Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Themida error when opening Fraps [Solved]

Started by erikc4l , Mar 23 2010 07:26 PM

  • This topic is locked This topic is locked

#1
erikc4l
Posted 23 March 2010 - 07:26 PM

erikc4l

    Member

  • Member
  • PipPipPip
  • 116 posts
I am trying to open the recording program, "Fraps" and as I open it an error window named "Themida" appears with the error message 'File corrupted!. This program has been manipulated and maybe it's infected by a Virus or cracked. This file won't work anymore.' I don't know if this is real or not as I downloaded Fraps from the official website. I had the game 'MapleStory' running in the background as I attempted to open Fraps. Could anyone tell me if this is a virus or anything like that?

I didn't know where to post this and thought it related to this section.
Thanks and here's a picture of the message.

Posted Image

Here is the MBAM log. I can't extract the GMER cause it would say 'Winrar has stopped working'. Is it safe to restart my computer to complete the deletion to the infected file detected by MBAM?

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/23/2010 6:41:13 PM
mbam-log-2010-03-23 (18-41-13).txt

Scan type: Quick Scan
Objects scanned: 95198
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\ot675609.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\ot675609.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\in675609.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\or675609.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\rt675609.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\st675609.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\tl584457.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Here is the OTL log. Also there wasn't an Extras.txt log that opened.

OTL logfile created on: 3/23/2010 6:45:11 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Erik Tran\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.01 Gb Total Space | 154.76 Gb Free Space | 69.71% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.76 Gb Free Space | 16.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIKTRAN-PC
Current User Name: Erik Tran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/23 18:37:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\OTL.exe
PRC - [2010/03/22 22:24:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/22 20:36:00 | 000,621,320 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/02/06 19:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
PRC - [2008/12/22 14:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/08/05 11:19:41 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
PRC - [2008/08/05 11:19:40 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
PRC - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdvcoms.exe
PRC - [2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/23 18:37:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\OTL.exe
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/01/06 09:13:00 | 003,478,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2008/07/24 06:33:43 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.allkpop.c...category/music"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/22 22:24:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/22 22:24:47 | 000,000,000 | ---D | M]

[2009/12/13 09:41:06 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Extensions
[2010/03/22 19:46:38 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions
[2010/01/16 14:54:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/16 12:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2010/01/12 17:59:02 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}(97)
[2010/02/03 17:45:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/08 16:58:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/13 12:23:24 | 000,002,283 | ---- | M] () -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\searchplugins\aol-search.xml
[2010/03/23 18:19:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/13 09:56:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/01/23 10:27:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 19:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/23 18:37:54 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\OTL.exe
[2010/03/21 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/21 20:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/19 23:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/03/19 14:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/17 19:03:37 | 000,000,000 | ---D | C] -- C:\Abyss Web Server
[2010/03/17 18:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/03/16 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/16 18:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010/03/15 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Documents\Dragonica
[2010/03/15 15:02:14 | 000,000,000 | ---D | C] -- C:\Temp
[2010/03/15 14:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\THQICE
[2010/03/14 11:36:21 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\WLDM
[2010/02/01 22:49:04 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdvserv.dll
[2010/02/01 22:49:04 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdvusb1.dll
[2010/02/01 22:49:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdvpmui.dll
[2010/02/01 22:49:04 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDVhcp.dll
[2010/02/01 22:49:04 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdvinpa.dll
[2010/02/01 22:49:04 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdviesc.dll
[2010/02/01 22:49:04 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdvprox.dll
[2010/02/01 22:49:03 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdvlmpm.dll
[2010/02/01 22:49:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdvhbn3.dll
[2010/02/01 22:49:01 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomc.dll
[2010/02/01 22:49:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomm.dll
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/23 18:45:18 | 002,883,584 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT
[2010/03/23 18:41:27 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rhairu.sys
[2010/03/23 18:37:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\OTL.exe
[2010/03/23 18:37:52 | 000,284,915 | ---- | M] () -- C:\Users\Erik Tran\Desktop\gmer.zip
[2010/03/23 18:23:21 | 000,010,561 | ---- | M] () -- C:\Users\Erik Tran\Desktop\asdf.jpg
[2010/03/23 18:22:39 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\or675609.dl_
[2010/03/23 18:21:34 | 000,001,643 | ---- | M] () -- C:\Windows\System32\msexcr.ini
[2010/03/23 18:00:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/23 18:00:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/23 17:57:51 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/23 17:57:48 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/23 17:57:05 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\tl584457.dl_
[2010/03/23 16:53:20 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\ot675609.dl_
[2010/03/23 16:43:17 | 000,081,920 | ---- | M] () -- C:\Windows\System32\ot675609.dll
[2010/03/23 14:18:42 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/23 14:06:58 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/23 14:06:58 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/23 14:06:58 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/23 14:00:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/23 13:59:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/23 13:59:56 | 2951,020,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/22 22:31:22 | 000,524,288 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/22 22:31:22 | 000,065,536 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/22 22:31:14 | 002,577,755 | -H-- | M] () -- C:\Users\Erik Tran\AppData\Local\IconCache.db
[2010/03/20 14:07:07 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\rt675609.dl_
[2010/03/19 23:28:43 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\Dragonica Online.lnk
[2010/03/19 23:17:12 | 000,001,630 | ---- | M] () -- C:\Users\Erik Tran\Desktop\CCleaner.lnk
[2010/03/19 19:41:44 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\st675609.dl_
[2010/03/19 19:18:12 | 000,001,768 | ---- | M] () -- C:\Users\Erik Tran\Desktop\MapleStory.lnk
[2010/03/19 13:10:23 | 000,075,264 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/19 13:02:00 | 000,305,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/16 18:12:22 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\in675609.dl_
[2010/03/13 21:25:31 | 000,000,680 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/13 09:09:16 | 000,000,251 | ---- | M] () -- C:\Windows\system.ini
[2010/03/13 09:09:06 | 000,000,770 | ---- | M] () -- C:\Users\Erik Tran\Desktop\AkaiMS - Shortcut.lnk
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/23 18:41:27 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rhairu.sys
[2010/03/23 18:37:46 | 000,284,915 | ---- | C] () -- C:\Users\Erik Tran\Desktop\gmer.zip
[2010/03/23 18:23:21 | 000,010,561 | ---- | C] () -- C:\Users\Erik Tran\Desktop\asdf.jpg
[2010/03/23 18:21:33 | 000,001,643 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2010/03/23 18:18:07 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\or675609.dl_
[2010/03/21 11:13:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ot675609.dll
[2010/03/21 11:13:12 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\ot675609.dl_
[2010/03/19 23:17:12 | 000,001,630 | ---- | C] () -- C:\Users\Erik Tran\Desktop\CCleaner.lnk
[2010/03/19 19:40:13 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\st675609.dl_
[2010/03/19 19:18:12 | 000,001,768 | ---- | C] () -- C:\Users\Erik Tran\Desktop\MapleStory.lnk
[2010/03/19 17:53:48 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\rt675609.dl_
[2010/03/19 14:10:15 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\Dragonica Online.lnk
[2010/03/16 18:12:07 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\in675609.dl_
[2010/03/13 21:25:31 | 000,000,680 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/13 09:09:16 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\tl584457.dl_
[2010/03/13 09:09:06 | 000,000,770 | ---- | C] () -- C:\Users\Erik Tran\Desktop\AkaiMS - Shortcut.lnk
[2010/03/07 09:22:30 | 000,003,584 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 22:52:04 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdvcoin.dll
[2010/02/01 22:49:17 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdvrwrd.ini
[2010/02/01 22:49:05 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDVinst.dll
[2010/02/01 22:49:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdvgrd.dll
[2009/12/13 11:54:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/13 09:11:12 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/13 09:11:07 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\QSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\AtStart.txt
[2009/12/13 06:25:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/12/13 06:25:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/12/13 06:24:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/12/13 06:24:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/12/13 06:22:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/12/13 06:22:00 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/25 17:10:11 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/25 17:03:58 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/25 17:01:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/25 17:00:34 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/08 16:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/07/15 23:49:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdvvs.dll
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/06 13:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdvdrs.dll
[2007/08/10 12:49:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdvcaps.dll
[2007/07/16 10:53:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdvcnv4.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/12/13 09:57:44 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\acccore
[2010/01/13 00:05:36 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Datarescue
[2010/01/03 10:12:37 | 000,000,000 | -H-D | M] -- C:\Users\Erik Tran\AppData\Roaming\ijjigame
[2010/02/01 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Lexmark Productivity Studio
[2010/02/01 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mael
[2010/03/21 20:24:25 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/18 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\MySQL
[2010/02/03 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Nexon
[2010/03/17 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/04 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Subversion
[2010/01/23 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\SystemRequirementsLab
[2010/01/19 22:43:08 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\TeamViewer
[2010/03/07 09:28:10 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\VSO
[2010/03/22 22:31:18 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010/01/23 14:14:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\ERDNT\cache\atapi.sys
[2010/01/23 14:14:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys
[2008/10/25 16:12:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008/10/25 16:12:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008/10/25 16:12:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008/10/25 16:12:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 19:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/20 19:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 19:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/20 19:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 19:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 19:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 19:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< End of report >

Edited by erikc4l, 23 March 2010 - 07:56 PM.

  • 0

Advertisements

#2
ali.B
Posted 24 March 2010 - 02:51 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Hello erikc4l, Welcome to Geeks To Go , I'm ali.B & I will be assisting you :)

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be advised that I am still in training, so there may be a delay between replies. Each reply must be approved by a resident expert before posting them to you.
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look Here
I also recommend that you print these instructions as you may be required to boot in safe mode.

I'll post my instructions soon :)
  • 0

#3
ali.B
Posted 24 March 2010 - 03:49 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2010/03/23 18:41:27 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rhairu.sys
[2010/03/23 18:22:39 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\or675609.dl_
[2010/03/23 17:57:05 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\tl584457.dl_
[2010/03/23 16:53:20 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\ot675609.dl_
[2010/03/23 16:43:17 | 000,081,920 | ---- | M] () -- C:\Windows\System32\ot675609.dll
[2010/03/20 14:07:07 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\rt675609.dl_
[2010/03/19 19:41:44 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\st675609.dl_
[2010/03/16 18:12:22 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\in675609.dl_

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Please copy and paste the report into your Post.

Step 3

Update and Run a quick scan in MalwareBytes antimalware
Yes it is safe to reboot your computer if Malwarebytes requires it to remove the infections

Step 4

Things I would like to see in your reply:
  • OTL log
  • RootRepeal Log
  • MBAM log

  • 0

#4
erikc4l
Posted 24 March 2010 - 04:56 PM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Okay thanks for the reply, but I did a system recovery to the 15th and once I got back in and ran a scan on MBAM there was one more infected object and I removed it. But at the moment I'm doing another scan and there are various objects. Would I still follow the above instructions or would I need a new set?

Here are the logs that you requested though.

OTL Log
All processes killed
========== OTL ==========
File C:\Windows\System32\drivers\rhairu.sys not found.
File C:\Windows\System32\or675609.dl_ not found.
C:\Windows\System32\tl584457.dl_ moved successfully.
File C:\Windows\System32\ot675609.dl_ not found.
File C:\Windows\System32\ot675609.dll not found.
File C:\Windows\System32\rt675609.dl_ not found.
File C:\Windows\System32\st675609.dl_ not found.
C:\Windows\System32\in675609.dl_ moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Erik Tran
->Temp folder emptied: 9560431 bytes
->Temporary Internet Files folder emptied: 1940202 bytes
->Java cache emptied: 68035883 bytes
->FireFox cache emptied: 74140635 bytes
->Google Chrome cache emptied: 10360833 bytes
->Flash cache emptied: 3336 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 156.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03242010_160229

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

RootRepeal Log
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/24 16:07
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8F924000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8F919000 Size: 45056 File Visible: No Signed: -
Status: -

Name: pxumgqsq.sys
Image Path: C:\Windows\System32\drivers\pxumgqsq.sys
Address: 0x8054E000 Size: 54016 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9B383000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2d36bda7-3392-11df-bc43-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2fc6e6b5-36ef-11df-9241-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8afcd73d-36f7-11df-a05a-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8afcd746-36f7-11df-a05a-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b16e17f3-32d1-11df-a5ae-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b16e17fc-32d1-11df-a5ae-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b16e1802-32d1-11df-a5ae-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b16e1810-32d1-11df-a5ae-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b16e1818-32d1-11df-a5ae-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ccdfd63d-323c-11df-8d80-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ccdfd643-323c-11df-8d80-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ccdfd649-323c-11df-8d80-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ccdfd64f-323c-11df-8d80-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b16e181e-32d1-11df-a5ae-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d9e4348b-3206-11df-997b-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d9e43494-3206-11df-997b-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d9e4349b-3206-11df-997b-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e0c91d03-3512-11df-9be0-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ff64f2d6-36be-11df-a8a3-001f1676fdff}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce47260749ddc2c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.1.6001.22000_none_441eba1a267a5ad3\fdProxy(1559).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.1.6001.22000_none_449cd701f2cb8c19\fundisc(1564).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\apphelp(1509).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\advapi32(1507).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\atl(1510).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6001.18000_none_b5dfbc3a51b01b87\winmm(1713).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d16f567e1f7\authui(1513).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-basedependencies_31bf3856ad364e35_6.0.6000.16386_none_006b2fc82be4576c\psapi(1661).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt(1516).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-branding-engine_31bf3856ad364e35_6.0.6000.16386_none_e73316a16878fc16\winbrand(1709).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es(1557).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_6.0.6001.18000_none_6b632e81788ed2d9\clbcatq(1526).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cabinet_31bf3856ad364e35_6.0.6001.18000_none_373f511ce1ebb446\cabinet(1519).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\ole32(1645).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-oleui_31bf3856ad364e35_6.0.6001.18000_none_2073f9ffadc17996\oledlg(1648).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b111a1a5a793a5\comdlg32(1528).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6001.18000_none_255246473e514737\imagehlp(1573).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\crypt32(1530).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7\ntdsapi(1619).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc(1535).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc6(1536).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\samlib(1669).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-duser_31bf3856ad364e35_6.0.6001.18000_none_5a74ae48fc7a81f9\duser(1548).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267\wevtapi(1708).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsapi(1538).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.0.6000.16386_none_7535161f1f2100ed\msimg32(1597).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32(1566).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\lpk(1582).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\gpapi(1567).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.0.6000.16386_none_d47586718a839763\hid(1568).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\urlmon(1698).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet(1712).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18000_none_47a3aa598c843043\iertutil(1572).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32(1575).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036\normaliz(1615).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32(1579).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c4797566bb3db\Wldap32(1721).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\secur32(1671).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mlang_31bf3856ad364e35_6.0.6001.18000_none_56df4b78e3fe4e3f\mlang(1585).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmcss_31bf3856ad364e35_6.0.6001.18000_none_579836e8e38a2cb7\avrt(1514).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6001.18000_none_55044397b961da8a\MMDevAPI(1586).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6001.18000_none_add5c97257f151a1\mpr(1587).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16386_none_c52353cea8765257\msasn1(1590).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e409a96d6223c\msxml3(1607).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt(1604).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_5dde5591f19c0ea3\ncrypt(1609).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18000_none_8d341b13018fde32\netapi32(1610).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\netshell(1611).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\FWPUCLNT(1565).DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\npmproxy(1616).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi(1612).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_58d6de41fc2dac16\ntdll(1618).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6001.18000_none_bd002a8dfb7a3328\oleaut32(1647).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-oleacc_31bf3856ad364e35_6.0.6001.18000_none_6a84bdce2263bb83\oleacc(1646).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6001.18000_none_932df61f18add086\winspool(1716).drv
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6001.18000_none_ab6af9d0f92539f0\cscapi(1532).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\propsys(1660).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.0.6001.18000_none_6d377f6a4f85327c\rasapi32(1664).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18000_none_0d159410ea7a8f9d\rtutils(1668).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasman_31bf3856ad364e35_6.0.6001.18000_none_6ca64a1c4ff485d4\rasman(1665).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc5453bf46b\rpcrt4(1666).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6001.18000_none_5fc70fc7b14478d4\rsaenh(1667).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_6.0.6001.18000_none_18e47a437999387f\WinSCard(1715).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.0.6001.18000_none_3a21c33374546c1e\ntmarta(1620).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6001.18000_none_c51f5aefa5ed5be4\SLC(1678).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6001.18000_none_c3b8316fa19004d1\credssp(1529).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-sens-client_31bf3856ad364e35_6.0.6000.16386_none_ff0beccac0362b51\SensApi(1672).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18000_none_22164b0e5542d6c1\schannel(1670).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6001.18000_none_34f559b0c63dda55\setupapi(1673).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32(1676).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shlwapi_31bf3856ad364e35_6.0.6001.18000_none_f9d9b204a4aeeb4a\shlwapi(1677).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.0.6001.18000_none_ae4c9c1c57a3bb3a\sxs(1686).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_ea70eae59b4e2b12\IPHLPAPI(1578).DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.0.6001.18000_none_75c3b019eec51999\msctf(1592).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.0.6001.18000_none_c730eb5dc6553c1b\wtsapi32(1728).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.0.6001.18000_none_dcdfef64cc00e5fb\winsta(1717).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-tapi2xclient_31bf3856ad364e35_6.0.6000.16386_none_c63fa93c42ab8c05\tapi32(1690).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-proxy_31bf3856ad364e35_6.0.6000.16386_none_7b87175bbe5d3c57\TSChannel(1697).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32(1699).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.0.6001.18000_none_90406a734b42d9a2\userenv(1700).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.0.6001.18000_none_726222dfc773e0a2\nsi(1617).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-usermodensi_31bf3856ad364e35_6.0.6001.18000_none_726222dfc773e0a2\winnsi(1714).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof(1659).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\usp10(1701).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.0.6001.18000_none_a5e49ad4068f9b12\uxtheme(1702).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6001.18000_none_14fe4f2f50e5bbf4\version(1703).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock(1606).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32(1724).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18000_none_9681b77aa11e1dfb\WindowsCodecs(1710).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.0.6001.18000_none_cbb305c23187855a\WSHTCPIP(1727).DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6001.18000_none_efae39c59a10e503\wintrust(1718).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PortableDeviceApi(1657).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-xmllite_31bf3856ad364e35_6.0.6001.18000_none_893b7e92a34e8e37\xmllite(1738).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18000_none_24cdf96ec22363fa\winhttp(1711).dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$DeleteMe.sortkey.nlp.01ca8d0fd78449c9.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\$$DeleteMe.sorttbls.nlp.01ca8d0fd781e869.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$DeleteMe.sortkey.nlp.01ca8d0fd78449c9.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16720_none_c7dc8a0ec1089f13\$$DeleteMe.sorttbls.nlp.01ca8d0fd781e869.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20883_none_b114a0b2daaae406\$$DeleteMe.sortkey.nlp.01ca8d0fd78449c9.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.20883_none_b114a0b2daaae406\$$DeleteMe.sorttbls.nlp.01ca8d0fd781e869.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18000_none_c7b68566c15b786b\$$DeleteMe.sortkey.nlp.01ca8d0fd78449c9.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18000_none_c7b68566c15b786b\$$DeleteMe.sorttbls.nlp.01ca8d0fd781e869.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18111_none_c7b76ec4c15aabb4\$$DeleteMe.sortkey.nlp.01ca8d0fd78449c9.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18111_none_c7b76ec4c15aabb4\$$DeleteMe.sorttbls.nlp.01ca8d0fd781e869.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.22230_none_b0ebdf60db0024c7\$$DeleteMe.sortkey.nlp.01ca8d0fd78449c9.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.22230_none_b0ebdf60db0024c7\$$DeleteMe.sorttbls.nlp.01ca8d0fd781e869.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f1Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1132 Status: Locked to the Windows API!

