Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

.Hydra and .Exebind virus!

Started by 2812818 , Oct 24 2011 06:23 AM

  • This topic is locked This topic is locked
3 replies to this topic

#1 2812818

2812818

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 24 October 2011 - 06:23 AM

Hi there.
For the past few months, my Norton 360 5.0 had been telling me that the removal of these viruses have failed.
1. Hacktool.Hydra (pw-inspector.exe)
2. Hacktool.Hydra (hydra.exe)
3. Trojan.Dropper (joiner.exe)
4. Hacktool.Exebind (joiner.exe)
5. Hacktool.Exebind (sfx.dat)
6. Adware (airodump-ng.exe)


Even when i start it using safemode, i'm still unable to remove the viruses. Please help me on this. I do a lot of online banking and I'm afraid that my private informations may leak out.

These are the scans from OTL
________________________________________________________________________________
___________________________________________________

OTL logfile created on: 24/10/2011 8:11:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Victor\Downloads\Programs
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.16% Memory free
8.00 Gb Paging File | 5.94 Gb Available in Paging File | 74.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 6.37 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive D: | 106.67 Gb Total Space | 0.60 Gb Free Space | 0.57% Space Free | Partition Type: NTFS

Computer Name: ON | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Victor\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results)
PRC - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Yes\Connect\GCTWiMaxServiceD.exe (GCT Semiconductor, Inc.)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Users\Victor\Desktop\Desktop important files\Games\Warcraft 3 (Battlenet).folder\Warcraft 3 (Battlenet)\Warcraft 3\war3.exe (Blizzard Entertainment)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor60.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Users\Victor\Desktop\Desktop important files\Games\Warcraft 3 (Battlenet).folder\Warcraft 3 (Battlenet)\Warcraft 3\mss32.dll ()
MOD - C:\Users\Victor\Desktop\Desktop important files\Games\Warcraft 3 (Battlenet).folder\Warcraft 3 (Battlenet)\Warcraft 3\redist\miles\Mp3dec.asi ()
MOD - C:\Users\Victor\Desktop\Desktop important files\Games\Warcraft 3 (Battlenet).folder\Warcraft 3 (Battlenet)\Warcraft 3\redist\miles\Msseax2.m3d ()
MOD - C:\Users\Victor\Desktop\Desktop important files\Games\Warcraft 3 (Battlenet).folder\Warcraft 3 (Battlenet)\Warcraft 3\redist\miles\Mssdolby.m3d ()
MOD - C:\Users\Victor\Desktop\Desktop important files\Games\Warcraft 3 (Battlenet).folder\Warcraft 3 (Battlenet)\Warcraft 3\redist\miles\Mssfast.m3d ()
MOD - C:\Users\Victor\Desktop\Desktop important files\Games\Warcraft 3 (Battlenet).folder\Warcraft 3 (Battlenet)\Warcraft 3\redist\miles\Reverb3.flt ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (GCTWiMaxServiceD) -- C:\Program Files (x86)\Yes\Connect\GCTWiMaxServiceD.exe (GCT Semiconductor, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (GdmUWm) -- C:\Windows\SysNative\drivers\gdmuwm.sys (GCT Semiconductor, Inc.)
DRV:64bit: - (GdmWmPrt) -- C:\Windows\SysNative\drivers\gdmwmprt.sys (GCT Semiconductor, Inc.)
DRV:64bit: - (GDMINIT) -- C:\Windows\SysNative\drivers\gdminit.sys (GCT Semiconductor)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (msloop) -- C:\Windows\SysNative\drivers\loop.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Mkd3kfNt) -- C:\Windows\SysNative\drivers\mkd3kfnt.sys (AhnLab, Inc.)
DRV:64bit: - (Mkd2Nadr) -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys (AhnLab, Inc.)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111014.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111023.005\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111023.005\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111021.030\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Mkd2Nadr) -- C:\Windows\SysWOW64\drivers\Mkd2Nadr.sys (AhnLab, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-my
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD 69 32 CB A9 26 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.6
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..keyword.URL: "http://startsear.ch/...r.ch/?aff=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Victor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Victor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Victor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/10/05 09:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_2_3 [2011/10/24 19:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/26 11:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/09 15:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 21:13:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Victor\AppData\Roaming\IDM\idmmzcc3 [2011/09/22 01:50:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Victor\AppData\Roaming\IDM\idmmzcc3 [2011/09/22 01:50:01 | 000,000,000 | ---D | M]

[2011/06/09 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\Extensions
[2011/10/03 18:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\68rj7rey.default\extensions
[2011/10/15 14:05:18 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\68rj7rey.default\extensions\toolbar@ask.com
[2011/05/17 19:23:12 | 000,003,295 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\68rj7rey.default\searchplugins\search-results.xml
[2011/07/12 02:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\68rj7rey.default\searchplugins\startsear.xml
[2011/08/23 10:30:14 | 000,000,950 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\68rj7rey.default\searchplugins\yahoo.xml
[2011/10/03 18:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/12 17:46:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/03 18:45:34 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011/10/24 19:44:30 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_2_3
[2011/10/05 09:39:44 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2011/09/03 14:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/09 19:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011/09/03 07:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========


O1 HOSTS File: ([2011/10/01 17:06:42 | 000,000,927 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2:64bit: - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LaunchYTLCM] C:\Program Files (x86)\Yes\Connect\Connect.exe (YTL Communications)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Victor\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Norton Download Manager{N360S_prod_1.19_4.1.0.32}] C:\Users\Public\Downloads\Norton\{N360S_prod_1.19_4.1.0.32}\N360Downloader.exe /m File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.101.0.10 10.101.0.12 10.202.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DEC01D2-1DC3-4241-BB75-061F5EA8BE4E}: NameServer = 10.36.88.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{350387E7-B2A3-46AB-8023-670ABCBF0C16}: DhcpNameServer = 183.78.96.76 183.78.96.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E0C852C-AFD0-4E3F-9006-5524CAB189DB}: DhcpNameServer = 10.101.0.10 10.101.0.12 10.202.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAEB82D4-2B9C-445F-BC90-61A667B4EABD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5393c743-fe16-11e0-9c1f-002215a4800d}\Shell\AutoRun\command - "" = F:\install.bat
O33 - MountPoints2\{5393c743-fe16-11e0-9c1f-002215a4800d}\Shell\COMMUNICATOR\command - "" = F:\install.bat
O33 - MountPoints2\{6d0af5ca-9262-11e0-bfba-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0af5ca-9262-11e0-bfba-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{6d0af5ca-9262-11e0-bfba-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{6d0af5ca-9262-11e0-bfba-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{deede4b2-96e0-11e0-98b1-002215a4800d}\Shell - "" = AutoRun
O33 - MountPoints2\{deede4b2-96e0-11e0-98b1-002215a4800d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 16:55:28 | 000,000,000 | ---D | C] -- C:\temp
[2011/10/24 16:53:33 | 000,111,104 | ---- | C] (GCT Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\gdmuwm.sys
[2011/10/24 16:53:33 | 000,032,768 | ---- | C] (GCT Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\gdmwmprt.sys
[2011/10/24 16:53:33 | 000,032,768 | ---- | C] (GCT Semiconductor) -- C:\Windows\SysNative\drivers\gdminit.sys
[2011/10/24 16:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YES
[2011/10/24 16:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yes
[2011/10/24 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Yes
[2011/10/23 00:27:35 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{691D77CC-F00E-47A0-A2EE-7B7B62D61B35}
[2011/10/23 00:27:23 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{B0A3B72C-5EC2-46E0-90D7-B4C791041F36}
[2011/10/20 22:46:01 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\Facebook
[2011/10/18 20:43:41 | 000,000,000 | ---D | C] -- C:\Users\Victor\Desktop\hand on pass year
[2011/10/17 10:46:10 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{8CD352D5-CD77-423F-8F49-C60DE862D302}
[2011/10/17 10:45:55 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{59C2021C-4D85-4BF5-B3FD-17F619F3646E}
[2011/10/17 10:41:39 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\7 Sticky Notes
[2011/10/17 10:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7 Sticky Notes
[2011/10/17 10:41:02 | 001,351,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2011/10/17 10:41:02 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2011/10/17 10:41:02 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dao360.dll
[2011/10/17 10:41:02 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx
[2011/10/17 10:41:02 | 000,198,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MCI32.OCX
[2011/10/17 10:41:02 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.ocx
[2011/10/17 10:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7 Sticky Notes
[2011/10/16 13:57:55 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Rovio
[2011/10/15 03:01:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/15 03:01:17 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/15 03:01:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/15 03:01:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/15 03:01:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/15 03:01:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/10/15 03:01:10 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/15 03:01:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/15 03:01:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/10/15 03:01:09 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/10/15 03:01:09 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/10/15 03:01:09 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/10/15 03:01:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/10/15 03:01:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/10/15 03:00:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/10/14 14:24:03 | 000,000,000 | ---D | C] -- C:\Users\Victor\Documents\OneNote Notebooks
[2011/10/14 12:31:06 | 000,000,000 | ---D | C] -- C:\Users\Victor\Desktop\Analog
[2011/10/14 12:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoPlay
[2011/10/13 20:58:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 20:58:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 20:58:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 20:58:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 20:58:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/10/13 20:58:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/10/13 20:58:22 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/10/13 20:58:22 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/10/13 20:58:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/13 20:58:22 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/13 20:57:16 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/13 20:57:16 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/13 20:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2011/10/10 01:20:23 | 000,000,000 | ---D | C] -- C:\Recovered Files
[2011/10/10 01:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftLogica
[2011/10/10 01:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftLogica
[2011/10/08 15:57:03 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{1B70BCC8-1B98-4995-B1F7-672450595176}
[2011/10/08 15:56:51 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{D62ED545-C566-4859-ABCC-766A20F0F0C2}
[2011/10/06 20:22:58 | 000,000,000 | ---D | C] -- C:\Users\Victor\Desktop\jay chou lyrics
[2011/10/03 22:50:07 | 000,034,288 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/10/03 18:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/10/03 18:45:38 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011/10/03 18:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2011/10/03 18:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2011/10/02 10:47:58 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{B9515923-0383-45B4-A400-FDAC0DB35740}
[2011/10/02 10:47:44 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{8F7A60FE-49E7-4ABC-8EF9-1D02226A20E0}
[2011/10/01 17:43:08 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{297C819C-4BF2-4671-B441-AD0B1AAD0617}
[2011/10/01 17:42:55 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Local\{91F7BF45-97DA-43BC-BEF6-FA896065727D}
[2011/10/01 17:06:43 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2011/10/01 17:06:43 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll
[2011/04/26 21:13:58 | 005,073,240 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vcredist_x86.exe
[2011/03/17 02:21:22 | 000,068,608 | ---- | C] ( http://w3l.info.tm) -- C:\Program Files (x86)\w3lh.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/24 19:52:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1411131432-3712026648-2751386654-1001UA.job
[2011/10/24 19:51:19 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1411131432-3712026648-2751386654-1001UA.job
[2011/10/24 19:46:40 | 000,009,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 19:46:40 | 000,009,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 19:44:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 19:43:49 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 18:28:35 | 009,549,683 | ---- | M] () -- C:\Users\Victor\Desktop\videoplayback_13.FLV
[2011/10/24 16:55:32 | 000,002,001 | ---- | M] () -- C:\Users\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\4G Network Manager.lnk
[2011/10/24 16:55:31 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\4G Network Manager.lnk
[2011/10/24 16:55:19 | 001,658,374 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/10/24 15:48:48 | 000,092,129 | ---- | M] () -- C:\Users\Victor\Desktop\virus.PNG
[2011/10/24 11:52:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1411131432-3712026648-2751386654-1001Core.job
[2011/10/23 22:51:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1411131432-3712026648-2751386654-1001Core.job
[2011/10/23 00:45:34 | 000,051,270 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\room_v3.dat
[2011/10/19 20:57:13 | 000,720,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/19 20:57:13 | 000,623,784 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/19 20:57:13 | 000,109,736 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/17 10:41:04 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\7 Sticky Notes.lnk
[2011/10/17 00:28:09 | 000,045,666 | ---- | M] () -- C:\Users\Victor\Desktop\Paul_receiving_special_offering_small.jpg
[2011/10/14 14:39:29 | 000,025,794 | ---- | M] () -- C:\Users\Victor\Desktop\298127_176977069050145_120114058069780_370549_938865010_n.jpg
[2011/10/14 14:24:02 | 000,001,310 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/14 12:04:44 | 000,549,168 | ---- | M] () -- C:\Program Files (x86)\Uninstall.exe
[2011/10/14 12:04:44 | 000,003,455 | ---- | M] () -- C:\Program Files (x86)\Uninstall.ini
[2011/10/14 11:35:52 | 000,310,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/05 11:40:10 | 000,002,284 | ---- | M] () -- C:\Users\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/04 21:24:35 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/10/03 22:50:04 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/03 22:50:04 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/03 22:50:04 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/03 21:46:03 | 000,000,600 | ---- | M] () -- C:\Users\Victor\PUTTY.RND
[2011/10/01 17:06:50 | 000,002,048 | ---- | M] () -- C:\Windows\SysWow64\winver.exe
[2011/10/01 17:06:47 | 000,410,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2011/10/01 17:06:45 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll
[2011/10/01 17:06:43 | 000,113,543 | ---- | M] () -- C:\Windows\SysWow64\slmgr.vbs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/24 18:21:53 | 009,549,683 | ---- | C] () -- C:\Users\Victor\Desktop\videoplayback_13.FLV
[2011/10/24 16:55:32 | 000,002,001 | ---- | C] () -- C:\Users\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\4G Network Manager.lnk
[2011/10/24 16:55:31 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\4G Network Manager.lnk
[2011/10/24 15:48:48 | 000,092,129 | ---- | C] () -- C:\Users\Victor\Desktop\virus.PNG
[2011/10/20 22:46:12 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1411131432-3712026648-2751386654-1001UA.job
[2011/10/20 22:46:12 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1411131432-3712026648-2751386654-1001Core.job
[2011/10/17 10:41:04 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\7 Sticky Notes.lnk
[2011/10/17 10:41:03 | 001,031,168 | ---- | C] () -- C:\Windows\SysWow64\ExLVwU.ocx
[2011/10/17 10:41:02 | 000,802,816 | ---- | C] () -- C:\Windows\SysWow64\EditCtlsU.ocx
[2011/10/17 10:41:02 | 000,604,672 | ---- | C] () -- C:\Windows\SysWow64\ExTVwU.ocx
[2011/10/17 00:28:08 | 000,045,666 | ---- | C] () -- C:\Users\Victor\Desktop\Paul_receiving_special_offering_small.jpg
[2011/10/14 14:39:28 | 000,025,794 | ---- | C] () -- C:\Users\Victor\Desktop\298127_176977069050145_120114058069780_370549_938865010_n.jpg
[2011/10/14 14:24:02 | 000,001,310 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/14 12:04:44 | 000,003,455 | ---- | C] () -- C:\Program Files (x86)\Uninstall.ini
[2011/10/01 17:06:43 | 000,113,543 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2011/10/01 17:06:43 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2011/09/22 03:13:16 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/09/15 11:48:04 | 000,729,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/03 01:47:16 | 000,549,168 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe
[2011/07/03 01:44:04 | 006,452,224 | ---- | C] () -- C:\Program Files (x86)\JuzLoader GUI.exe
[2011/07/01 02:10:48 | 000,140,800 | ---- | C] () -- C:\Program Files (x86)\juzloader.exe
[2011/06/30 21:32:10 | 000,002,700 | ---- | C] () -- C:\Program Files (x86)\juzdotabnet.reg
[2011/06/30 19:24:04 | 000,000,090 | ---- | C] () -- C:\Program Files (x86)\config.cfg
[2011/06/14 10:13:47 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/06/12 11:06:53 | 000,051,270 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\room_v3.dat
[2011/03/02 21:37:18 | 000,325,968 | ---- | C] () -- C:\Program Files (x86)\lua5.1.dll
[2011/03/02 21:37:16 | 000,011,264 | ---- | C] () -- C:\Program Files (x86)\lua51.dll
[2010/04/05 10:58:38 | 000,035,564 | ---- | C] () -- C:\Program Files (x86)\started.wav
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/18 02:14:37 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\7 Sticky Notes
[2011/10/24 18:46:00 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\DMCache
[2011/09/01 18:42:49 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Free Download Manager
[2011/10/23 22:09:53 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\IDM
[2011/09/22 03:14:17 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Leawo
[2011/10/16 13:57:55 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Rovio
[2011/06/11 18:45:22 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Tific
[2011/09/14 18:32:31 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Wireshark
[2011/10/24 16:52:36 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Yes
[2011/10/23 22:51:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1411131432-3712026648-2751386654-1001Core.job
[2011/10/24 19:51:19 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1411131432-3712026648-2751386654-1001UA.job
[2011/10/03 17:29:16 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/09/15 11:48:16 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/14 09:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/06/10 06:30:57 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/10/24 19:43:49 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 19:44:02 | 4294,037,504 | -HS- | M] () -- C:\pagefile.sys
[2011/09/14 18:32:40 | 000,000,077 | ---- | M] () -- C:\wepkeys.txt
[2011/10/24 16:55:30 | 000,001,079 | ---- | M] () -- C:\ytlDriverInstaller.log

< %systemroot%\Fonts\*.com >
[2009/07/14 13:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 13:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 13:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 13:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 04:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/06/30 19:24:04 | 000,000,090 | ---- | M] () -- C:\Program Files (x86)\config.cfg
[2009/07/14 12:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2011/06/30 21:32:10 | 000,002,700 | ---- | M] () -- C:\Program Files (x86)\juzdotabnet.reg
[2011/07/03 01:44:04 | 006,452,224 | ---- | M] () -- C:\Program Files (x86)\JuzLoader GUI.exe
[2011/07/01 02:10:48 | 000,140,800 | ---- | M] () -- C:\Program Files (x86)\juzloader.exe
[2011/07/03 01:37:08 | 000,000,021 | ---- | M] () -- C:\Program Files (x86)\local_version.txt
[2011/06/30 04:22:56 | 000,032,038 | ---- | M] () -- C:\Program Files (x86)\logo.ico
[2011/03/02 21:37:18 | 000,325,968 | ---- | M] () -- C:\Program Files (x86)\lua5.1.dll
[2011/03/02 21:37:16 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\lua51.dll
[2010/04/05 10:58:38 | 000,035,564 | ---- | M] () -- C:\Program Files (x86)\started.wav
[2011/10/14 12:04:44 | 000,549,168 | ---- | M] () -- C:\Program Files (x86)\Uninstall.exe
[2011/10/14 12:04:44 | 000,003,455 | ---- | M] () -- C:\Program Files (x86)\Uninstall.ini
[2011/04/26 21:13:58 | 005,073,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\vcredist_x86.exe
[2011/03/17 02:21:22 | 000,068,608 | ---- | M] ( http://w3l.info.tm) -- C:\Program Files (x86)\w3lh.dll

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/09 21:33:13 | 000,000,221 | -HS- | M] () -- C:\Users\Victor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/08/22 10:47:17 | 000,793,823 | ---- | M] () -- C:\Users\Victor\Desktop\GarenaRoomJoiner_v220.exe
[2009/03/20 14:27:42 | 000,302,182 | ---- | M] () -- C:\Users\Victor\Desktop\Namespoofer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
________________________________________________________________________________
__________________________________________________
OTL Extras logfile created on: 24/10/2011 8:11:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Victor\Downloads\Programs
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.16% Memory free
8.00 Gb Paging File | 5.94 Gb Available in Paging File | 74.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 6.37 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive D: | 106.67 Gb Total Space | 0.60 Gb Free Space | 0.57% Space Free | Partition Type: NTFS

Computer Name: ON | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0699889D-F7F8-48BE-8C2E-694599E72F0D}" = 4G Network Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.4
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1" = 7 Sticky Notes
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C5A9382C-C87E-4A98-80FB-988F3D71FCEB}_is1" = Leawo 3GP Converter version 4.1.0.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AhnLab Online Security" = AhnLab Online Security
"Free Download Manager_is1" = Free Download Manager 3.0
"Garena" = Garena
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.09
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Intense Ragnarok Online Enchanted Reality" = Intense Ragnarok Online Enchanted Reality
"Intense RO Full v5" = Intense RO Full v5
"Internet Download Manager" = Internet Download Manager
"JuzDotA Full 2.0" = JuzDotA Full 2.0
"JuzLoader 2.00" = JuzLoader 2.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Basic)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"N360" = Norton 360
"RealPlayer 12.0" = RealPlayer
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/10/2011 4:40:58 AM | Computer Name = on | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 23/10/2011 4:40:58 AM | Computer Name = on | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 23/10/2011 9:56:43 AM | Computer Name = on | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 1.0.1.0, time stamp:
0x4a6cbcf0 Faulting module name: vlc.exe, version: 1.0.1.0, time stamp: 0x4a6cbcf0
Exception
code: 0xc0000005 Fault offset: 0x00001746 Faulting process id: 0x183c Faulting application
start time: 0x01cc918b706c71c5 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: d687ad3d-fd7e-11e0-9bcb-002215a4800d

Error - 23/10/2011 10:55:33 PM | Computer Name = on | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 24/10/2011 3:08:53 AM | Computer Name = on | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 24/10/2011 3:08:56 AM | Computer Name = on | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 24/10/2011 4:01:47 AM | Computer Name = on | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 24/10/2011 4:01:49 AM | Computer Name = on | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 24/10/2011 7:49:37 AM | Computer Name = on | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 24/10/2011 7:49:37 AM | Computer Name = on | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

[ OSession Events ]
Error - 11/10/2011 6:20:18 AM | Computer Name = on | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2915
seconds with 1980 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/10/2011 3:03:39 PM | Computer Name = on | Source = NetBT | ID = 4300
Description = The driver could not be created.

Error - 4/10/2011 3:03:39 PM | Computer Name = on | Source = NetBT | ID = 4300
Description = The driver could not be created.

Error - 4/10/2011 9:39:17 PM | Computer Name = on | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/10/2011 9:40:00 PM | Computer Name = on | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Live ID Sign-in Assistant service to connect.

Error - 4/10/2011 9:40:00 PM | Computer Name = on | Source = Service Control Manager | ID = 7000
Description = The Windows Live ID Sign-in Assistant service failed to start due
to the following error: %%1053

Error - 4/10/2011 9:40:58 PM | Computer Name = on | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/10/2011 9:40:58 PM | Computer Name = on | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/10/2011 9:41:31 PM | Computer Name = on | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/10/2011 9:41:31 PM | Computer Name = on | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 4/10/2011 9:53:27 PM | Computer Name = on | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
Server 2008 R2 for x64-based Systems (KB2539636).


< End of report >

    Advertisements

Register to Remove

#2 NoodleTech

NoodleTech

    Malware Eradicator

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,380 posts

Posted 29 October 2011 - 10:32 AM

Hi,

:welcome:

My name is NoodleTech. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Do not delete anything unless instructed to.
  • DO NOT use tools such as ComboFix without supervision.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clean.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Note to Vista and Windows 7 users:
  • These tools MUST be run from the executable. (.exe) every time you run them
  • These tools MUST be run With Admin Rights (Right click, choose "Run as Administrator")
===================================================

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments,  attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scrolling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan

Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply.

===================================================

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

===================================================

In your next reply, please post the following:
  • DDS log
  • GMER log
  • aswMBR log

Posted Image
Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#3 NoodleTech

NoodleTech

    Malware Eradicator

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,380 posts

Posted 08 November 2011 - 01:33 PM

Do you still need help?
Posted Image
Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#4 NoodleTech

NoodleTech

    Malware Eradicator

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,380 posts

Posted 11 November 2011 - 06:35 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Posted Image
Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·