Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Signs of a virus?

Started by Sneakie , Jun 25 2011 10:36 PM

  • This topic is locked This topic is locked

#1
Sneakie
Posted 25 June 2011 - 10:36 PM

Sneakie

    Member

  • Member
  • PipPip
  • 25 posts
A week ago, I tried to download Flash 8. My computer started to lag really bad. I got a little message on my taskbar that said windows defender was out of date or something. Earlier today, My computer told me I needed to verify it was genuine windows. My computer also can't locate an Audio Service. However, sound DOES work.
I feel I might have a virus so I was hoping you guys could help me :)

OTL logfile created on: 6/25/2011 9:32:25 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\User\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 39.65% Memory free
3.00 Gb Paging File | 1.98 Gb Available in Paging File | 65.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 58.90 Gb Free Space | 60.38% Space Free | Partition Type: NTFS
Drive D: | 51.35 Gb Total Space | 51.19 Gb Free Space | 99.69% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 21:28:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2011/06/24 22:56:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/09 13:24:52 | 000,683,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2011/06/09 13:23:52 | 004,119,896 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\GameBooster.exe
PRC - [2011/06/08 20:19:24 | 001,583,960 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 21:28:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 18:15:36 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrtip.dll
MOD - [2009/07/13 18:15:36 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrapi.dll
MOD - [2009/07/13 18:15:35 | 000,374,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMETIP.DLL
MOD - [2009/07/13 18:15:35 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMJKAPI.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/06/25 03:02:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/15 20:56:37 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/06/01 05:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/03 09:08:00 | 004,756,216 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/09 18:46:36 | 000,949,848 | ---- | M] (ESTsoft Corp) [Auto | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye -- (ALYac_PZSrv)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/24 15:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 15:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 15:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/05/06 17:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (XDva386)
DRV - [2011/05/26 20:41:47 | 000,064,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\xspirit.sys -- (xspirit)
DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/24 00:59:46 | 000,016,248 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Running] -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys -- (AYDrvNT_ALYAC)
DRV - [2010/02/11 00:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/12/30 12:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/11 17:23:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007/08/18 03:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007/05/06 17:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 22:57:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 17:41:10 | 000,000,000 | ---D | M]

[2011/05/24 18:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2011/06/22 19:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7idjc1rf.default\extensions
[2011/06/16 17:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/07 21:30:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/16 17:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IDJC1RF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IDJC1RF.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IDJC1RF.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IDJC1RF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IDJC1RF.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/06/24 22:56:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/06/16 17:40:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/10 23:27:39 | 000,001,364 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ALYac] C:\Program Files\ESTsoft\ALYac\AYUpdate.exe (ESTsoft Corp)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {478623CD-E641-4638-BE6D-E8D5F62AEEC9} http://www.gomcast.c...oad/HUpDown.cab (HDownCtl Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 07:46:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2F96A287-66E2-4174-B80E-1193C5A66CED}
[2011/06/25 03:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/06/25 03:08:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/25 03:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/24 19:45:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{06FD7BD5-560F-4B02-87EA-440E3EFF3697}
[2011/06/24 19:45:22 | 000,000,000 | ---D | C] -- C:\Users\User\Tracing
[2011/06/24 12:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/06/24 12:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/24 12:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/24 12:55:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live
[2011/06/24 12:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/06/23 16:32:48 | 000,306,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys.upd
[2011/06/23 16:09:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\IObit
[2011/06/23 16:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/06/23 16:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/06/23 16:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/06/23 16:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/06/23 15:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2011/06/23 15:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\alaplaya
[2011/06/19 13:46:10 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\FlashProjects
[2011/06/18 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Square
[2011/06/18 20:35:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macromedia
[2011/06/18 19:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011/06/18 19:49:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\QuickScan
[2011/06/18 19:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2011/06/18 19:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2011/06/18 19:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2011/06/18 19:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2011/06/17 19:03:05 | 000,000,000 | ---D | C] -- C:\GamerKraft
[2011/06/17 18:24:18 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Maps
[2011/06/16 17:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/16 17:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/16 17:41:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.minecraft
[2011/06/16 17:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/15 18:45:24 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Project
[2011/06/14 18:32:38 | 004,756,216 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2011/06/14 18:32:04 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2011/06/14 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/06/13 23:01:27 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Music
[2011/06/13 18:08:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2011/06/13 18:07:31 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2011/06/13 18:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/06/13 01:28:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\골든하이로우
[2011/06/13 01:28:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\골든포커
[2011/06/11 22:32:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011/06/11 22:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/11 11:55:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\PhotoshopPortable
[2011/06/07 21:31:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\skypePM
[2011/06/07 21:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/06/07 21:30:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
[2011/06/07 21:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/07 21:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/06/07 21:29:22 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/06/07 21:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/06/07 20:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2011/06/07 20:43:36 | 000,000,000 | ---D | C] -- C:\Nexon
[2011/06/07 20:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2011/06/07 19:58:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PMB Files
[2011/06/07 19:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/06/07 19:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/06/06 16:45:52 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011/06/05 17:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/06/05 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Paint.NET
[2011/06/03 15:49:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/06/02 16:44:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Sony Creative Software Inc
[2011/05/31 21:48:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ventrilo
[2011/05/31 18:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/05/31 18:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/05/31 18:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/05/31 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\MPH Aimbot v19
[2011/05/31 17:29:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/05/31 17:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/05/31 17:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/05/31 17:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/05/30 18:55:52 | 000,000,000 | ---D | C] -- C:\AdobeTemp
[2011/05/29 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2011/05/29 13:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2
[2011/05/29 13:30:17 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\VegasProjects
[2011/05/28 18:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/05/28 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2011/05/27 21:56:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GRETECH
[2011/05/27 21:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011/05/27 21:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 21:20:42 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 21:20:42 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/25 10:34:06 | 000,001,107 | ---- | M] () -- C:\Users\User\Desktop\CyberLink Power2Go.lnk
[2011/06/25 03:56:01 | 000,618,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/25 03:56:01 | 000,410,370 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2011/06/25 03:56:01 | 000,108,240 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/25 03:56:01 | 000,106,654 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2011/06/25 03:49:20 | 002,457,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/25 03:49:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/25 03:48:50 | 1206,501,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 19:44:22 | 000,001,491 | ---- | M] () -- C:\Users\User\Desktop\msnmsgr - Shortcut.lnk
[2011/06/23 16:51:04 | 000,425,487 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/06/23 16:46:20 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2011/06/23 16:32:48 | 000,306,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys.upd
[2011/06/23 16:08:47 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/06/23 16:08:47 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2011/06/23 16:03:40 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/06/23 09:58:07 | 000,019,384 | ---- | M] () -- C:\Users\User\Desktop\shiiiiii.png
[2011/06/20 22:25:29 | 1475,271,024 | ---- | M] () -- C:\Users\User\Desktop\Battle Los Angeles 2011 R5 XViD - IMAGiNE.avi
[2011/06/18 22:53:49 | 025,223,996 | ---- | M] () -- C:\Users\User\Documents\clip0005.avi
[2011/06/18 20:14:19 | 054,079,312 | ---- | M] () -- C:\Users\User\Desktop\MacromediaFlash8Portable.exe
[2011/06/18 20:09:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\imblacklist.dat
[2011/06/18 20:02:26 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2011/06/16 17:38:13 | 000,270,142 | ---- | M] () -- C:\Users\User\Desktop\Minecraft.exe
[2011/06/13 18:14:59 | 000,001,249 | ---- | M] () -- C:\Users\User\Desktop\taskmgr.lnk
[2011/06/13 01:26:16 | 000,000,222 | ---- | M] () -- C:\Users\User\Desktop\골든포커.url
[2011/06/11 22:31:19 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/06/07 21:31:31 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/06/07 21:29:25 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/07 20:52:15 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/06/05 17:02:00 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/06/02 16:05:00 | 000,121,958 | ---- | M] () -- C:\Users\User\Desktop\Battle Los Angeles 2011 R5 XViD - IMAGiNE.smi
[2011/05/31 18:57:54 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/05/31 18:57:52 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/05/31 17:29:01 | 000,000,212 | ---- | M] () -- C:\Users\User\Desktop\Counter-Strike.url
[2011/05/29 13:36:44 | 000,000,935 | ---- | M] () -- C:\Users\User\Desktop\HyperCam 2.lnk
[2011/05/27 21:50:20 | 000,001,095 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 19:44:21 | 000,001,491 | ---- | C] () -- C:\Users\User\Desktop\msnmsgr - Shortcut.lnk
[2011/06/24 13:00:51 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/06/23 16:46:20 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/06/23 16:09:33 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/06/23 16:09:33 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/06/23 16:08:47 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/06/23 16:08:47 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2011/06/23 16:03:40 | 000,001,768 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2011/06/23 09:58:07 | 000,019,384 | ---- | C] () -- C:\Users\User\Desktop\shiiiiii.png
[2011/06/21 18:06:53 | 000,121,958 | ---- | C] () -- C:\Users\User\Desktop\Battle Los Angeles 2011 R5 XViD - IMAGiNE.smi
[2011/06/20 22:03:16 | 1475,271,024 | ---- | C] () -- C:\Users\User\Desktop\Battle Los Angeles 2011 R5 XViD - IMAGiNE.avi
[2011/06/18 22:53:31 | 025,223,996 | ---- | C] () -- C:\Users\User\Documents\clip0005.avi
[2011/06/18 20:13:02 | 054,079,312 | ---- | C] () -- C:\Users\User\Desktop\MacromediaFlash8Portable.exe
[2011/06/18 20:09:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imblacklist.dat
[2011/06/18 20:02:26 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2011/06/18 19:48:19 | 000,425,487 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/06/16 17:37:54 | 000,270,142 | ---- | C] () -- C:\Users\User\Desktop\Minecraft.exe
[2011/06/14 18:32:04 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2011/06/13 18:13:58 | 000,001,249 | ---- | C] () -- C:\Users\User\Desktop\taskmgr.lnk
[2011/06/13 01:26:16 | 000,000,222 | ---- | C] () -- C:\Users\User\Desktop\골든포커.url
[2011/06/11 22:31:19 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/06/11 22:31:19 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/06/10 17:49:37 | 000,193,536 | ---- | C] () -- C:\Users\User\Desktop\GameLauncher.exe
[2011/06/07 21:31:31 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/06/07 21:29:25 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/07 20:52:15 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/06/05 17:02:00 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/06/05 17:02:00 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/05/31 18:57:52 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/05/31 18:57:45 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/05/31 17:29:01 | 000,000,212 | ---- | C] () -- C:\Users\User\Desktop\Counter-Strike.url
[2011/05/29 13:36:44 | 000,000,935 | ---- | C] () -- C:\Users\User\Desktop\HyperCam 2.lnk
[2011/05/27 21:50:20 | 000,001,095 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011/05/26 00:11:19 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/24 18:30:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/24 18:25:44 | 000,094,208 | ---- | C] () -- C:\Windows\System32\getpntid.exe
[2011/05/24 16:17:53 | 000,000,040 | ---- | C] () -- C:\Windows\Hjimesv.ini
[2011/05/24 16:16:39 | 000,000,016 | ---- | C] () -- C:\Windows\System32\winhcfga.ini
[2011/05/24 15:53:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/10 22:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/11/02 07:35:19 | 000,410,370 | ---- | C] () -- C:\Windows\System32\perfh012.dat
[2009/11/02 07:35:19 | 000,157,694 | ---- | C] () -- C:\Windows\System32\perfi012.dat
[2009/11/02 07:35:19 | 000,106,654 | ---- | C] () -- C:\Windows\System32\perfc012.dat
[2009/11/02 07:35:19 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd012.dat
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 002,457,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,618,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,108,240 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:41:47 | 000,012,288 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/23 15:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/09/05 04:46:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

========== LOP Check ==========

[2011/06/16 17:42:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2011/05/24 22:07:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AnvSoft
[2011/06/23 16:09:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit
[2011/05/25 22:21:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Publish Providers
[2011/06/18 19:49:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan
[2011/05/25 22:26:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony
[2011/06/02 16:44:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony Creative Software Inc
[2011/06/11 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011/06/23 16:15:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2009/07/13 21:53:46 | 000,005,110 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
mitch8
Posted 30 June 2011 - 08:27 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

A week ago, I tried to download Flash 8

Did you download flash from adobe? If you were to download the official version it would be version 10.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[resethosts]
  • Then click the Run Fix button at the top

Next,

Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Next,

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#3
Sneakie
Posted 02 July 2011 - 01:02 AM

Sneakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Actually, I couldn't find a link to Macromedia Flash 8, So I downloaded it off a link online that looked clean :/

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE22
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV
Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4=
Windows Product ID: 00426-292-0000007-85559
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {9EE32753-5E19-49DD-8327-51EA8EADE829}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7600.win7_gdr.110408-1633
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\user32.dll.mui[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9EE32753-5E19-49DD-8327-51EA8EADE829}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85559</PID><PIDType>5</PIDType><SID>S-1-5-21-1682396240-1463993847-3669003496</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DM051 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="3"/><Date>20060331000000.000000+000</Date></BIOS><HWID>66B83607018400F6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65270</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-292-000000-00-1033-7600.0000-1442011
Installation ID: 017542600925664814646572648012658120686150180805620736
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 3MBMV
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 7/1/2011 11:58:05 PM

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000002000
Event Time Stamp: 6:25:2011 05:50
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui


HWID Data-->
HWID Hash Current: NAAAAAIABAABAAIAAAABAAAAAQABAAEA+l6SIVAivCAqZ6p2SOTa+y489laoLypuiLWA1w==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL DM051
FACP DELL DM051
HPET DELL DM051
BOOT DELL DM051
MCFG DELL DM051
SSDT DELL st_ex
ASF! DELL DM051



----------------------------


CKScanner - Additional Security Risks - These are not necessarily bad
c:\plaync\goldenpoker\nckeygen.dll
c:\plaync\gostopsun\nckeygen.dll
c:\plaync\newgostopclassic\nckeygen.dll
scanner sequence 3.AB.11.HINAHG
----- EOF -----
  • 0

#4
mitch8
Posted 02 July 2011 - 07:25 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Download flash from the official source here.

Do you still have extras.txt saved where OTL is? Can you post it here?

Open up OTL and click on quick scan. Post the log it makes here.
  • 0

#5
Sneakie
Posted 03 July 2011 - 11:59 AM

Sneakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hmm. I think you're misunderstanding. I have adobe flash player 10. But I downloaded an animating program called Macromedia flash 8.

Here is the extra.txt

OTL Extras logfile created on: 6/25/2011 9:32:26 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\User\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 39.65% Memory free
3.00 Gb Paging File | 1.98 Gb Available in Paging File | 65.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 58.90 Gb Free Space | 60.38% Space Free | Partition Type: NTFS
Drive D: | 51.35 Gb Total Space | 51.19 Gb Free Space | 99.69% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hwp.Print] -- C:\HNC\Hwp70\HwpPrnMng.exe /p "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = ML-1710 Series
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{3B7236C5-AEDB-408A-89F5-B3890A4034CB}" = S4 League_EU
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B2423C36-006E-4270-AEBC-CFC4CAF2C310}" = Haansoft Hangul 2007
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ALUpdate_is1" = 알툴즈 업데이트
"ALYac_is1" = 알약
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.7
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Game Booster_is1" = Game Booster
"GOM Player" = GOM Player
"GomCast" = GomCast
"HyperCam 2" = HyperCam 2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"MapleStory" = MapleStory
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"PlayNC_GoldenPoker" = 골든포커
"PlayNC_GostopSun" = 선언맞고
"PlayNC_NewGostopClassic" = 클래식맞고
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 10" = Counter-Strike
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2011 10:36:24 PM | Computer Name = User-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 6/24/2011 10:36:24 PM | Computer Name = User-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 6/24/2011 10:48:01 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: pcasvc.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4a5bdac8 Exception code: 0xc0000005 Fault offset: 0x73f39518 Faulting process
id: 0x374 Faulting application start time: 0x01cc32e09ff36162 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: pcasvc.dll Report Id:
8a2c9972-9ed5-11e0-8d31-001372e25f8d

Error - 6/25/2011 3:39:51 AM | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\alaplaya\S4League\Aegis64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/25/2011 6:12:00 AM | Computer Name = User-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 6/25/2011 6:15:02 AM | Computer Name = User-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 6/25/2011 6:51:00 AM | Computer Name = User-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 6/25/2011 6:51:00 AM | Computer Name = User-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 6/25/2011 8:50:39 AM | Computer Name = User-PC | Source = Windows Activation Technologies | ID = 3
Description = Health check failure: hr = 0x8004FE22, HealthStatus: 0x0000000000002000

Error - 6/25/2011 4:08:15 PM | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\alaplaya\S4League\Aegis64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 6/23/2011 7:37:27 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/23/2011 7:46:44 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 6/24/2011 12:45:30 PM | Computer Name = User-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/24/2011 10:47:57 PM | Computer Name = User-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.

Error - 6/24/2011 10:48:05 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Audio Endpoint Builder service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 6/24/2011 10:48:05 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Network Connections service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 100 milliseconds:
Restart the service.

Error - 6/24/2011 10:48:05 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Superfetch service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/24/2011 10:48:05 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.

Error - 6/25/2011 6:15:08 AM | Computer Name = User-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 2 (SP2).

Error - 6/25/2011 6:50:55 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405


< End of report >
  • 0

#6
mitch8
Posted 03 July 2011 - 04:08 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
What problems do you have now?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#7
Sneakie
Posted 03 July 2011 - 08:29 PM

Sneakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I just get the windows genuine verifying thing every 1 hour or so.
Its kind of annoying.



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7014

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/3/2011 6:50:23 PM
mbam-log-2011-07-03 (18-50-23).txt

Scan type: Quick scan
Objects scanned: 161485
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
mitch8
Posted 03 July 2011 - 09:48 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts

I just get the windows genuine verifying thing every 1 hour or so.
Its kind of annoying.


Do you pass validation? Do you have a valid copy of windows?

Run this tool again.

Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#9
mitch8
Posted 08 July 2011 - 05:59 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
Sneakie
Posted 12 July 2011 - 01:16 AM

Sneakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I tried to verify, and It said I don't have genuine windows. I should though.
Also, I'm facing several new problems.
I'm not sure if its because of a virus, but after I uninstalled a game, the following happened to my computer:
No sound
No system restore
No windows installer
Several programs such as iTunes don't work.
Low fps when watching videos or playing games.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0x8004FE22
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV
Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4=
Windows Product ID: 00426-292-0000007-85559
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {9EE32753-5E19-49DD-8327-51EA8EADE829}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7600.win7_gdr.110408-1633
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-458-80040154_025D1FF3-344-80040154_025D1FF3-229-80040154_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\user32.dll.mui[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9EE32753-5E19-49DD-8327-51EA8EADE829}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85559</PID><PIDType>5</PIDType><SID>S-1-5-21-1682396240-1463993847-3669003496</SID><SYSTEM/><BIOS/><HWID>66B83607018400F6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65270</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
C:\Windows\system32\slmgr.vbs(1125, 5) Microsoft VBScript runtime error: Object required: 'GetServiceObject(...)'

Windows Activation Technologies-->
HrOffline: 0x8004FE22
HrOnline: N/A
HealthStatus: 0x0000000000002000
Event Time Stamp: 7:11:2011 23:26
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui


HWID Data-->
HWID Hash Current: NAAAAAIABAABAAIAAAABAAAAAQABAAEA+l6SIVAivCAqZ6p2SOTa+y489laoLypuiLWA1w==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL DM051
FACP DELL DM051
HPET DELL DM051
BOOT DELL DM051
MCFG DELL DM051
SSDT DELL st_ex
ASF! DELL DM051
  • 0

#11
mitch8
Posted 13 July 2011 - 02:43 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

So you do have a genuine copy windows? Is is not pirated is it?

You many need to call Microsoft to get it activated.

Information on that is here:
http://support.microsoft.com/kb/307890
  • 0

#12
Sneakie
Posted 14 July 2011 - 08:29 PM

Sneakie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Yup Its all genuine.

I actually got tired of that message, and so I reformatted. I don't get the notification anymore. You can close this thread :) thanks.
  • 0

#13
mitch8
Posted 15 July 2011 - 03:00 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Good :) Sometimes when the windows activation gets messed up reinstalling the OS is the best way to go.
  • 0

#14
mitch8
Posted 15 July 2011 - 03:00 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP