Alueron and Crypt Virus [INACTIVE]

(2 Pages)
1
2
→

You cannot start a new topic
This topic is locked

Alueron and Crypt Virus [INACTIVE]

#1 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 03 December 2010 - 09:16 PM

Hello everyone. I had a problem with my Messenger sending random links to diffrent people on my contactlist aswell as myself. So i scanned with Avast with showed 2 Alueron viruses and 2 crypt viruses. I also tried Malware- anti-malware that showed none. So i need some help removing this virus. I scanned with hijackthis and got this log. Getting your help on this issue would make me grateful. Thanks again.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:39:55, on 2010-12-03
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Spotify\spotify.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superstart.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live inloggningshjlpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.syste...yri_4.3.1.0.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-tjnst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9548 bytes

Back to top of the page up there ^
MultiQuote
Reply

#2 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 04 December 2010 - 10:08 PM

Hi tempo.. :welcome:

Did you notice the start of the problem coinciding with any particular event?
ie. I notice you use uTorrent, while the program itself is perfectly legitimate, there is no guarantee that what you download is not infected etc..

MBR Rootkit Detector

Download mbr.exe by GMER and save it to your desktop
Right-click mbr.exe and select Run as administrator to run the tool
You will see the flash of a window, and then a log mbr.log will be located on your desktop
Please post the contents of this log in your next reply

Thanks
Fred..

Back to top of the page up there ^
MultiQuote
Reply

#3 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 05 December 2010 - 01:44 AM

Fred Flintstone, on 04 December 2010 - 11:08 PM, said:

Hi tempo.. :welcome:

Download mbr.exe by GMER and save it to your desktop
Right-click mbr.exe and select Run as administrator to run the tool
You will see the flash of a window, and then a log mbr.log will be located on your desktop
Please post the contents of this log in your next reply

Thanks
Fred..

Hello Fred. I know that torrents might be infected but i pick my torrents carefully. I think that i got my viruses from openning a mail infected with the viruses. Some kind of fishing mail. Follwing was the log from MBR.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

Back to top of the page up there ^
MultiQuote
Reply

#4 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 05 December 2010 - 12:30 PM

Hi tempo,
Are you logged in as administrator on this machine?

Lets run ComboFix and what it turns up...

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
If you need help to disable your protection programs see here.
Right-click on ComboFix.exe and select Run as administrator then follow the prompts.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

If you need help, see this link:
http://www.bleepingc...to-use-combofix

Thanks
Fred..

Back to top of the page up there ^
MultiQuote
Reply

#5 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 05 December 2010 - 01:24 PM

Fred Flintstone, on 05 December 2010 - 01:30 PM, said:

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
If you need help to disable your protection programs see here.
Right-click on ComboFix.exe and select Run as administrator then follow the prompts.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

If you need help, see this link:
http://www.bleepingc...to-use-combofix

Thanks
Fred..

Hello again. When combofix is finished searching it says Error Win32 "Incompatible OS. Combofix only works for workstations with windows 2000 and XP"
Avast told me the viruses was in Win32 somewhere i dont know if that helps.

Thanks again.

This post has been edited by tempo: 05 December 2010 - 01:43 PM

Back to top of the page up there ^
MultiQuote
Reply

#6 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 05 December 2010 - 09:34 PM

Hi tempo..

Is this a 64 bit machine??

Download OTL by Old Timer and save it to your Desktop.

Right click on OTL.exe And select Run as administrator to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.

OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

Please post the contents of these 2 Notepad files in your next reply.

thanks
Fred..

Back to top of the page up there ^
MultiQuote
Reply

#7 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 05 December 2010 - 10:39 PM

Fred Flintstone, on 05 December 2010 - 10:34 PM, said:

OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

Please post the contents of these 2 Notepad files in your next reply.

thanks
Fred..

Hello. No it isent a 64 bit. I got Windows Ultimate 86 bit. And same error when i use the OTL program.

Back to top of the page up there ^
MultiQuote
Reply

#8 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 05 December 2010 - 11:06 PM

Hi tempo..

Odd that MBAM and HJT ran ok but the others don't!
Can you confirm that you are actually logged on to an account with administrator rights?

Try right clicking on OTL and rename to something random.. tempo.exe or similar.
Then right click and select Run as Administrator and see if that works.

Thanks
Fred

PS: When replying, click on the Add Reply button at the bottom.. saves quoting all my previous post inside your reply..

This post has been edited by Fred Flintstone: 05 December 2010 - 11:07 PM

Back to top of the page up there ^
MultiQuote
Reply

#9 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 06 December 2010 - 12:40 AM

Hello fred. Worked when i renamed OTL. the logs were following, OTL.txt, extras.txt. I also confirmed that i was logged in as a administrator.

OTL logfile created on: 2010-12-06 01:33:44 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Leonard\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 28,69 Gb Free Space | 12,32% Space Free | Partition Type: NTFS

Computer Name: LEONARD-PC | User Name: Leonard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Leonard\Desktop\tempo.exe.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

========== Modules (SafeList) ==========

MOD - C:\Users\Leonard\Desktop\tempo.exe.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DigiNet) -- C:\Windows\SysNative\drivers\diginet.sys (Digidesign, A Division of Avid Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.superstart.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED C7 5C DB 5E 49 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6483

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-29 13:30:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-29 13:30:57 | 000,000,000 | ---D | M]

[2010-10-01 09:34:18 | 000,000,000 | ---D | M] -- C:\Users\Leonard\AppData\Roaming\Mozilla\Extensions
[2010-10-01 09:34:18 | 000,000,000 | ---D | M] -- C:\Users\Leonard\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010-09-01 21:18:55 | 000,000,000 | ---D | M] -- C:\Users\Leonard\AppData\Roaming\Mozilla\Firefox\Profiles\cwt9y6wi.default\extensions
[2010-11-06 21:54:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-11-06 21:54:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-09-24 16:54:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-10-01 12:08:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-07-23 01:48:26 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2010-07-23 01:48:26 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2010-07-23 01:48:26 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2010-07-23 01:48:26 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2010-07-23 01:48:26 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.54.122.199 195.54.122.204
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-09 15:34:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{de2f3aaf-b667-11df-8c89-002618b598be}\Shell - "" = AutoRun
O33 - MountPoints2\{de2f3aaf-b667-11df-8c89-002618b598be}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell\AutoRun\command - "" = F:\blank.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-12-06 01:31:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Leonard\Desktop\tempo.exe.exe
[2010-12-05 14:20:47 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010-12-04 20:06:46 | 000,000,000 | ---D | C] -- C:\Users\Leonard\Desktop\wiz khalifa
[2010-12-04 19:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-12-04 19:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2010-12-04 18:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-12-04 01:28:05 | 000,000,000 | ---D | C] -- C:\Users\Leonard\AppData\Local\LogMeIn Hamachi
[2010-12-04 01:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2010-12-03 17:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthis
[2010-12-03 17:01:06 | 000,000,000 | ---D | C] -- C:\Users\Leonard\AppData\Roaming\Malwarebytes
[2010-12-03 17:00:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-12-03 17:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-12-03 17:00:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-12-03 17:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-11-26 01:03:58 | 000,000,000 | ---D | C] -- C:\Users\Leonard\Desktop\New folder
[2010-11-14 18:43:42 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010-11-14 18:43:42 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010-11-14 18:43:42 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010-11-14 18:43:42 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010-11-14 18:43:41 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010-11-14 18:43:41 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010-11-14 18:43:36 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010-11-14 18:43:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010-11-14 18:43:35 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010-11-14 18:43:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010-11-14 18:43:35 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010-11-14 18:43:35 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010-11-14 18:43:34 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010-11-14 18:43:34 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010-11-14 18:43:31 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010-11-14 18:43:31 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010-11-14 18:43:31 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010-11-14 18:43:31 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010-11-14 18:43:30 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010-11-14 18:43:30 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010-11-14 18:43:29 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010-11-14 18:43:29 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010-11-14 18:43:29 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010-11-14 18:43:29 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010-11-14 18:43:29 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010-11-14 18:43:29 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010-11-14 18:43:28 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010-11-14 18:43:28 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010-11-14 18:43:27 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010-11-14 18:43:27 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010-11-14 18:43:27 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010-11-14 18:43:27 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010-11-14 18:43:25 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010-11-14 18:43:25 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010-11-14 18:43:22 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010-11-14 18:43:22 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010-11-14 18:43:22 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010-11-14 18:43:22 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010-11-14 18:43:22 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010-11-14 18:43:22 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010-11-14 18:43:22 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010-11-14 18:43:22 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010-11-14 18:43:21 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010-11-14 18:43:21 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010-11-14 18:43:21 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010-11-14 18:43:21 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010-11-14 18:43:21 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010-11-14 18:43:21 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010-11-14 18:43:19 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010-11-14 18:43:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010-11-14 18:43:19 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010-11-14 18:43:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010-11-14 18:43:17 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010-11-14 18:43:17 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010-11-14 18:43:16 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010-11-14 18:43:16 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010-11-14 18:43:16 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010-11-14 18:43:16 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010-11-14 18:43:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010-11-14 18:43:15 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010-11-14 18:43:15 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010-11-14 18:43:15 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010-11-14 18:43:14 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010-11-14 18:43:14 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010-11-14 18:43:14 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010-11-14 18:43:14 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010-11-14 18:43:10 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010-11-14 18:43:10 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010-11-14 18:43:09 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010-11-14 18:43:09 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010-11-14 18:43:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010-11-14 18:43:09 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010-11-14 18:43:09 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010-11-14 18:43:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010-11-14 18:43:07 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010-11-14 18:43:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010-11-14 18:43:07 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010-11-14 18:43:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010-11-14 18:43:06 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010-11-14 18:43:06 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010-11-14 18:43:05 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010-11-14 18:43:05 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010-11-14 18:43:04 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010-11-14 18:43:04 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010-11-14 18:43:04 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010-11-14 18:43:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010-11-14 18:43:02 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010-11-14 18:43:02 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010-11-14 18:43:01 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010-11-14 18:43:01 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010-11-14 18:43:00 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010-11-14 18:43:00 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010-11-14 18:42:59 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010-11-14 18:42:59 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010-11-14 18:42:56 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010-11-14 18:42:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010-11-14 18:42:55 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010-11-14 18:42:55 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010-11-14 18:42:55 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010-11-14 18:42:55 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010-11-14 18:42:54 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010-11-14 18:42:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010-11-14 18:42:54 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010-11-14 18:42:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010-11-14 18:42:52 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010-11-14 18:42:52 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010-11-14 18:42:51 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010-11-14 18:42:51 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010-11-14 18:42:50 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010-11-14 18:42:50 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010-11-14 18:42:49 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010-11-14 18:42:49 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010-11-14 18:42:49 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010-11-14 18:42:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010-11-14 18:42:46 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010-11-14 18:42:46 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010-11-14 18:42:45 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010-11-14 18:42:45 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010-11-14 18:42:44 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010-11-14 18:42:44 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010-11-14 18:42:44 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010-11-14 18:42:44 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010-11-14 18:42:41 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010-11-14 18:42:41 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010-11-14 18:42:40 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010-11-14 18:42:40 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010-11-14 18:42:40 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010-11-14 18:42:40 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010-11-14 18:42:39 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010-11-14 18:42:39 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010-11-14 18:42:38 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010-11-14 18:42:38 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010-11-14 18:42:37 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010-11-14 18:42:37 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010-11-14 18:42:36 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010-11-14 18:42:36 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010-11-14 18:42:35 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010-11-14 18:42:35 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010-11-14 18:42:34 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010-11-14 18:42:34 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010-11-14 18:42:21 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010-11-14 18:42:21 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010-11-14 18:42:20 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010-11-14 18:42:20 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010-11-14 18:42:20 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010-11-14 18:42:20 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010-11-14 18:42:18 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010-11-14 18:42:18 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010-11-14 18:42:14 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010-11-14 18:42:14 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010-11-14 18:42:11 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010-11-14 18:42:11 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010-11-14 18:42:07 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010-11-14 18:42:07 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010-11-14 18:42:04 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010-11-14 18:42:04 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010-11-14 18:42:02 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010-11-14 18:42:02 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010-11-12 15:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-11-10 16:38:04 | 000,000,000 | ---D | C] -- C:\Users\Leonard\Desktop\MUSIC
[2010-11-09 00:50:50 | 000,000,000 | ---D | C] -- C:\Users\Leonard\Desktop\Kano - Blowing Up Road (DatPiff.com)
[2010-11-09 00:50:47 | 000,000,000 | ---D | C] -- C:\Users\Leonard\Desktop\Skepta Wiley Frisco Maniac Joker Durrty Goodz (DatPiff.com)
[2010-11-07 23:11:54 | 000,000,000 | ---D | C] -- C:\Users\Leonard\Desktop\Roll Deep - Rules & Regulations (2007) - Rap By FEFE2003
[2010-11-06 23:12:29 | 000,000,000 | ---D | C] -- C:\Users\Leonard\Desktop\Young Buck - Back On My Buck [bleep] Vol 2 Change Of (DatPiff.com)
[2010-11-06 23:04:13 | 000,000,000 | ---D | C] -- C:\Users\Leonard\Desktop\Kano - Beats Bars (DatPiff.com)
[2010-11-06 21:55:55 | 000,000,000 | ---D | C] -- C:\Users\Leonard\AppData\Roaming\skypePM
[2010-11-06 21:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010-11-06 21:53:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010-11-06 21:53:17 | 000,000,000 | ---D | C] -- C:\Users\Leonard\AppData\Roaming\Skype
[2010-11-06 21:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-12-06 01:31:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Leonard\Desktop\tempo.exe.exe
[2010-12-05 14:13:51 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-12-05 14:13:51 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-12-05 14:06:09 | 000,289,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-12-05 14:06:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-12-05 14:05:46 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2010-12-05 02:41:40 | 000,089,088 | ---- | M] () -- C:\Users\Leonard\Desktop\mbr.exe
[2010-12-04 19:02:11 | 001,035,816 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010-12-03 17:00:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-12-03 16:23:20 | 000,005,226 | ---- | M] () -- C:\Users\Leonard\Documents\cc_20101203_162249.reg
[2010-12-01 17:16:57 | 000,000,607 | ---- | M] () -- C:\Users\Leonard\Desktop\New Rich Text document.rtf
[2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-11-29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-11-18 19:56:25 | 004,319,430 | ---- | M] () -- C:\Users\Leonard\Desktop\DJ_Drama_and_Lil_Wayne_-_Gettin_Some_Head_Feat_Pharrell.mp3
[2010-11-17 23:17:14 | 000,029,412 | ---- | M] () -- C:\Users\Leonard\Desktop\Geografi_sammanfattning.odt
[2010-11-14 18:40:30 | 000,026,303 | ---- | M] () -- C:\Users\Leonard\Documents\naturuppdrag.odt
[2010-11-12 15:38:59 | 000,031,876 | ---- | M] () -- C:\Users\Leonard\Documents\cc_20101112_153844.reg
[2010-11-07 12:46:16 | 000,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-11-07 12:46:16 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-11-07 12:46:16 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-11-06 21:55:58 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-12-05 02:41:35 | 000,089,088 | ---- | C] () -- C:\Users\Leonard\Desktop\mbr.exe
[2010-12-04 19:02:09 | 001,035,816 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010-12-03 17:00:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-12-03 16:22:51 | 000,005,226 | ---- | C] () -- C:\Users\Leonard\Documents\cc_20101203_162249.reg
[2010-11-21 01:14:08 | 000,000,607 | ---- | C] () -- C:\Users\Leonard\Desktop\New Rich Text document.rtf
[2010-11-18 19:56:19 | 004,319,430 | ---- | C] () -- C:\Users\Leonard\Desktop\DJ_Drama_and_Lil_Wayne_-_Gettin_Some_Head_Feat_Pharrell.mp3
[2010-11-17 23:16:54 | 000,029,412 | ---- | C] () -- C:\Users\Leonard\Desktop\Geografi_sammanfattning.odt
[2010-11-14 13:41:50 | 000,026,303 | ---- | C] () -- C:\Users\Leonard\Documents\naturuppdrag.odt
[2010-11-12 15:38:47 | 000,031,876 | ---- | C] () -- C:\Users\Leonard\Documents\cc_20101112_153844.reg
[2010-11-06 21:55:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-10-27 14:35:00 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010-09-29 21:26:48 | 000,734,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-04-02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-04-03 13:26:48 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1232 bytes -> C:\Users\Leonard\AppData\Local\XrIZvLAK08jEWIm:RIQp5S7bcYyMcVa6pXon7
@Alternate Data Stream - 1186 bytes -> C:\Users\Leonard\AppData\Local\Temp:Njs2wyAb1F3zgCd97J41xHZQzq
@Alternate Data Stream - 1133 bytes -> C:\Users\Leonard\AppData\Local\Temp:kQrVT81jx6OCVzjrnSTMGTvN
@Alternate Data Stream - 1109 bytes -> C:\ProgramData\Microsoft:iuFhM1De1DDobORlhFD
@Alternate Data Stream - 1086 bytes -> C:\Program Files (x86)\Common Files\System:PvI2vEn8Tuke5EwuO
@Alternate Data Stream - 1061 bytes -> C:\ProgramData\Microsoft:HrBIQjdhIKBZNq2Rzz5

< End of report >

Extras.txt

OTL Extras logfile created on: 2010-12-06 01:33:44 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Leonard\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 28,69 Gb Free Space | 12,32% Space Free | Partition Type: NTFS

Computer Name: LEONARD-PC | User Name: Leonard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"CCleaner" = CCleaner
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A5DAE9E-DD2A-40D1-9AEB-06F31133A9DE}" = OpenOffice.org 3.2
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision®
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D71329D-95A5-4297-8F79-DCDBD156420A}" = Windows Live Essentials
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Free DigiRack Plug-Ins 8.0
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F13225E2-6533-4923-A657-083A151E667E}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Fallout New Vegas_is1" = Fallout New Vegas
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"hon" = Heroes of Newerth
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity™
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Spotify" = Spotify
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"VLC media player" = VLC media player 1.1.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-11-23 06:25:45 | Computer Name = Leonard-PC | Source = Bonjour Service | ID = 100
Description = 272: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 2010-11-23 06:25:45 | Computer Name = Leonard-PC | Source = Bonjour Service | ID = 100
Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 2010-11-24 14:05:22 | Computer Name = Leonard-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2010-11-26 10:52:12 | Computer Name = Leonard-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ff4 Start
Time: 01cb8d7341c6e4bb Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: bdf03259-f96c-11df-b18b-002618b598be

Error - 2010-11-28 13:29:42 | Computer Name = Leonard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iw4mp.exe, version: 0.0.0.0, time stamp:
0x4c119a5c Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x0002e23e Faulting process id:
0xddc Faulting application start time: 0x01cb8f2051ec52f8 Faulting application path:
c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 14fb89b8-fb15-11df-a470-002618b598be

Error - 2010-11-28 13:35:47 | Computer Name = Leonard-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e08 Start
Time: 01cb8f1ecafd72bb Termination Time: 3470 Application Path: C:\Program Files
(x86)\Internet Explorer\iexplore.exe Report Id: 6a181238-fb14-11df-a470-002618b598be

Error - 2010-11-28 16:49:33 | Computer Name = Leonard-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2010-11-30 07:08:41 | Computer Name = Leonard-PC | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 14.0.8117.416, time
stamp: 0x4bc935af Faulting module name: UXCore.dll, version: 14.0.8117.416, time
stamp: 0x4bc91115 Exception code: 0xc0000005 Fault offset: 0x00066d57 Faulting process
id: 0xaa0 Faulting application start time: 0x01cb907e15712d1f Faulting application
path: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Faulting module
path: C:\Program Files (x86)\Windows Live\Messenger\UXCore.dll Report Id: 2fabc1aa-fc72-11df-ad56-002618b598be

Error - 2010-12-03 20:25:12 | Computer Name = Leonard-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Leonard\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\Y8CHWMO5\SoftonicDownloader_for_hamachi[1].exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 2010-12-04 09:23:37 | Computer Name = Leonard-PC | Source = Application Hang | ID = 1002
Description = The program msnmsgr.exe version 14.0.8117.416 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: abc Start
Time: 01cb93b4b40cdd4d Termination Time: 2028 Application Path: C:\Program Files
(x86)\Windows Live\Messenger\msnmsgr.exe Report Id: ac825a12-ffa9-11df-bab1-002618b598be

[ System Events ]
Error - 2010-12-04 09:10:17 | Computer Name = Leonard-PC | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 2010-12-04 21:41:30 | Computer Name = Leonard-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Leonard\AppData\Local\Temp\mbr.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2010-12-04 21:41:49 | Computer Name = Leonard-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Leonard\AppData\Local\Temp\mbr.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2010-12-04 21:41:49 | Computer Name = Leonard-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Leonard\AppData\Local\Temp\mbr.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2010-12-04 21:41:55 | Computer Name = Leonard-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Leonard\AppData\Local\Temp\mbr.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2010-12-04 21:41:55 | Computer Name = Leonard-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Leonard\AppData\Local\Temp\mbr.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2010-12-04 21:42:25 | Computer Name = Leonard-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Leonard\AppData\Local\Temp\mbr.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2010-12-04 21:42:25 | Computer Name = Leonard-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Leonard\AppData\Local\Temp\mbr.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2010-12-05 09:05:46 | Computer Name = Leonard-PC | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 2010-12-05 09:06:29 | Computer Name = Leonard-PC | Source = Service Control Manager | ID = 7000
Description = The Digidesign MME Refresh Service service failed to start due to
the following error: %%2

< End of report >

Back to top of the page up there ^
MultiQuote
Reply

#10 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 06 December 2010 - 10:14 PM

Hi tempo,
Sorry for the delay, but it's been a bad time in work due to weather etc.. (work in transport / courier industry)... :exorcize:

Also, it appears from the log that you do indeed have a 64 bit system:

Quote

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Leonard\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)

Explains why Combofix wouldn't run.. incompatible with 64 bit !

64 bit is fairly new to me so I need to take extra care.

I need to go through the log very carefully as I have not used OTL extensively and will need to double check everything before posting a fix.

Please bear with me for a while..

Meantime:
There are a number of .reg files are in your documents folder, do you know what they are / why they are there??
I can't seem to find any information on them by name etc?

C:\Users\Leonard\Documents\cc_20101203_162249.reg
C:\Users\Leonard\Documents\cc_20101112_153844.reg

Thanks
Fred..

Back to top of the page up there ^
MultiQuote
Reply

#11 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 07 December 2010 - 10:07 AM

Hello again fred. No worries about the delay just glad to get any help i can get.

About the 2 reg. files in the documents folder i have no idea why they are there. If you know any explianitions for the reg. ending up there i might be able to remeber what got it there.

Thanks again for your help.

Back to top of the page up there ^
MultiQuote
Reply

#12 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 08 December 2010 - 09:27 PM

Hi tempo..

First..

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

Please download ERUNT...by Lars Hederer. Save it to your desktop.
Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
VISTA users must right-click erunt-setup-exe, select "Run As Administrator" to run the install process. Install by following prompts.
Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
VISTA users must right-click the desktop icon, select "Run As Administrator" or start it at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.
Click on OK ... then click on "YES" to create the folder.

Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.

Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
Vista users: Right-click on ERUNT in the menu, then select "Run As Administrator". If UAC prompts, please allow it.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
- System registry.
- Current user registry.
Next click on "OK"... at the prompt... reply "Yes".
After a short duration the Registry backup is complete! pop-up message will appear.
Now click on "OK". A registry backup has now been created.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

OTL Fix

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word Code


:processes

:otl
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{de2f3aaf-b667-11df-8c89-002618b598be}\Shell - "" = AutoRun
O33 - MountPoints2\{de2f3aaf-b667-11df-8c89-002618b598be}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell\AutoRun\command - "" = F:\blank.exe -- File not found

:services
SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found


:reg

:files

:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[CLEARALLRESTOREPOINTS
[REBOOT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Hold down Control then click on the following link to open a new window to ESET online scannner
Then click on:

Quote
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Please post back the logs..

Thanks
Fred..

Back to top of the page up there ^
MultiQuote
Reply

#13 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 09 December 2010 - 05:21 PM

Hello again Fred.

Onlinescanner log. ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

OTL log.

All processes killed
Error: Unable to interpret <:processes:otlIE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not foundO4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe File not foundO18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not foundO20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O33 - Mou> in the current context!
Error: Unable to interpret <ntPoints2\{de2f3aaf-b667-11df-8c89-002618b598be}\Shell - "" = AutoRunO33 - MountPoints2\{de2f3aaf-b667-11df-8c89-002618b598be}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not foundO33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell - "" = AutoRunO33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell\AutoRun\command - "" = F:\blank.exe -- File not found:servicesSRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not foundSRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found:reg:files:commands[PURITY][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][CLEARALLRESTOREPOINTS[REBOOT]> in the current context!

OTL by OldTimer - Version 3.2.17.3 log created on 12092010_170429

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Back to top of the page up there ^
MultiQuote
Reply

#14 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 09 December 2010 - 10:57 PM

Hi tempo..

The OTL script doesn't appear to have run properly, let's try it again.

OTL Fix

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox.

:otl
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{de2f3aaf-b667-11df-8c89-002618b598be}\Shell - "" = AutoRun
O33 - MountPoints2\{de2f3aaf-b667-11df-8c89-002618b598be}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell\AutoRun\command - "" = F:\blank.exe -- File not found
SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found


:reg

:files

:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[CLEARALLRESTOREPOINTS
[REBOOT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

The ESET log also seems to have been truncated somehow. Did the scan complete fully, or were there problems?

We should have had a log similar to below (run on my machine today)

Quote

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=230634f708ced24c96d0d736430aac71
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-09 09:38:40
# local_time=2010-12-09 09:38:40 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 5799082 5799082 0 0
# compatibility_mode=5892 16776573 100 100 222168 129461059 0 0
# compatibility_mode=8201 39157181 100 97 3633 10309515 0 0
# scanned=89905
# found=0
# cleaned=0
# scan_time=2367
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=230634f708ced24c96d0d736430aac71
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-09 10:37:39
# local_time=2010-12-09 10:37:39 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 5801560 5801560 0 0
# compatibility_mode=5892 16776573 100 100 224646 129463537 0 0
# compatibility_mode=8201 39157181 100 97 6111 10311993 0 0
# scanned=135327
# found=0
# cleaned=0
# scan_time=3423
# nod_component=V3 Build:0x30000000

As you can see, your log only contains the first 3 lines?

Log should be saved at: C:\Program Files\Eset Online Scanner\Log.txt
If the complete log is there, please re-post it.. if not could you run the scan again please.

Any problems encountered, please let me know.

Thanks
Fred..

Back to top of the page up there ^
MultiQuote
Reply

#15 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 10 December 2010 - 01:01 PM

Hello fred. The ESET log dident change i did a second scan. but it found no infected files it said atleast. OTL worked.

OTL log

All processes killed
Error: Unable to interpret <:otlIE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not foundO4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe File not foundO18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not foundO20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O33 - MountPoints2\> in the current context!
Error: Unable to interpret <{de2f3aaf-b667-11df-8c89-002618b598be}\Shell - "" = AutoRunO33 - MountPoints2\{de2f3aaf-b667-11df-8c89-002618b598be}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not foundO33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell - "" = AutoRunO33 - MountPoints2\{e9a3c561-bbf2-11df-8326-002618b598be}\Shell\AutoRun\command - "" = F:\blank.exe -- File not foundSRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not foundSRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found:reg:files:commands[PURITY][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][CLEARALLRESTOREPOINTS[REBOOT]> in the current context!

OTL by OldTimer - Version 3.2.17.3 log created on 12102010_120345

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Back to top of the page up there ^
MultiQuote
Reply

#16 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 10 December 2010 - 11:07 PM

Hi tempo..

Thanks for that.

Download Windows Malicious Software Removal Tool - 64 bit

Go to HERE. Save it to your desktop.

Right Click and select Run as Administrator..allow the prompts etc..

Once finished, there will be a link to "View detailed result of scan".
This will show a list of infections scanned for and whether any were found.
Please let me know the result.

Thanks
Fred..

This post has been edited by Fred Flintstone: 10 December 2010 - 11:08 PM

Back to top of the page up there ^
MultiQuote
Reply

#17 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 12 December 2010 - 09:20 PM

Hello fred. No infected viruses in this one neither. Even DOS/Alueron was not infected... if that says something.

MSN still sending out chinese links.

This post has been edited by tempo: 12 December 2010 - 09:21 PM

Back to top of the page up there ^
MultiQuote
Reply

#18 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 12 December 2010 - 11:31 PM

Hi tempo..

Have you changed your windows live password yet?...if not please do so now: LINK << here..

Also want to see if we can get a log from ComboFix, right click on ComboFix and rename it to something random like tempo.exe
Then run it as before..right click, run as administrator etc.. any problems let me know.

Thanks
Fred..

Back to top of the page up there ^
MultiQuote
Reply

#19 tempo

Garage rocker

Group: Members
Posts: 14
Joined: 03-December 10

Posted 20 December 2010 - 12:28 AM

Hello again fred. Sorry for the slow answer. I have already changed my password on MSN and i installed the new version of MSN i stopped getting links sent to me when i logged in.

As for combofix, i dont find any .txt after i have done the search. It even says the combofix file is corrupt after i downloaded it serveral times, but some of them scanned fully some dident but dident find a combofix.txt. It also says can't do search while avast is on when i have already switched it off.

This post has been edited by tempo: 20 December 2010 - 12:36 AM

Back to top of the page up there ^
MultiQuote
Reply

#20 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 20 December 2010 - 09:00 AM

Hi tempo,
No problem, glad the links have stopped.
Don't worry about running ComboFix, I had seen it used a couple of times on 64 bit and was hoping it might just produce a log.
Many of the tools we use don't play nicely with 64 bit versions at present so it's a bit "hit & miss"!!
Changing your online password seems to have sorted the problem out and it's worth remembering to change it on a regular basis!

Just to be sure, please do a scan with Trend Micro House Call, go HERE.. <<< Make sure you select the 64 bit version.
If that comes up clear, I would say you are ok now..

Thanks
Fred..

Back to top of the page up there ^
MultiQuote
Reply

(2 Pages)
1
2
→

You cannot start a new topic
This topic is locked

Log'N'Rock: Alueron and Crypt Virus [INACTIVE] - Log'N'Rock

Alueron and Crypt Virus [INACTIVE]

#1 tempo

#2 Fred Flintstone

#3 tempo

#4 Fred Flintstone

#5 tempo

#6 Fred Flintstone

#7 tempo

#8 Fred Flintstone

#9 tempo

#10 Fred Flintstone

#11 tempo

#12 Fred Flintstone

#13 tempo

#14 Fred Flintstone

#15 tempo

#16 Fred Flintstone

#17 tempo

#18 Fred Flintstone

#19 tempo

#20 Fred Flintstone

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

Log'N'Rock: Alueron and Crypt Virus [INACTIVE] - Log'N'Rock

Alueron and Crypt Virus [INACTIVE]

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users