==EOF==

MBAM Log
Malwarebytes' Anti-Malware 1.44
Database version: 3910
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/24/2010 4:23:42 PM
mbam-log-2010-03-24 (16-23-42).txt

Scan type: Quick Scan
Objects scanned: 107920
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by erikc4l, 24 March 2010 - 05:24 PM.

  • 0

#5
ali.B
Posted 24 March 2010 - 11:51 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#6
erikc4l
Posted 25 March 2010 - 05:08 PM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Thank you for replying again. I do a MBAM scan everyday I log on to my computer and each and everyday I scan there are the same infected objects which I click on remove but they come back each time. I have a question about whether if it's safe or not to do anything on the computer still? Here is the OTL log though.

OTL logfile created on: 3/25/2010 4:05:27 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Erik Tran\Desktop\New Folder
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.01 Gb Total Space | 152.00 Gb Free Space | 68.47% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.76 Gb Free Space | 16.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIKTRAN-PC
Current User Name: Erik Tran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\New Folder\OTL.exe
PRC - [2010/03/08 14:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/02/06 19:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
PRC - [2008/12/22 14:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/08/05 11:19:41 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
PRC - [2008/08/05 11:19:40 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
PRC - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdvcoms.exe
PRC - [2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\New Folder\OTL.exe
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/01/06 09:13:00 | 003,478,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2008/07/24 06:33:43 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.allkpop.c...category/music"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 14:39:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 14:39:10 | 000,000,000 | ---D | M]

[2009/12/13 09:41:06 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Extensions
[2010/03/25 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions
[2010/01/16 14:54:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/16 12:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2010/01/12 17:59:02 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}(97)
[2010/02/03 17:45:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/08 16:58:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/13 12:23:24 | 000,002,283 | ---- | M] () -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\searchplugins\aol-search.xml
[2010/03/25 13:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/12/13 09:56:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/01/23 10:27:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/24 17:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/24 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Desktop\New Folder
[2010/03/24 16:02:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/24 06:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/03/24 00:12:14 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\InstallShield
[2010/03/23 22:36:25 | 000,710,064 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2010/03/23 22:36:25 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_atlantica_launching.dll
[2010/03/23 22:36:25 | 000,058,800 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2010/03/23 22:36:25 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_luminary_launching.dll
[2010/03/23 22:36:24 | 000,087,472 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\ijjiChannelingPlugin.dll
[2010/03/23 22:36:24 | 000,058,800 | ---- | C] (NHN USA Corp.) -- C:\Windows\System32\ijjiPlugin2.dll
[2010/03/21 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/21 20:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/19 14:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/17 19:03:37 | 000,000,000 | ---D | C] -- C:\Abyss Web Server
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/03/16 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/16 18:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010/03/15 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Documents\Dragonica
[2010/03/15 15:02:14 | 000,000,000 | ---D | C] -- C:\Temp
[2010/03/15 14:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\THQICE
[2010/03/14 11:36:21 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\WLDM
[2010/03/12 15:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/03/12 15:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/02/01 22:49:04 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdvserv.dll
[2010/02/01 22:49:04 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdvusb1.dll
[2010/02/01 22:49:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdvpmui.dll
[2010/02/01 22:49:04 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDVhcp.dll
[2010/02/01 22:49:04 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdvinpa.dll
[2010/02/01 22:49:04 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdviesc.dll
[2010/02/01 22:49:04 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdvprox.dll
[2010/02/01 22:49:03 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdvlmpm.dll
[2010/02/01 22:49:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdvhbn3.dll
[2010/02/01 22:49:01 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomc.dll
[2010/02/01 22:49:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomm.dll
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/25 16:05:27 | 002,621,440 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT
[2010/03/25 16:01:35 | 143,310,559 | ---- | M] () -- C:\Users\Erik Tran\Desktop\Epik High - Run (March 21).wmv
[2010/03/25 15:52:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/25 15:52:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/25 14:56:25 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/25 14:56:25 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/25 13:58:15 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/25 13:58:15 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/25 13:58:15 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/25 13:54:43 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/25 13:52:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/25 13:52:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/25 13:52:41 | 2951,135,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 22:30:22 | 000,524,288 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/24 22:30:22 | 000,065,536 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/24 22:29:59 | 001,493,048 | -H-- | M] () -- C:\Users\Erik Tran\AppData\Local\IconCache.db
[2010/03/24 21:39:52 | 000,081,920 | ---- | M] () -- C:\Windows\System32\ry675609.dll
[2010/03/24 21:39:52 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\ry675609.dl_
[2010/03/24 20:59:20 | 000,218,960 | ---- | M] () -- C:\Users\Erik Tran\Desktop\Untitled.jpg
[2010/03/24 20:39:58 | 000,001,642 | ---- | M] () -- C:\Windows\System32\msexcr.ini
[2010/03/24 20:36:31 | 000,081,920 | ---- | M] () -- C:\Windows\System32\tl584457.dll
[2010/03/24 20:36:31 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\tl584457.dl_
[2010/03/24 17:13:13 | 000,000,720 | -H-- | M] () -- C:\IPH.PH
[2010/03/24 13:52:07 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.lnk
[2010/03/23 22:44:14 | 000,000,440 | -H-- | M] () -- C:\Users\Erik Tran\Desktop\U_SUN_setup.exe.bfi
[2010/03/23 22:36:28 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/03/23 20:50:34 | 000,075,264 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/23 20:34:45 | 002,883,584 | -HS- | M] () -- C:\Users\Erik Tran\ntuser.dat_previous
[2010/03/13 21:25:31 | 000,000,680 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/13 09:09:16 | 000,000,251 | ---- | M] () -- C:\Windows\system.ini
[2010/03/13 09:09:06 | 000,000,770 | ---- | M] () -- C:\Users\Erik Tran\Desktop\AkaiMS.lnk
[2010/03/13 00:14:41 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/12 16:30:39 | 000,001,702 | ---- | M] () -- C:\Users\Erik Tran\Desktop\Call of Duty Modern Warfare 2.lnk
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/25 15:54:49 | 143,310,559 | ---- | C] () -- C:\Users\Erik Tran\Desktop\Epik High - Run (March 21).wmv
[2010/03/24 20:59:19 | 000,218,960 | ---- | C] () -- C:\Users\Erik Tran\Desktop\Untitled.jpg
[2010/03/24 20:52:45 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ry675609.dll
[2010/03/24 20:52:45 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\ry675609.dl_
[2010/03/24 20:39:57 | 000,001,642 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2010/03/24 16:49:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\tl584457.dll
[2010/03/24 16:49:20 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\tl584457.dl_
[2010/03/23 22:44:14 | 000,000,440 | -H-- | C] () -- C:\Users\Erik Tran\Desktop\U_SUN_setup.exe.bfi
[2010/03/23 22:43:24 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.lnk
[2010/03/23 22:36:28 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/03/13 21:25:31 | 000,000,680 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/13 09:09:06 | 000,000,770 | ---- | C] () -- C:\Users\Erik Tran\Desktop\AkaiMS.lnk
[2010/03/12 16:30:39 | 000,001,702 | ---- | C] () -- C:\Users\Erik Tran\Desktop\Call of Duty Modern Warfare 2.lnk
[2010/03/12 15:48:50 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/07 09:22:30 | 000,003,584 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 22:52:04 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdvcoin.dll
[2010/02/01 22:49:17 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdvrwrd.ini
[2010/02/01 22:49:05 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDVinst.dll
[2010/02/01 22:49:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdvgrd.dll
[2009/12/13 11:54:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/13 09:11:12 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/13 09:11:07 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\QSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\AtStart.txt
[2009/12/13 06:25:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/12/13 06:25:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/12/13 06:24:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/12/13 06:24:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/12/13 06:22:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/12/13 06:22:00 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/25 17:10:11 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/25 17:03:58 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/25 17:01:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/25 17:00:34 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/08 16:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/07/15 23:49:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdvvs.dll
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/06 13:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdvdrs.dll
[2007/08/10 12:49:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdvcaps.dll
[2007/07/16 10:53:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdvcnv4.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/12/13 09:57:44 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\acccore
[2010/01/13 00:05:36 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Datarescue
[2010/01/03 10:12:37 | 000,000,000 | -H-D | M] -- C:\Users\Erik Tran\AppData\Roaming\ijjigame
[2010/02/01 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Lexmark Productivity Studio
[2010/02/01 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mael
[2010/03/21 20:24:25 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/18 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\MySQL
[2010/02/03 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Nexon
[2010/03/17 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/04 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Subversion
[2010/01/23 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\SystemRequirementsLab
[2010/01/19 22:43:08 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\TeamViewer
[2010/03/07 09:28:10 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\VSO
[2010/03/24 22:30:10 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D06A4C76
< End of report >

Edited by erikc4l, 25 March 2010 - 05:08 PM.

  • 0

#7
ali.B
Posted 26 March 2010 - 03:10 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2010/03/24 21:39:52 | 000,081,920 | ---- | M] () -- C:\Windows\System32\ry675609.dll
[2010/03/24 21:39:52 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\ry675609.dl_
[2010/03/24 20:36:31 | 000,081,920 | ---- | M] () -- C:\Windows\System32\tl584457.dll
[2010/03/24 20:36:31 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\tl584457.dl_


:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Step 3

Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#8
erikc4l
Posted 26 March 2010 - 03:22 PM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Okay here are the logs. I'm not sure if I'm supposed to use HijackThis like stated in above, so I didn't download it or anything since it was not requested in the logs to post.

OTL Log
OTL logfile created on: 3/26/2010 2:18:47 PM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Erik Tran\Desktop\New Folder
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.01 Gb Total Space | 151.83 Gb Free Space | 68.39% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.76 Gb Free Space | 16.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIKTRAN-PC
Current User Name: Erik Tran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\New Folder\OTL.exe
PRC - [2010/03/24 14:38:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/22 14:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/08/05 11:19:41 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
PRC - [2008/08/05 11:19:40 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
PRC - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdvcoms.exe
PRC - [2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\New Folder\OTL.exe
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/01/06 09:13:00 | 003,478,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2008/07/24 06:33:43 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.allkpop.c...category/music"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 14:39:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 14:39:10 | 000,000,000 | ---D | M]

[2009/12/13 09:41:06 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Extensions
[2010/03/25 16:06:32 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions
[2010/01/16 14:54:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/16 12:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2010/01/12 17:59:02 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}(97)
[2010/02/03 17:45:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/08 16:58:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/13 12:23:24 | 000,002,283 | ---- | M] () -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\searchplugins\aol-search.xml
[2010/03/26 14:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/12/13 09:56:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/03/26 14:15:45 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/25 22:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\4U Computing
[2010/03/24 17:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/24 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Desktop\New Folder
[2010/03/24 16:02:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/24 06:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/03/24 00:12:14 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\InstallShield
[2010/03/23 22:36:25 | 000,710,064 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2010/03/23 22:36:25 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_atlantica_launching.dll
[2010/03/23 22:36:25 | 000,058,800 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2010/03/23 22:36:25 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_luminary_launching.dll
[2010/03/23 22:36:24 | 000,087,472 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\ijjiChannelingPlugin.dll
[2010/03/23 22:36:24 | 000,058,800 | ---- | C] (NHN USA Corp.) -- C:\Windows\System32\ijjiPlugin2.dll
[2010/03/21 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/21 20:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/19 14:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/17 19:03:37 | 000,000,000 | ---D | C] -- C:\Abyss Web Server
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/03/16 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/16 18:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010/03/15 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Documents\Dragonica
[2010/03/15 15:02:14 | 000,000,000 | ---D | C] -- C:\Temp
[2010/03/15 14:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\THQICE
[2010/03/14 11:36:21 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\WLDM
[2010/03/12 15:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/03/12 15:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/02/01 22:49:04 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdvserv.dll
[2010/02/01 22:49:04 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdvusb1.dll
[2010/02/01 22:49:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdvpmui.dll
[2010/02/01 22:49:04 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDVhcp.dll
[2010/02/01 22:49:04 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdvinpa.dll
[2010/02/01 22:49:04 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdviesc.dll
[2010/02/01 22:49:04 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdvprox.dll
[2010/02/01 22:49:03 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdvlmpm.dll
[2010/02/01 22:49:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdvhbn3.dll
[2010/02/01 22:49:01 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomc.dll
[2010/02/01 22:49:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomm.dll
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/26 14:18:52 | 002,621,440 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT
[2010/03/26 14:17:11 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/26 14:17:11 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/26 14:16:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 14:16:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 14:16:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/26 14:16:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/26 14:16:43 | 2951,098,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/26 14:16:02 | 000,524,288 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/26 14:16:02 | 000,065,536 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/26 14:15:45 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/03/26 14:11:50 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/25 22:30:21 | 001,497,030 | -H-- | M] () -- C:\Users\Erik Tran\AppData\Local\IconCache.db
[2010/03/25 20:07:20 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/25 20:07:20 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/25 20:07:20 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/25 19:21:11 | 000,001,643 | ---- | M] () -- C:\Windows\System32\msexcr.ini
[2010/03/25 16:01:35 | 143,310,559 | ---- | M] () -- C:\Users\Erik Tran\Desktop\Epik High - Run (March 21).wmv
[2010/03/24 17:13:13 | 000,000,720 | -H-- | M] () -- C:\IPH.PH
[2010/03/24 13:52:07 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.lnk
[2010/03/23 22:44:14 | 000,000,440 | -H-- | M] () -- C:\Users\Erik Tran\Desktop\U_SUN_setup.exe.bfi
[2010/03/23 22:36:28 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/03/23 20:50:34 | 000,075,264 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/23 20:34:45 | 002,883,584 | -HS- | M] () -- C:\Users\Erik Tran\ntuser.dat_previous
[2010/03/13 21:25:31 | 000,000,680 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/13 09:09:16 | 000,000,251 | ---- | M] () -- C:\Windows\system.ini
[2010/03/13 09:09:06 | 000,000,770 | ---- | M] () -- C:\Users\Erik Tran\Desktop\AkaiMS.lnk
[2010/03/13 00:14:41 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/12 16:30:39 | 000,001,702 | ---- | M] () -- C:\Users\Erik Tran\Desktop\Call of Duty Modern Warfare 2.lnk
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/25 19:21:11 | 000,001,643 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2010/03/25 15:54:49 | 143,310,559 | ---- | C] () -- C:\Users\Erik Tran\Desktop\Epik High - Run (March 21).wmv
[2010/03/23 22:44:14 | 000,000,440 | -H-- | C] () -- C:\Users\Erik Tran\Desktop\U_SUN_setup.exe.bfi
[2010/03/23 22:43:24 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.lnk
[2010/03/23 22:36:28 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/03/13 21:25:31 | 000,000,680 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/13 09:09:06 | 000,000,770 | ---- | C] () -- C:\Users\Erik Tran\Desktop\AkaiMS.lnk
[2010/03/12 16:30:39 | 000,001,702 | ---- | C] () -- C:\Users\Erik Tran\Desktop\Call of Duty Modern Warfare 2.lnk
[2010/03/12 15:48:50 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/07 09:22:30 | 000,003,584 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 22:52:04 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdvcoin.dll
[2010/02/01 22:49:17 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdvrwrd.ini
[2010/02/01 22:49:05 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDVinst.dll
[2010/02/01 22:49:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdvgrd.dll
[2009/12/13 11:54:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/13 09:11:12 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/13 09:11:07 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\QSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\AtStart.txt
[2009/12/13 06:25:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/12/13 06:25:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/12/13 06:24:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/12/13 06:24:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/12/13 06:22:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/12/13 06:22:00 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/25 17:10:11 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/25 17:03:58 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/25 17:01:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/25 17:00:34 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/08 16:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/07/15 23:49:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdvvs.dll
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/06 13:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdvdrs.dll
[2007/08/10 12:49:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdvcaps.dll
[2007/07/16 10:53:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdvcnv4.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/12/13 09:57:44 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\acccore
[2010/01/13 00:05:36 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Datarescue
[2010/01/03 10:12:37 | 000,000,000 | -H-D | M] -- C:\Users\Erik Tran\AppData\Roaming\ijjigame
[2010/02/01 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Lexmark Productivity Studio
[2010/02/01 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mael
[2010/03/21 20:24:25 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/18 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\MySQL
[2010/02/03 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Nexon
[2010/03/17 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/04 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Subversion
[2010/01/23 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\SystemRequirementsLab
[2010/01/19 22:43:08 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\TeamViewer
[2010/03/07 09:28:10 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\VSO
[2010/03/26 14:15:57 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D06A4C76
< End of report >

Combofix.txt
ComboFix 10-03-26.02 - Erik Tran 03/26/2010 14:26:29.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.2114 [GMT -7:00]
Running from: c:\users\Erik Tran\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://download.newaol.com
.
((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-26 05:00 . 2010-03-26 05:00 -------- d-----w- c:\program files\4U Computing
2010-03-25 00:12 . 2010-03-25 00:12 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-24 23:20 . 2010-03-24 23:20 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-24 23:02 . 2010-03-24 23:02 -------- d-----w- C:\_OTL
2010-03-24 13:10 . 2010-03-24 13:10 -------- d-----w- c:\programdata\InstallShield
2010-03-24 07:12 . 2010-03-24 07:12 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\InstallShield
2010-03-24 05:36 . 2009-07-03 07:34 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2010-03-24 05:36 . 2009-07-03 07:34 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2010-03-24 05:36 . 2009-07-01 17:25 61440 ----a-w- c:\windows\system32\uc_atlantica_launching.dll
2010-03-24 05:36 . 2009-04-01 00:43 53248 ----a-w- c:\windows\system32\uc_luminary_launching.dll
2010-03-24 05:36 . 2009-07-03 07:34 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2010-03-24 05:36 . 2009-01-29 18:53 87472 ----a-w- c:\windows\system32\ijjiChannelingPlugin.dll
2010-03-22 03:22 . 2010-03-22 03:24 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\ManyCam
2010-03-22 03:22 . 2010-03-22 03:22 -------- d-----w- c:\program files\Ask.com
2010-03-19 21:07 . 2010-03-19 21:07 -------- d-----w- c:\program files\IObit
2010-03-18 02:03 . 2010-03-18 04:18 -------- d-----w- C:\Abyss Web Server
2010-03-18 00:05 . 2010-03-18 00:05 -------- d-----w- c:\program files\TortoiseSVN
2010-03-18 00:05 . 2010-03-18 00:05 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-03-17 01:08 . 2010-03-18 04:14 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\nHancer
2010-03-17 01:05 . 2010-03-17 01:08 -------- d-----w- c:\programdata\nHancer
2010-03-15 22:02 . 2010-03-20 17:20 -------- d-----w- C:\Temp
2010-03-15 21:55 . 2010-03-15 21:55 -------- d-----w- c:\program files\THQICE
2010-03-14 18:36 . 2010-03-14 18:36 -------- d-----w- c:\users\Erik Tran\AppData\Local\WLDM
2010-03-14 04:25 . 2010-03-14 04:25 680 ----a-w- c:\users\Erik Tran\AppData\Local\d3d9caps.dat
2010-03-13 19:17 . 2009-11-11 07:08 180224 ----a-w- c:\windows\system32\QTCF.dll
2010-03-12 22:48 . 2010-03-24 03:34 -------- d-----w- c:\program files\Common Files\Steam
2010-03-12 22:48 . 2010-03-24 03:34 -------- d-----w- c:\program files\Steam
2010-03-09 23:05 . 2010-03-09 23:05 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-03-09 22:49 . 2010-03-09 22:49 -------- d-----w- c:\program files\dumps
2010-03-07 16:30 . 2010-03-24 03:34 -------- d-----w- c:\program files\ImageConverter Plus
2010-03-07 16:26 . 2010-03-07 16:28 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\VSO
2010-03-07 16:26 . 2010-03-07 16:26 -------- d-----w- c:\users\Erik Tran\AppData\Local\VSO
2010-03-07 01:34 . 2010-03-07 01:35 -------- d-----w- C:\.ritzwebv1_file_store_32
2010-03-07 01:28 . 2010-03-07 01:28 -------- d-----w- c:\program files\Common Files\Java
2010-03-05 02:46 . 2010-03-19 01:06 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\MySQL
2010-03-05 02:46 . 2010-03-24 03:28 -------- d-----w- c:\users\Erik Tran\AppData\Local\TSVNCache
2010-03-05 02:43 . 2010-03-05 02:43 -------- d-----w- c:\program files\Sun
2010-03-05 02:41 . 2010-03-05 02:41 -------- d-----w- c:\program files\MySQL
2010-03-05 02:40 . 2010-03-19 05:16 -------- d-----w- C:\wamp
2010-03-05 02:35 . 2010-03-05 02:35 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\TortoiseSVN
2010-03-05 02:33 . 2010-03-05 02:33 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\Subversion
2010-02-25 04:47 . 2010-02-25 04:47 1585608 ----a-w- c:\programdata\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 21:17 . 2009-12-13 16:11 53307 ----a-w- c:\programdata\nvModes.dat
2010-03-26 21:13 . 2009-12-13 16:46 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\Skype
2010-03-26 21:12 . 2009-12-13 16:48 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\skypePM
2010-03-25 00:13 . 2009-12-13 16:55 -------- d-----w- c:\program files\AIM
2010-03-24 23:20 . 2009-12-13 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-24 13:03 . 2008-10-25 22:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 13:03 . 2008-10-25 22:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-24 03:50 . 2009-12-13 16:06 75264 ----a-w- c:\users\Erik Tran\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-17 20:52 . 2010-03-17 20:52 2237756 ----a-w- c:\programdata\SPLC744.tmp
2010-03-17 12:47 . 2010-03-17 12:47 2237756 ----a-w- c:\programdata\SPLA3EE.tmp
2010-03-17 04:23 . 2010-03-17 04:23 2229996 ----a-w- c:\programdata\SPL8EE1.tmp
2010-03-17 04:21 . 2010-03-17 04:21 2234324 ----a-w- c:\programdata\SPLDAA0.tmp
2010-03-14 18:36 . 2009-12-13 17:27 -------- d-----w- c:\program files\Windows Live
2010-03-13 03:13 . 2009-12-13 18:06 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\Apple Computer
2010-03-13 03:09 . 2009-12-13 18:02 -------- d-----w- c:\programdata\Apple
2010-03-07 01:31 . 2008-10-26 00:13 -------- d-----w- c:\program files\Java
2010-03-07 01:25 . 2010-02-20 18:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 03:53 . 2010-01-20 05:09 -------- d-----w- c:\program files\TeamViewer
2010-02-24 03:16 . 2010-02-24 03:03 41 ----a-w- c:\users\Erik Tran\jagex_runescape_preferences.dat
2010-02-24 03:08 . 2010-02-24 03:05 69 ----a-w- c:\users\Erik Tran\jagex_runescape_preferences2.dat
2010-02-23 03:26 . 2010-02-23 03:26 147456 ----a-w- c:\windows\system32\uc_neosteam_launching.dll
2010-02-22 23:08 . 2010-02-22 23:05 -------- d-----w- c:\programdata\NexonUS
2010-02-22 23:05 . 2010-02-22 23:05 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-02-22 23:05 . 2010-02-22 23:05 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-02-22 23:05 . 2010-02-22 23:05 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-02-22 23:05 . 2010-02-22 23:05 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-02-22 23:05 . 2010-02-22 23:05 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-02-22 23:05 . 2010-02-22 23:05 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-02-14 18:43 . 2010-02-14 03:41 -------- d-----w- c:\program files\Google
2010-02-04 00:52 . 2010-02-04 00:52 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\Nexon
2010-02-02 07:46 . 2010-02-02 07:46 377160 ----a-w- c:\programdata\SPL5B3.tmp
2010-02-02 07:44 . 2010-02-02 07:44 1477828 ----a-w- c:\programdata\SPLC777.tmp
2010-02-02 05:54 . 2010-01-07 03:08 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\Lexmark Productivity Studio
2010-02-01 22:30 . 2010-02-01 22:30 -------- d-----w- c:\users\Erik Tran\AppData\Roaming\Mael
2010-01-30 02:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-30 02:15 . 2008-10-25 22:35 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-30 02:06 . 2010-01-30 02:06 -------- d-----w- c:\programdata\App4rTemp
2010-01-23 21:14 . 2008-01-21 02:23 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-23 18:37 . 2010-01-23 18:37 138240 ----a-w- c:\users\Erik Tran\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-01-23 18:37 . 2010-01-23 18:37 138240 ----a-w- c:\users\Erik Tran\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-01-23 18:37 . 2010-01-23 18:37 138240 ----a-w- c:\users\Erik Tran\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-01-23 18:37 . 2010-01-23 18:37 138240 ----a-w- c:\users\Erik Tran\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-01-22 17:24 . 2010-01-22 17:24 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
2010-01-07 23:07 . 2009-12-13 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-12-13 18:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-10-25 23:12 . 2008-10-25 22:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 126976]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2008-08-05 455336]
"lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2008-08-05 25256]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdvserv.exe [2008-07-24 98984]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-06 3478288]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]
S2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe [2008-07-24 594600]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.allkpop.com/category/music
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 14:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000006690A87B5CE16B2800 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-26 14:34:00
ComboFix-quarantined-files.txt 2010-03-26 21:33
ComboFix2.txt 2010-01-24 00:38

Pre-Run: 162,914,533,376 bytes free
Post-Run: 162,885,980,160 bytes free

- - End Of File - - B7D445ED0656A0B385EC6EF83F3A472F

Edited by erikc4l, 26 March 2010 - 03:35 PM.

  • 0

#9
ali.B
Posted 26 March 2010 - 04:47 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
c:\programdata\SPLC744.tmp
c:\programdata\SPLA3EE.tmp
c:\programdata\SPL8EE1.tmp
c:\programdata\SPLDAA0.tmp
c:\programdata\SPL5B3.tmp
c:\programdata\SPLC777.tmp

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download TDSSKiller and save it to your Desktop.

  • Extract the file and run it.
  • Once completed it will create a log in the root directory (usually C:\).
  • Please post the contents of that log in your next reply.

Step 3

Things I would like to see in your reply:
  • OTL Log
  • TDSSKiller Log

  • 0

#10
erikc4l
Posted 26 March 2010 - 05:00 PM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
OTL Log
OTL logfile created on: 3/26/2010 3:57:22 PM - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Erik Tran\Desktop\New Folder
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.01 Gb Total Space | 151.62 Gb Free Space | 68.29% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.76 Gb Free Space | 16.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIKTRAN-PC
Current User Name: Erik Tran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\New Folder\OTL.exe
PRC - [2010/03/24 14:38:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/22 14:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/08/05 11:19:41 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
PRC - [2008/08/05 11:19:40 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
PRC - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdvcoms.exe
PRC - [2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\New Folder\OTL.exe
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/01/06 09:13:00 | 003,478,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2008/07/24 06:33:43 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.allkpop.c...category/music"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 14:39:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 14:39:10 | 000,000,000 | ---D | M]

[2009/12/13 09:41:06 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Extensions
[2010/03/26 14:45:06 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions
[2010/01/16 14:54:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/16 12:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2010/01/12 17:59:02 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}(97)
[2010/02/03 17:45:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/08 16:58:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/13 12:23:24 | 000,002,283 | ---- | M] () -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\searchplugins\aol-search.xml
[2010/03/26 15:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/12/13 09:56:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/03/26 14:15:45 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/26 14:34:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/26 14:34:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/26 14:32:04 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\temp
[2010/03/26 14:24:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/26 14:24:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/26 14:24:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/26 14:24:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/26 14:23:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/25 22:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\4U Computing
[2010/03/24 17:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/24 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Desktop\New Folder
[2010/03/24 16:02:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/24 06:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/03/24 00:12:14 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\InstallShield
[2010/03/23 22:36:25 | 000,710,064 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2010/03/23 22:36:25 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_atlantica_launching.dll
[2010/03/23 22:36:25 | 000,058,800 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2010/03/23 22:36:25 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_luminary_launching.dll
[2010/03/23 22:36:24 | 000,087,472 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\ijjiChannelingPlugin.dll
[2010/03/23 22:36:24 | 000,058,800 | ---- | C] (NHN USA Corp.) -- C:\Windows\System32\ijjiPlugin2.dll
[2010/03/21 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/21 20:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/19 14:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/17 19:03:37 | 000,000,000 | ---D | C] -- C:\Abyss Web Server
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/03/16 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/16 18:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010/03/15 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Documents\Dragonica
[2010/03/15 15:02:14 | 000,000,000 | ---D | C] -- C:\Temp
[2010/03/15 14:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\THQICE
[2010/03/14 11:36:21 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\WLDM
[2010/02/01 22:49:04 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdvserv.dll
[2010/02/01 22:49:04 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdvusb1.dll
[2010/02/01 22:49:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdvpmui.dll
[2010/02/01 22:49:04 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDVhcp.dll
[2010/02/01 22:49:04 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdvinpa.dll
[2010/02/01 22:49:04 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdviesc.dll
[2010/02/01 22:49:04 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdvprox.dll
[2010/02/01 22:49:03 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdvlmpm.dll
[2010/02/01 22:49:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdvhbn3.dll
[2010/02/01 22:49:01 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomc.dll
[2010/02/01 22:49:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomm.dll

========== Files - Modified Within 14 Days ==========

[2010/03/26 15:58:22 | 000,154,469 | ---- | M] () -- C:\Users\Erik Tran\Desktop\tdsskiller.zip
[2010/03/26 15:58:01 | 002,621,440 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT
[2010/03/26 15:56:35 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/26 15:56:35 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/26 15:56:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 15:56:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 15:56:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/26 15:56:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/26 15:56:08 | 2951,086,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/26 15:55:26 | 000,524,288 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/26 15:55:26 | 000,065,536 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/26 15:47:31 | 000,081,920 | ---- | M] () -- C:\Windows\System32\tl584457.dll
[2010/03/26 15:47:31 | 000,044,686 | -H-- | M] () -- C:\Windows\System32\tl584457.dl_
[2010/03/26 14:37:45 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/26 14:32:11 | 000,000,251 | ---- | M] () -- C:\Windows\system.ini
[2010/03/26 14:23:30 | 003,903,606 | R--- | M] () -- C:\Users\Erik Tran\Desktop\Combo-Fix.exe
[2010/03/26 14:22:15 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/26 14:22:15 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/26 14:22:15 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/26 14:15:45 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/03/25 22:30:21 | 001,497,030 | -H-- | M] () -- C:\Users\Erik Tran\AppData\Local\IconCache.db
[2010/03/25 16:01:35 | 143,310,559 | ---- | M] () -- C:\Users\Erik Tran\Desktop\Epik High - Run (March 21).wmv
[2010/03/24 17:13:13 | 000,000,720 | -H-- | M] () -- C:\IPH.PH
[2010/03/24 13:52:07 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.lnk
[2010/03/23 22:44:14 | 000,000,440 | -H-- | M] () -- C:\Users\Erik Tran\Desktop\U_SUN_setup.exe.bfi
[2010/03/23 22:36:28 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/03/23 20:50:34 | 000,075,264 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/23 20:34:45 | 002,883,584 | -HS- | M] () -- C:\Users\Erik Tran\ntuser.dat_previous
[2010/03/13 21:25:31 | 000,000,680 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/13 09:09:06 | 000,000,770 | ---- | M] () -- C:\Users\Erik Tran\Desktop\AkaiMS.lnk
[2010/03/13 00:14:41 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/12 16:30:39 | 000,001,702 | ---- | M] () -- C:\Users\Erik Tran\Desktop\Call of Duty Modern Warfare 2.lnk

========== Files Created - No Company Name ==========

[2010/03/26 15:57:47 | 000,154,469 | ---- | C] () -- C:\Users\Erik Tran\Desktop\tdsskiller.zip
[2010/03/26 15:47:31 | 000,081,920 | ---- | C] () -- C:\Windows\System32\tl584457.dll
[2010/03/26 15:47:31 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\tl584457.dl_
[2010/03/26 14:24:50 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/26 14:24:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/26 14:24:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/26 14:24:50 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/26 14:24:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/26 14:23:20 | 003,903,606 | R--- | C] () -- C:\Users\Erik Tran\Desktop\Combo-Fix.exe
[2010/03/25 15:54:49 | 143,310,559 | ---- | C] () -- C:\Users\Erik Tran\Desktop\Epik High - Run (March 21).wmv
[2010/03/23 22:44:14 | 000,000,440 | -H-- | C] () -- C:\Users\Erik Tran\Desktop\U_SUN_setup.exe.bfi
[2010/03/23 22:43:24 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.lnk
[2010/03/23 22:36:28 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/03/13 21:25:31 | 000,000,680 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/13 09:09:06 | 000,000,770 | ---- | C] () -- C:\Users\Erik Tran\Desktop\AkaiMS.lnk
[2010/03/12 16:30:39 | 000,001,702 | ---- | C] () -- C:\Users\Erik Tran\Desktop\Call of Duty Modern Warfare 2.lnk
[2010/03/07 09:22:30 | 000,003,584 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 22:52:04 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdvcoin.dll
[2010/02/01 22:49:17 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdvrwrd.ini
[2010/02/01 22:49:05 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDVinst.dll
[2010/02/01 22:49:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdvgrd.dll
[2009/12/13 11:54:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/13 09:11:12 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/13 09:11:07 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\QSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\AtStart.txt
[2009/12/13 06:25:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/12/13 06:25:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/12/13 06:24:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/12/13 06:24:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/12/13 06:22:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/12/13 06:22:00 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/25 17:10:11 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/25 17:03:58 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/25 17:01:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/25 17:00:34 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/08 16:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/07/15 23:49:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdvvs.dll
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/06 13:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdvdrs.dll
[2007/08/10 12:49:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdvcaps.dll
[2007/07/16 10:53:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdvcnv4.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/12/13 09:57:44 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\acccore
[2010/01/13 00:05:36 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Datarescue
[2010/01/03 10:12:37 | 000,000,000 | -H-D | M] -- C:\Users\Erik Tran\AppData\Roaming\ijjigame
[2010/02/01 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Lexmark Productivity Studio
[2010/02/01 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mael
[2010/03/21 20:24:25 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/18 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\MySQL
[2010/02/03 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Nexon
[2010/03/17 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/04 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Subversion
[2010/01/23 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\SystemRequirementsLab
[2010/01/19 22:43:08 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\TeamViewer
[2010/03/07 09:28:10 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\VSO
[2010/03/26 15:55:22 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D06A4C76
< End of report >


TDSSKiller Log
16:00:28:548 3228 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
16:00:28:548 3228 ================================================================================
16:00:28:548 3228 SystemInfo:

16:00:28:548 3228 OS Version: 6.0.6001 ServicePack: 1.0
16:00:28:548 3228 Product type: Workstation
16:00:28:548 3228 ComputerName: ERIKTRAN-PC
16:00:28:548 3228 UserName: Erik Tran
16:00:28:548 3228 Windows directory: C:\Windows
16:00:28:548 3228 Processor architecture: Intel x86
16:00:28:548 3228 Number of processors: 2
16:00:28:548 3228 Page size: 0x1000
16:00:28:548 3228 Boot type: Normal boot
16:00:28:548 3228 ================================================================================
16:00:28:563 3228 UnloadDriverW: NtUnloadDriver error 2
16:00:28:563 3228 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:00:28:594 3228 wfopen_ex: Trying to open file C:\Windows\system32\config\system
16:00:28:594 3228 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:00:28:594 3228 wfopen_ex: Trying to KLMD file open
16:00:28:594 3228 wfopen_ex: File opened ok (Flags 2)
16:00:28:594 3228 wfopen_ex: Trying to open file C:\Windows\system32\config\software
16:00:28:594 3228 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:00:28:594 3228 wfopen_ex: Trying to KLMD file open
16:00:28:594 3228 wfopen_ex: File opened ok (Flags 2)
16:00:28:594 3228 Initialize success
16:00:28:594 3228
16:00:28:594 3228 Scanning Services ...
16:00:29:577 3228 Raw services enum returned 434 services
16:00:29:577 3228
16:00:29:593 3228 Scanning Kernel memory ...
16:00:29:593 3228 Devices to scan: 1
16:00:29:593 3228
16:00:29:593 3228 Driver Name: atapi
16:00:29:593 3228 IRP_MJ_CREATE : 822C2116
16:00:29:593 3228 IRP_MJ_CREATE_NAMED_PIPE : 81C65FEF
16:00:29:593 3228 IRP_MJ_CLOSE : 822C2116
16:00:29:593 3228 IRP_MJ_READ : 81C65FEF
16:00:29:593 3228 IRP_MJ_WRITE : 81C65FEF
16:00:29:593 3228 IRP_MJ_QUERY_INFORMATION : 81C65FEF
16:00:29:593 3228 IRP_MJ_SET_INFORMATION : 81C65FEF
16:00:29:593 3228 IRP_MJ_QUERY_EA : 81C65FEF
16:00:29:593 3228 IRP_MJ_SET_EA : 81C65FEF
16:00:29:593 3228 IRP_MJ_FLUSH_BUFFERS : 81C65FEF
16:00:29:593 3228 IRP_MJ_QUERY_VOLUME_INFORMATION : 81C65FEF
16:00:29:593 3228 IRP_MJ_SET_VOLUME_INFORMATION : 81C65FEF
16:00:29:593 3228 IRP_MJ_DIRECTORY_CONTROL : 81C65FEF
16:00:29:593 3228 IRP_MJ_FILE_SYSTEM_CONTROL : 81C65FEF
16:00:29:593 3228 IRP_MJ_DEVICE_CONTROL : 822B0A22
16:00:29:593 3228 IRP_MJ_INTERNAL_DEVICE_CONTROL : 822B09F4
16:00:29:593 3228 IRP_MJ_SHUTDOWN : 81C65FEF
16:00:29:593 3228 IRP_MJ_LOCK_CONTROL : 81C65FEF
16:00:29:593 3228 IRP_MJ_CLEANUP : 81C65FEF
16:00:29:593 3228 IRP_MJ_CREATE_MAILSLOT : 81C65FEF
16:00:29:593 3228 IRP_MJ_QUERY_SECURITY : 81C65FEF
16:00:29:593 3228 IRP_MJ_SET_SECURITY : 81C65FEF
16:00:29:593 3228 IRP_MJ_POWER : 822B0A50
16:00:29:593 3228 IRP_MJ_SYSTEM_CONTROL : 822BDB70
16:00:29:593 3228 IRP_MJ_DEVICE_CHANGE : 81C65FEF
16:00:29:593 3228 IRP_MJ_QUERY_QUOTA : 81C65FEF
16:00:29:593 3228 IRP_MJ_SET_QUOTA : 81C65FEF
16:00:29:608 3228 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
16:00:29:608 3228
16:00:29:608 3228 Completed
16:00:29:608 3228
16:00:29:608 3228 Results:
16:00:29:608 3228 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
16:00:29:608 3228 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:00:29:608 3228 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:00:29:608 3228
16:00:29:608 3228 fclose_ex: Trying to close file C:\Windows\system32\config\system
16:00:29:608 3228 fclose_ex: Trying to close file C:\Windows\system32\config\software
16:00:29:608 3228 KLMD(ARK) unloaded successfully

Edited by erikc4l, 26 March 2010 - 05:01 PM.

  • 0

Advertisements

#11
erikc4l
Posted 27 March 2010 - 01:07 AM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I've just scanned with MBAM and it keeps showing that one .dll that starts with a t
  • 0

#12
erikc4l
Posted 27 March 2010 - 01:09 AM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I've just scanned with MBAM and it keeps showing that one .dll that starts with a t
  • 0

#13
ali.B
Posted 27 March 2010 - 01:09 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
remove that.

will post my next instructions once approved :)

Edited by ali.B, 27 March 2010 - 01:46 AM.

  • 0

#14
ali.B
Posted 27 March 2010 - 08:43 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2010/03/26 15:47:31 | 000,081,920 | ---- | C] () -- C:\Windows\System32\tl584457.dll
[2010/03/26 15:47:31 | 000,044,686 | -H-- | C] () -- C:\Windows\System32\tl584457.dl_

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the “Execute selected scriptsâ€.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Step 3

Things i would like to see in your reply:
  • OTL Log
  • AVZ logs attached

  • 0

#15
erikc4l
Posted 27 March 2010 - 11:21 AM

erikc4l

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Thanks for replying. Here are the logs.

OTL Log
OTL logfile created on: 3/27/2010 9:53:12 AM - Run 5
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Erik Tran\Desktop\New Folder
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.01 Gb Total Space | 151.65 Gb Free Space | 68.31% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.76 Gb Free Space | 16.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIKTRAN-PC
Current User Name: Erik Tran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\New Folder\OTL.exe
PRC - [2008/12/22 14:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/08/05 11:19:41 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
PRC - [2008/08/05 11:19:40 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
PRC - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdvcoms.exe
PRC - [2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/24 15:58:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erik Tran\Desktop\New Folder\OTL.exe
MOD - [2008/01/20 19:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/01/06 09:13:00 | 003,478,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2008/07/24 06:33:43 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.allkpop.c...category/music"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 14:39:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 14:39:10 | 000,000,000 | ---D | M]

[2009/12/13 09:41:06 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Extensions
[2010/03/27 09:48:48 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions
[2010/01/16 14:54:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/16 12:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2010/01/12 17:59:02 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}(97)
[2010/02/03 17:45:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/08 16:58:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/13 12:23:24 | 000,002,283 | ---- | M] () -- C:\Users\Erik Tran\AppData\Roaming\Mozilla\Firefox\Profiles\4vnfz2sn.default\searchplugins\aol-search.xml
[2010/03/27 09:49:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/12/13 09:56:15 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/03/26 14:15:45 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Erik Tran\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/27 09:48:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/27 09:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/26 16:00:25 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Desktop\tdsskiller
[2010/03/26 14:34:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/26 14:34:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/26 14:32:04 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\temp
[2010/03/26 14:24:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/26 14:24:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/26 14:24:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/26 14:24:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/26 14:23:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/25 22:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\4U Computing
[2010/03/24 17:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/24 16:25:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Desktop\New Folder
[2010/03/24 16:02:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/24 06:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/03/24 00:12:14 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\InstallShield
[2010/03/23 22:36:25 | 000,710,064 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2010/03/23 22:36:25 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_atlantica_launching.dll
[2010/03/23 22:36:25 | 000,058,800 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2010/03/23 22:36:25 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_luminary_launching.dll
[2010/03/23 22:36:24 | 000,087,472 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\ijjiChannelingPlugin.dll
[2010/03/23 22:36:24 | 000,058,800 | ---- | C] (NHN USA Corp.) -- C:\Windows\System32\ijjiPlugin2.dll
[2010/03/21 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/21 20:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/19 14:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/17 19:03:37 | 000,000,000 | ---D | C] -- C:\Abyss Web Server
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/03/17 17:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/03/16 18:08:27 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/16 18:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010/03/15 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\Documents\Dragonica
[2010/03/15 15:02:14 | 000,000,000 | ---D | C] -- C:\Temp
[2010/03/15 14:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\THQICE
[2010/03/14 11:36:21 | 000,000,000 | ---D | C] -- C:\Users\Erik Tran\AppData\Local\WLDM
[2010/02/01 22:49:04 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdvserv.dll
[2010/02/01 22:49:04 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdvusb1.dll
[2010/02/01 22:49:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdvpmui.dll
[2010/02/01 22:49:04 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDVhcp.dll
[2010/02/01 22:49:04 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdvinpa.dll
[2010/02/01 22:49:04 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdviesc.dll
[2010/02/01 22:49:04 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdvprox.dll
[2010/02/01 22:49:03 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdvlmpm.dll
[2010/02/01 22:49:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdvhbn3.dll
[2010/02/01 22:49:01 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomc.dll
[2010/02/01 22:49:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomm.dll

========== Files - Modified Within 14 Days ==========

[2010/03/27 09:54:27 | 002,621,440 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT
[2010/03/27 09:51:51 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/27 09:51:51 | 000,053,307 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/27 09:51:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 09:51:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 09:51:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/27 09:51:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/27 09:51:15 | 2951,077,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/27 09:50:10 | 000,524,288 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/27 09:50:10 | 000,065,536 | -HS- | M] () -- C:\Users\Erik Tran\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/27 09:45:22 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/27 00:38:57 | 001,497,340 | -H-- | M] () -- C:\Users\Erik Tran\AppData\Local\IconCache.db
[2010/03/27 00:31:21 | 000,001,642 | ---- | M] () -- C:\Windows\System32\msexcr.ini
[2010/03/26 16:01:30 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/26 16:01:30 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/26 16:01:30 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/26 14:32:11 | 000,000,251 | ---- | M] () -- C:\Windows\system.ini
[2010/03/26 14:23:30 | 003,903,606 | R--- | M] () -- C:\Users\Erik Tran\Desktop\Combo-Fix.exe
[2010/03/26 14:15:45 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/03/24 17:13:13 | 000,000,720 | -H-- | M] () -- C:\IPH.PH
[2010/03/24 13:52:07 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.lnk
[2010/03/23 22:44:14 | 000,000,440 | -H-- | M] () -- C:\Users\Erik Tran\Desktop\U_SUN_setup.exe.bfi
[2010/03/23 22:36:28 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/03/23 20:50:34 | 000,075,264 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/23 20:34:45 | 002,883,584 | -HS- | M] () -- C:\Users\Erik Tran\ntuser.dat_previous
[2010/03/13 21:25:31 | 000,000,680 | ---- | M] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/03/27 00:31:20 | 000,001,642 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2010/03/26 14:24:50 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/26 14:24:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/26 14:24:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/26 14:24:50 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/26 14:24:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/26 14:23:20 | 003,903,606 | R--- | C] () -- C:\Users\Erik Tran\Desktop\Combo-Fix.exe
[2010/03/23 22:44:14 | 000,000,440 | -H-- | C] () -- C:\Users\Erik Tran\Desktop\U_SUN_setup.exe.bfi
[2010/03/23 22:43:24 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Soul of the Ultimate Nation.lnk
[2010/03/23 22:36:28 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/03/13 21:25:31 | 000,000,680 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\d3d9caps.dat
[2010/03/07 09:22:30 | 000,003,584 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 22:52:04 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdvcoin.dll
[2010/02/01 22:49:17 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdvrwrd.ini
[2010/02/01 22:49:05 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDVinst.dll
[2010/02/01 22:49:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdvgrd.dll
[2009/12/13 11:54:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/13 09:11:12 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/13 09:11:07 | 000,053,307 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\QSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\DSwitch.txt
[2009/12/13 09:08:08 | 000,000,000 | ---- | C] () -- C:\Users\Erik Tran\AppData\Local\AtStart.txt
[2009/12/13 06:25:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/12/13 06:25:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/12/13 06:24:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/12/13 06:24:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/12/13 06:22:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/12/13 06:22:00 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/25 17:10:11 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/25 17:03:58 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/25 17:01:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/25 17:00:34 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/08 16:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/07/15 23:49:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdvvs.dll
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/06 13:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdvdrs.dll
[2007/08/10 12:49:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdvcaps.dll
[2007/07/16 10:53:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdvcnv4.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/12/13 09:57:44 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\acccore
[2010/01/13 00:05:36 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Datarescue
[2010/01/03 10:12:37 | 000,000,000 | -H-D | M] -- C:\Users\Erik Tran\AppData\Roaming\ijjigame
[2010/02/01 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Lexmark Productivity Studio
[2010/02/01 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Mael
[2010/03/21 20:24:25 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\ManyCam
[2010/03/18 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\MySQL
[2010/02/03 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Nexon
[2010/03/17 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\nHancer
[2010/03/04 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\Subversion
[2010/01/23 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\SystemRequirementsLab
[2010/01/19 22:43:08 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\TeamViewer
[2010/03/07 09:28:10 | 000,000,000 | ---D | M] -- C:\Users\Erik Tran\AppData\Roaming\VSO
[2010/03/27 09:50:06 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D06A4C76
< End of report >

Attached File  virusinfo_syscheck.zip   18.06KB   335 downloads
Attached File  virusinfo_syscure.zip   18.94KB   319 downloads
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP