Users\Abbie\Desktop\ERUNT.lnk
[2010/09/26 06:12:52 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/19 16:50:38 | 000,524,288 | -HS- | C] () -- C:\Users\Abbie\NTUSER.DAT{e77104e6-c422-11df-95f6-0024d7067fc4}.TMContainer00000000000000000002.regtrans-ms
[2010/09/19 16:50:38 | 000,524,288 | -HS- | C] () -- C:\Users\Abbie\NTUSER.DAT{e77104e6-c422-11df-95f6-0024d7067fc4}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 16:50:38 | 000,065,536 | -HS- | C] () -- C:\Users\Abbie\NTUSER.DAT{e77104e6-c422-11df-95f6-0024d7067fc4}.TM.blf
[2010/09/19 14:06:35 | 001,167,964 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/09/19 14:01:12 | 000,507,400 | ---- | C] () -- C:\Users\Abbie\Desktop\sdasetup.exe
[2010/09/11 14:01:56 | 000,002,566 | ---- | C] () -- C:\Users\Abbie\Documents\quiz.wpd
[2010/09/07 01:06:07 | 000,004,694 | ---- | C] () -- C:\Users\Abbie\Documents\recipes.wpd
[2010/09/04 14:29:35 | 000,003,225 | ---- | C] () -- C:\Users\Abbie\Documents\christmas.wpd
[2010/09/04 13:08:15 | 000,001,722 | ---- | C] () -- C:\Users\Abbie\Documents\wowraces.wpd
[2010/08/31 10:55:56 | 000,002,178 | ---- | C] () -- C:\Users\Abbie\Documents\connie insurance.wpd
[2010/08/17 13:09:59 | 000,002,383 | ---- | C] () -- C:\Users\Abbie\Documents\wehb.wpd
[2010/08/01 23:02:19 | 000,008,451 | ---- | C] () -- C:\Users\Abbie\Documents\hournal.wpd
[2010/07/25 14:50:39 | 000,002,727 | ---- | C] () -- C:\Users\Abbie\Documents\Sturdyyyiiiee.wpd
[2010/07/11 16:42:55 | 000,008,990 | ---- | C] () -- C:\Users\Abbie\Documents\Brian.wpd
[2010/07/08 23:31:18 | 000,003,661 | ---- | C] () -- C:\Users\Abbie\Documents\ihkb.wpd
[2010/07/01 17:18:44 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\3DMark06.lnk
[2010/07/01 16:46:30 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010/07/01 16:40:41 | 000,061,224 | ---- | C] () -- C:\Users\Abbie\GoToAssistDownloadHelper.exe
[2010/03/18 23:06:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/16 23:49:36 | 000,006,580 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/02/16 23:49:36 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\54ABEBA25F.sys
[2009/11/10 16:15:18 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009/07/13 21:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/24 21:02:33 | 000,089,352 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/06/24 21:01:45 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/06/24 21:00:58 | 000,234,760 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll

========== LOP Check ==========

[2010/04/11 20:27:41 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\Facebook
[2010/04/27 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\FrostWire
[2010/09/26 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\QuickScan
[2010/09/26 15:08:08 | 000,000,000 | ---D | M] -- C:\Users\Abbie\AppData\Roaming\uTorrent
[2010/08/24 21:02:56 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2010/09/26 15:04:48 | 3212,169,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/01 04:13:22 | 000,003,134 | RH-- | M] () -- C:\mfg.sdr
[2010/09/26 15:04:49 | 4282,896,384 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:430C6D84
< End of report >
  • 0

Advertisements

#2
Render
Posted 04 October 2010 - 06:04 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Tabby_Cat! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :D

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note:

  • I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Sorry for the delay. I'm currently reviewing your logs.
  • 0

#3
Render
Posted 05 October 2010 - 01:46 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Tabby_Cat

uTorrent and Frostwire are a file-sharing (P2P) programs. Be aware:
  • Some P2P programs will share everything on the computer with anyone by default. If your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
  • P2P programs have always been a target of malware writers and increasingly so of late with viruses, worms and other malware being distributed with the downloaded files.
  • Many of the files in P2P networks are copyrighted and legal action could result.
  • P2P programs will slow down your internet connection speed.
  • It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall them, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.

I see you use one or more registery cleaners - Registry Booster. I do not recommend using any registery cleaner. 'Cleaning' the Registry with these programs is very dangerous, it will not increase your computer's speed and this kind software isn't worth buying because the better parts of this program are already in Windows or you can use freeware software for that. Like I said before, removing thousands of registerkeys will not increase your computer speed, but removing one wrong key and your computer could be unbootable.

Step 1

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found

    :Files

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy (press CTRL+A and then CTRL+C) and Paste (press CTRL+V) that report in your next reply.

Step 2

Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Click To Attach Files button. Click on it.
  • Browse for the attachment file you want to upload, then click on the Open button

In next reply please include following logs:
  • OTL.txt
  • attached file: virusinfo_syscure.zip
  • attached file: virusinfo_syscheck.zip

  • 0

#4
Tabby_Cat
Posted 06 October 2010 - 08:11 PM

Tabby_Cat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi. Here is my OTL log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Abbie
->Temp folder emptied: 240776094 bytes
->Temporary Internet Files folder emptied: 2473319 bytes
->Java cache emptied: 128020 bytes
->FireFox cache emptied: 72474829 bytes
->Flash cache emptied: 41520 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 133688 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 301.00 mb


[EMPTYFLASH]

User: Abbie
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.14.1 log created on 10062010_224313

Files\Folders moved on Reboot...
C:\Users\Abbie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Abbie\AppData\Local\Temp\FXSTIFFDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...




I've also attached both of the zip files. Any help deciphering these would be appreciated. Thanks :D


-Tabby

Attached Files


  • 0

#5
Render
Posted 07 October 2010 - 07:20 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Tabby_Cat

Who informed you that you have a keylogger on your system?

Have you the OTL Extras.txt please, it should be on your desktop.

If you don't find it please do the following:

OTL Scan

  • Double click on the Posted Image icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on None button at the top.
  • Under the Extra Registry section, check Use SafeList
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of Extras.txt and post it.

In next reply please include following logs:
  • Extras.txt

  • 0

#6
Tabby_Cat
Posted 07 October 2010 - 10:41 AM

Tabby_Cat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi. My email and World of Warcraft accounts were both hacked and I called WoW's technical support hotline. They said it sounded like a keylogger. I followed steps to remove malware/viruses/keyloggers on this site, but I wasn't sure if there was something that could still be hiding on my machine that I've missed. Here is the extras.txt log:


OTL Extras logfile created on: 10/7/2010 1:56:36 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Abbie\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 248.64 Gb Free Space | 55.12% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.65 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABBIE-PC
Current User Name: Abbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{3159717A-8387-426C-96C4-D7B92EDA819A}" = Command Center
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{555E63EF-4EB5-43E5-BEEF-9E2CD7BCEFA2}" = Intel® Network Connections 14.4.1.0
"{70C636AA-EAC7-A832-8E77-98C89F2C3E1D}" = ccc-utility64
"{8453A78D-2B10-A2F7-AB29-2E7B34B37677}" = ATI Catalyst Install Manager
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Microsoft Security Essentials" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 14.4.1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{19C90528-C383-8FA6-850A-62723FE1C839}" = Catalyst Control Center Graphics Full New
"{1BA86F1D-6C98-802C-DFC8-2340524451D5}" = CCC Help German
"{1D3D33B3-3977-0088-0670-97318C2DA1E2}" = CCC Help Chinese Traditional
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{29FD9913-D778-587F-EF33-E07C36E13FA3}" = CCC Help Russian
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36D5085C-ECC1-5465-9500-CCBB9945F185}" = CCC Help Spanish
"{3A499781-4087-302D-6666-4DA3052F8FBF}" = CCC Help Chinese Standard
"{3A672642-4962-6DE2-ECDC-C62A6C4249E7}" = CCC Help Korean
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A83263B-AF6E-935E-5820-8CE59367FF1F}" = CCC Help English
"{5035CEE3-5541-0AE6-D4B0-EE0539509991}" = Catalyst Control Center Graphics Full Existing
"{51420B24-8485-E6D5-D0D6-D509804C6563}" = CCC Help Japanese
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{575706E4-4E01-7FE1-12CB-B5DF23CD3556}" = Catalyst Control Center Graphics Previews Common
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A907E98-A0CB-79A3-2E82-53D3D6CAB849}" = Catalyst Control Center Localization All
"{5BA463E1-06EC-56C8-21EB-6CC36C542F35}" = CCC Help Norwegian
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759ba2c8-520b-4092-ac29-2b528b491b02}" = Nero 9 Essentials
"{7622213E-CA10-807A-0910-195B1D630441}" = CCC Help Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77D6CF9E-4A05-9C49-5C17-5F59554B2341}" = ccc-core-static
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A52D2DA-3B86-3A7A-E23B-0A76E169D3F1}" = CCC Help Dutch
"{9E1B11AE-9D96-F43E-21F7-77D281E1ED60}" = CCC Help Swedish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A942EFAE-E1BF-1E89-65FA-D14B04903816}" = CCC Help Finnish
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CDD09C51-45F7-94D8-6CFC-2BCA0AC3D636}" = Catalyst Control Center Core Implementation
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0097E78-F6D1-D375-1735-9614CBD00118}" = Catalyst Control Center Graphics Previews Vista
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEE3C2EC-46D7-C3A3-4D1F-37D30B369855}" = CCC Help Italian
"{E50B2091-FBE1-B906-6762-C11CBB622DF9}" = CCC Help Danish
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F443ABFC-AEE6-EA31-B1F2-78431549C43E}" = Catalyst Control Center InstallProxy
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{FA68526E-2769-C0A2-260A-D77EB7505003}" = CCC Help French
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFE0BC2D-54F6-4BEF-202B-F471D893DD9E}" = Catalyst Control Center Graphics Light
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.18.6
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{3159717A-8387-426C-96C4-D7B92EDA819A}" = Command Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"OpenAL" = OpenAL
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2010 1:28:10 AM | Computer Name = Abbie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 9/19/2010 3:08:01 AM | Computer Name = Abbie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Launcher.exe_Blizzard Launcher, version:
4.0.0.1852, time stamp: 0x4c814b37 Faulting module name: Launcher.exe, version:
4.0.0.1852, time stamp: 0x4c814b37 Exception code: 0xc0000005 Fault offset: 0x000d5e40
Faulting
process id: 0x1578 Faulting application start time: 0x01cb579c35d6aca3 Faulting application
path: C:\Program Files (x86)\World of Warcraft Public Test\Launcher.exe Faulting
module path: C:\Program Files (x86)\World of Warcraft Public Test\Launcher.exe Report
Id: a388c5e9-c3bc-11df-adf4-701a049d9296

Error - 9/22/2010 10:07:34 AM | Computer Name = Abbie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SoftwareUpdate.exe, version: 2.1.1.116,
time stamp: 0x488a4f1f Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x00034230 Faulting
process id: 0x1980 Faulting application start time: 0x01cb5a5f78a24647 Faulting application
path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: beaf88fe-c652-11df-a8d0-701a049d9296

Error - 9/23/2010 1:06:46 AM | Computer Name = Abbie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 9/24/2010 11:24:42 AM | Computer Name = Abbie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 9/24/2010 10:56:56 PM | Computer Name = Abbie-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SoftwareUpdate.exe, version: 2.1.1.116,
time stamp: 0x488a4f1f Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x0003317f Faulting
process id: 0x1460 Faulting application start time: 0x01cb5c5d4dff26d5 Faulting application
path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 8e81a84f-c850-11df-bceb-701a049d9296

Error - 9/25/2010 9:21:10 AM | Computer Name = Abbie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 9/26/2010 4:02:45 AM | Computer Name = Abbie-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'HijackThis' could not be shut down.

Error - 9/26/2010 6:32:25 AM | Computer Name = Abbie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 9/26/2010 12:48:14 PM | Computer Name = Abbie-PC | Source = pctsSvc.exe | ID = 0
Description =

[ System Events ]
Error - 10/6/2010 9:26:47 PM | Computer Name = Abbie-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\utmzntm0.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/6/2010 9:26:47 PM | Computer Name = Abbie-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\utmzntm0.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/6/2010 9:59:55 PM | Computer Name = Abbie-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\SBREdrv.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/6/2010 10:00:31 PM | Computer Name = Abbie-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
mbmiodrvr SBRE

Error - 10/6/2010 10:04:12 PM | Computer Name = Abbie-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\utmzntm0.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/6/2010 10:04:12 PM | Computer Name = Abbie-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\utmzntm0.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/6/2010 10:13:11 PM | Computer Name = Abbie-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\SBREdrv.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/6/2010 10:13:40 PM | Computer Name = Abbie-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
mbmiodrvr SBRE

Error - 10/7/2010 12:19:09 PM | Computer Name = Abbie-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\SBREdrv.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 10/7/2010 12:19:33 PM | Computer Name = Abbie-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
mbmiodrvr SBRE


< End of report >





Thanks for your time. :D


-Tabby
  • 0

#7
Render
Posted 07 October 2010 - 11:14 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I don't see nothing malicious in these logs. Let's try with second opinion.

Posted Image Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file.
  • Click on OK button and on OK one more time.
  • Click on Start and allow to run the express scan by clicking on Yes button.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

In next reply please include following logs:
  • DrWeb.cvs log

  • 0

#8
Essexboy
Posted 13 October 2010 - 12:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP