After noticing some weird things with my pc lately iam scared that i got a trojan or even key logger.

Some things
When i do "shift + 6" instead of getting one ^ I get two ^^.

When I go to task manager i see a very weird process running:
It says 38z78FF.exe *32 at the moment and the description behind it says systray .exe stub. When I restart my pc the name of this process is different the next day!

Edit: I just shutted it down and now it came back as 38z76C9.exe *32 , same description -->


So i googled ths, when i search the .exe i find nothing but when i searched systray .exe stub i found a german forum where a guy had the same problem. I cant understand it all but it says he is also scared it is a keylogger and he has the SAME problem with the sign ^^
(Source: http://www.trojaner-board.de/99206-s...keylogger.html)

I also scanned my PC whole pc with Mcafee Entreprese 8.8 and it had 0 detections.....


Am I doomed and do I need to re-install my windows 7 or is this just a normal thing.... =-[






----------------------
Just read the stickies...

Gonna make the logs now.

Rebooted first then closed all windows and ran OTL like tated.

When I ran OTL the name of the process was am08E88.exe this time....

--------- OTL ----------


OTL logfile created on: 31-5-2011 18:12:47 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eric\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,40% Memory free
8,00 Gb Paging File | 6,80 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 93,53 Gb Free Space | 47,91% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 570,37 Gb Free Space | 77,47% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 722,33 Gb Free Space | 77,54% Space Free | Partition Type: NTFS

Computer Name: PINGUSMACHINE | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-05-31 18:09:48 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Eric\AppData\Local\Temp\amO8E88.exe
PRC - [2011-05-31 18:07:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011-01-12 20:52:12 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011-01-12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011-01-12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011-01-12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2011-01-12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2011-01-12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2011-01-12 14:10:08 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010-12-23 19:33:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-12-07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- d:\spellen\Poker\TeamViewer\Version6\TeamViewer_Se rvice.exe
PRC - [2010-07-04 20:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010-01-22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009-09-08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009-09-08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe


========== Modules (SafeList) ==========

MOD - [2011-05-31 18:07:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-04-22 18:59:46 | 000,156,248 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011-04-22 18:59:43 | 000,190,256 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011-01-27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-05-14 10:46:02 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-01-12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011-01-12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010-12-28 18:55:21 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Eric\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010-12-23 19:33:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-12-07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- d:\spellen\Poker\TeamViewer\Version6\TeamViewer_Se rvice.exe -- (TeamViewer6)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-09-08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-04-22 18:59:46 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011-04-22 18:59:45 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011-04-22 18:59:45 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011-04-22 18:59:44 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011-04-22 18:59:44 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-01-27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-01-27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-11-30 15:28:12 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-11-17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010-04-27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010-04-27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010-04-27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010-03-04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-02-18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010-01-22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-01-22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009-08-13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 D6 E2 2D 5E 1F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.nl/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-30 14:48:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-05-13 20:24:01 | 000,000,000 | ---D | M]

[2010-11-30 15:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2010-11-30 15:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Prof iles\mh53hpfw.default\extensions
[2010-12-02 21:33:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-12-02 21:33:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-12-02 21:33:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-03 15:05:46 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2011-03-03 15:05:46 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2011-03-03 15:05:46 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\vandale-nl.xml
[2011-03-03 15:05:46 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2011-03-03 15:05:46 | 000,001,106 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110422190056.dl l (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110422190057.dl l (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (Iggptulsy Cyojgq)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-11-05 13:19:36 | 000,000,052 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

========== Files/Folders - Created Within 30 Days ==========

[2011-05-31 18:07:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011-05-31 18:03:29 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\tdsskiller.exe
[2011-05-31 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BE673D5C-12A3-43F5-A37E-3F719F6E1D70}
[2011-05-30 14:53:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1169CE5E-7DA4-4FBB-B184-7E5398B34D6D}
[2011-05-29 11:07:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B7A5BDC1-D12B-45F1-96B2-CFF832B55FD5}
[2011-05-28 23:06:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0CA95843-5098-4072-A546-CDD5BADA4E33}
[2011-05-28 10:01:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DE8BCFE9-7093-4207-85A0-406B84A2E42A}
[2011-05-27 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\NPS
[2011-05-27 16:54:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{19D489C3-8E7D-4582-A403-D25673BFE915}
[2011-05-26 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4D5736C6-7192-41B4-801A-354E0AC3376B}
[2011-05-25 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{90FC1D79-03E8-4820-A230-7F2AA249D2DA}
[2011-05-25 09:12:50 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011-05-25 09:09:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{72DC0611-DD79-4C47-91DA-A1F128AA985B}
[2011-05-24 13:54:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{21C210AA-7945-4B6F-BB91-6C8E99F9ACB5}
[2011-05-23 20:57:31 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AFE80141-684F-489B-97AD-7B06580892B0}
[2011-05-23 08:57:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F85CAACE-3A4F-4253-85E9-F1F5BAFB458C}
[2011-05-22 11:08:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2EB25294-0FEB-41AE-B930-E83C5BF99DFE}
[2011-05-21 22:58:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{429CC2F2-F8DB-4D2B-9711-CFD7D508E87B}
[2011-05-21 10:13:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9B4BFBDE-C6B2-42A1-B10F-C610487DDC92}
[2011-05-20 17:53:35 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4CEEB5AE-A774-4B4F-8A68-56DCFC98B474}
[2011-05-19 12:55:49 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011-05-19 12:55:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011-05-19 11:10:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{90076388-1B85-47FC-9A5F-56137938B4A3}
[2011-05-18 10:26:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{17884C69-42F3-4488-9F7F-87D70D20B33A}
[2011-05-17 20:46:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{62018F9C-52C2-4DA4-9AB5-4F88E72A9B89}
[2011-05-17 08:46:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E8FCFAC0-7A29-400F-8162-EA100CC0B108}
[2011-05-16 16:36:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Punagoalreplayer
[2011-05-16 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{026BEBAE-DADC-4655-A1FA-D70BBA85CAD2}
[2011-05-15 10:52:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\Outlook Files
[2011-05-15 10:08:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B2B38C8B-EC84-4819-B15B-524FBC013207}
[2011-05-14 17:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metastorm ProVision 6.2 SR2
[2011-05-14 17:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metastorm
[2011-05-14 17:10:43 | 000,000,000 | ---D | C] -- C:\Deletennaprovision
[2011-05-14 17:09:41 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011-05-14 17:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2011-05-14 14:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011-05-14 14:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011-05-14 14:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011-05-14 14:38:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011-05-14 14:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011-05-14 14:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011-05-14 14:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011-05-14 09:29:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{EAADACC6-7B3B-4795-B8F8-9EE16A1C37A9}
[2011-05-13 20:50:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\New music
[2011-05-13 17:53:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{13839B98-1C1C-46F1-92CB-3C914EAFBFBF}
[2011-05-12 13:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011-05-12 10:35:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D3FEB88D-AC67-4B78-8381-F6C84A313692}
[2011-05-11 20:38:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BF9E1A82-B3FF-4C6A-8975-D03055775B79}
[2011-05-11 13:26:04 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011-05-11 13:26:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011-05-11 13:26:03 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011-05-11 13:26:00 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011-05-11 13:25:59 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011-05-11 08:37:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D4429B65-E792-4391-A89E-D0534A2C334E}
[2011-05-10 07:53:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{752F83CF-8772-43C0-8F09-FA27AE599869}
[2011-05-09 17:20:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F663A967-8503-4A60-B02E-FE08D9AB49F3}
[2011-05-08 11:15:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7DF84322-BEB8-40DF-B883-87AB8300310A}
[2011-05-07 23:15:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{079C5FAF-1F25-4F5F-A435-AFC65049DF03}
[2011-05-07 10:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011-05-07 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{07C9B128-D098-4ECA-BA73-32D9567D43A6}
[2011-05-06 16:20:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8B8AEED9-4AB2-4A23-ADAB-8777FC9A67D8}
[2011-05-05 17:51:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{45E5DD48-5A0B-4D1E-93EC-68A5748CF58F}
[2011-05-04 10:11:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{29A95F3D-656B-4B58-B0DE-DA620CD2095D}
[2011-05-03 17:46:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9432986F-71B8-41BC-8A20-BACC4EB8D187}
[2011-05-02 11:26:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9436EE24-CA13-4F57-B35E-1EDCC9E0BBE6}
[2011-05-01 23:15:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AC684BA5-FF0E-4CB3-9D9A-B7D2FDF6728B}

========== Files - Modified Within 30 Days ==========

[2011-05-31 18:09:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-05-31 18:09:22 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-31 18:07:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011-05-31 18:03:35 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\tdsskiller.exe
[2011-05-31 17:09:36 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-05-31 17:09:36 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-05-28 17:42:32 | 000,001,647 | ---- | M] () -- C:\Users\Eric\Documents\T4EPlayer.conf
[2011-05-28 11:30:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011-05-28 11:30:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-05-28 10:15:47 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011-05-27 16:59:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-05-27 16:59:46 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-05-27 16:59:46 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-05-23 10:30:53 | 000,000,034 | ---- | M] () -- C:\Users\Eric\jagex_runescape_preferences.dat
[2011-05-23 10:30:19 | 000,000,129 | ---- | M] () -- C:\Users\Eric\jagex_runescape_preferences2.dat
[2011-05-20 20:55:54 | 005,734,829 | ---- | M] () -- C:\Users\Eric\Desktop\song.wmv
[2011-05-15 17:45:38 | 000,000,959 | ---- | M] () -- C:\Users\Eric\Desktop\Enterprise and Information Modeling - Shortcut.lnk
[2011-05-15 15:12:25 | 000,001,128 | ---- | M] () -- C:\Users\Eric\Documents\Documents - Shortcut.lnk
[2011-05-15 10:52:46 | 000,001,135 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011-05-15 10:07:41 | 000,417,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-05-14 17:10:53 | 000,000,134 | ---- | M] () -- C:\Windows\ODBC.INI
[2011-05-14 17:10:51 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\Metastorm ProVision 6.2 SR2.lnk
[2011-05-13 18:39:52 | 000,003,013 | ---- | M] () -- C:\Users\Eric\Desktop\TableNinja.lnk

========== Files Created - No Company Name ==========

[2011-05-20 20:54:03 | 005,734,829 | ---- | C] () -- C:\Users\Eric\Desktop\song.wmv
[2011-05-15 17:45:38 | 000,000,959 | ---- | C] () -- C:\Users\Eric\Desktop\Enterprise and Information Modeling - Shortcut.lnk
[2011-05-15 15:12:25 | 000,001,128 | ---- | C] () -- C:\Users\Eric\Documents\Documents - Shortcut.lnk
[2011-05-15 10:52:46 | 000,001,135 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011-05-14 17:10:53 | 000,000,134 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-05-14 17:10:51 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\Metastorm ProVision 6.2 SR2.lnk
[2011-05-12 13:37:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-01-28 12:02:29 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\cutemon2k.dll
[2011-01-28 12:02:29 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\UnCutePP.exe
[2010-12-28 18:48:02 | 000,059,309 | ---- | C] () -- C:\Program Files (x86)\EULA.nl
[2010-12-23 19:30:06 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-12-23 19:30:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010-12-23 19:30:04 | 000,835,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010-12-21 22:50:12 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010-12-21 22:01:30 | 000,000,045 | ---- | C] () -- C:\Users\Eric\AppData\Local\machpro.dat
[2010-12-21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-12-18 22:38:55 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010-12-18 22:38:55 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010-11-30 14:55:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008-04-22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008-04-22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008-04-22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys >
[2007-10-25 18:26:10 | 000,005,632 | ---- | M] () -- C:\Windows\SysWOW64\drivers\StarOpen.sys
[2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys
[2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drivers\wimmount.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2011-05-31 18:09:22 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-31 18:09:24 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys
[2011-05-14 14:15:00 | 000,000,454 | ---- | M] () -- C:\PINGUSMACHINE_20110514141500_ScrubLog.txt
[2011-05-31 18:07:06 | 000,065,642 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_31.05.2011_18.05.41_log.txt

< %PROGRAMFILES%\*. >
[2011-05-12 13:37:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011-03-25 19:00:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2011-01-25 20:09:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011-03-06 12:58:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Stream
[2011-01-06 23:42:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010-12-21 16:55:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BRS
[2011-05-14 17:09:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Business Objects
[2011-05-14 14:38:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010-11-30 15:28:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011-01-25 19:33:43 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011-04-14 17:37:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010-12-02 21:33:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011-01-25 19:33:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2010-11-30 15:00:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2011-05-14 17:10:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Metastorm
[2011-05-14 14:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011-05-07 10:05:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011-05-14 14:38:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011-04-22 12:58:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011-05-14 14:38:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011-05-14 14:38:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011-05-14 14:38:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011-04-30 14:48:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011-01-27 14:00:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010-11-30 14:49:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NEC Electronics
[2010-12-18 20:38:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
[2010-12-21 21:42:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PostgreSQL
[2010-12-21 21:45:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PSQLINSTALL
[2010-11-30 14:48:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011-01-25 19:34:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2010-11-30 14:47:55 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009-07-14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011-01-21 14:39:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010-12-20 15:02:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vstplugins
[2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010-12-19 12:36:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010-12-16 22:06:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010-11-30 15:32:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009-07-14 07:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010-12-18 22:44:01 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry


< MD5 for: ATAPI.SYS >
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\ms hdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35 _6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc2 4107935a7e25\explorer.exe
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87 e574ddfe652d\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe 430bc7ce3761\explorer.exe
[2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce 9756e0b786a4\explorer.exe
[2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819 b343c7ba6202\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816 eb59c7bb4020\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa7 9dc39081d0ba\explorer.exe
[2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b033 3b22a99da332\explorer.exe
[2009-08-03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84 b558ac4eb41c\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc 4815c4e292b5\explorer.exe
[2009-10-31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc5 08f19359a007\explorer.exe
[2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d9 5faae0af7617\explorer.exe
[2009-10-31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46 d6aeac7ca7c7\explorer.exe
[2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853 c407c78e3ba9\explorer.exe
[2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada9 98b9936d7566\explorer.exe
[2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b 8100e0dd69c2\explorer.exe
[2011-02-26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79 ed04ac56c4a9\explorer.exe
[2009-08-03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff 19b5932d79ae\explorer.exe

< MD5 for: USERINIT.EXE >
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff 103933038d7c\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381d abbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7 f2bdeea2829c\winlogon.exe
[2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc52 2fd507b468f8\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe5 34e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

-----------Extras

OTL Extras logfile created on: 31-5-2011 18:12:47 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eric\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,40% Memory free
8,00 Gb Paging File | 6,80 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 93,53 Gb Free Space | 47,91% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 570,37 Gb Free Space | 77,47% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 722,33 Gb Free Space | 77,54% Space Free | Partition Type: NTFS

Computer Name: PINGUSMACHINE | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
"{90120000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B361F88B-D513-9D45-E7F2-871B61C46D32}" = WMV9/VC-1 Video Playback
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B99C4306-3016-4CD8-BF57-5E3385EFDA97}" = Metastorm ProVision 6.2 SR2
"{C3224F3D-3192-40BE-BD24-8183C757B091}" = GPRO Organiser
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP2
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F04899F8-1882-4EF5-BA2C-5B65E41E456A}" = vGO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FB1AA04A-97A8-4928-A51E-8F41841E7861}" = TableNinja
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Fraps" = Fraps (remove only)
"HoldemManager" = Holdem Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PopTools_is1" = PopTools
"PostgreSQL 8.4" = PostgreSQL 8.4
"PunkBusterSvc" = PunkBuster Services
"ST6UNST #1" = PS - Power and Sample Size Calculation
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12140" = Max Payne
"Steam App 12150" = Max Payne 2: The Fall of Max Payne
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 12840" = DiRT 2
"Steam App 22600" = Worms Reloaded
"Steam App 240" = Counter-Strike: Source
"Steam App 2990" = FlatOut 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 400" = Portal
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 44310" = F1 2010â„¢
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 7200" = TrackMania United
"Steam App 9930" = Test Drive Unlimited 2
"T4EPlayer" = T4E Player
"TeamViewer 6" = TeamViewer 6
"Turbo Sliders" = Turbo Sliders (remove only)
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27-5-2011 14:56:28 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 27-5-2011 14:58:42 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll ".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll "
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 28-5-2011 9:04:21 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 28-5-2011 12:13:24 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 28-5-2011 12:15:26 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll ".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll "
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 29-5-2011 11:54:09 | Computer Name = PingusMachine | Source = Application Error | ID = 1000
Description = Faulting application name: T4EPlayer.exe, version: 1.3.0.1, time stamp:
0x4d74afa6 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
0x1204 Faulting application start time: 0x01cc1ded65299b06 Faulting application path:
D:\spellen\T4E Player\T4EPlayer.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: e35c5af9-8a0b-11e0-9546-0025226fd863

Error - 30-5-2011 15:11:59 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 30-5-2011 15:14:04 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll ".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll "
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 31-5-2011 3:08:48 | Computer Name = PingusMachine | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 8.0.7600.16766 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 820 Start
Time: 01cc1f5e2c749b6a Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: cfffe918-8b54-11e0-806a-0025226fd863

Error - 31-5-2011 11:20:55 | Computer Name = PingusMachine | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_Microsoft Setup Bootstrapper,
version: 14.0.4755.1000, time stamp: 0x4b989df1 Faulting module name: ole32.dll,
version: 6.1.7600.16624, time stamp: 0x4c297c56 Exception code: 0xc0000005 Fault
offset: 0x0002f367 Faulting process id: 0x153c Faulting application start time: 0x01cc1fa64f6b59ea
Faulting
application path: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office
Setup Controller\Setup.exe Faulting module path: C:\Windows\syswow64\ole32.dll Report
Id: 93b6b88c-8b99-11e0-99ef-0025226fd863

[ System Events ]
Error - 30-5-2011 13:47:15 | Computer Name = PingusMachine | Source = DCOM | ID = 10010
Description =

Error - 31-5-2011 2:44:56 | Computer Name = PingusMachine | Source = DCOM | ID = 10010
Description =

Error - 31-5-2011 11:12:44 | Computer Name = PingusMachine | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{1707C13D-E768-4DE8-A228-0D83F95B6099}
because another computer on the network has the same name. The server could not
start.


< End of report >

You definitely have something nasty. Quick googles for the "Systray.exe stub trojan" come up with results of people with a similar infection.

I would not trust having that computer on any sort of network (internet-connected or not), and I would begin changing passwords for any sites you may visit on that machine.

The best skill for a Windows user to have is the knowledge of how to low-level format and start over I suggest you do that ASAP.

I dont even know how long Iam infected really...... also changes passes woudnt make sense atm.. or i would need to change them on an other pc

Spend last few hours on copying important files to my Mybook.

Is there anything i need to think about when i put the windows 7 cd back into my pc and reboot and reinstall windows? Etc formatting EVERYTHING?


---

Also I really wonder how i got this, I always had the newest viruscanner with updates etc (one of the best advantages of going to uni :P, free licensed software!), always updated everything and never clicked things i did not trust.......... pffffft

Have been googling some more and the weird thing is, i only find GERMAN sources with this problem. So weird... also they are all dated from within this last week....

Don't really weigh on how long you've had the keylogger, weigh it based on the importance of the information stored on the accounts with which the passwords are protecting. For example, change passwords on anything related to banking even if you can't remember if you've logged in on to that account with that computer. Make sense? And yes, change those passwords on another computer or on the machine after you start fresh.

I'm not going to supply rant for "why your anti-virus/anti-malware/whatever software" didn't save you, just know that most bad software these days targets circumvention of those types of software. Windows 7 is a lot better out-of-the-box with regards to default security, but maybe look in to (see stickied post) running as a standard user all the time and only using admin accounts for installing/changing system-level items. Yes, it is very painful, but so is starting from scratch

But running programs like HEM and Tableninja always need admin? Isnt that a big hassle

If you right-click on any application's shortcut and go to Properties, click Advanced on the Shortcut tab. Here you can specify that program to exert admin privileges when it starts. If something runs as a service rather than an application, that is even easier to overcome.

McAfee, Symantec, AVG all claim that they are selling security suite software for PCs. They are merely illusions of security. Think of them as deadbolt locks. Someone with the proper knowledge will know how to circumvent it.

Personally, I feel more vulnerable by having one of the "big three" security suites. Personally, I'd recommend Microsoft's Security Essentials pack or ClamAV/ClamWin to any non-corporate PC user.

Moral of the story: If you have high value for the content that you store on your computer, you probably need to add more layers of security.

you don't need to format yet, and i would avoid using passwords rather than change them all, until it is fixed. the extent of my fixing knowledge is running malwarebytes but there are a few experts on this stuff around.

OP, don't reformat yet. Just wait for Gabe or someone with similar experience to read your thread. He'll be able to help.

In the meantime, though, don't use that machine for anything sensitive (particularly email, poker and banking). Use a different machine to change passwords on your most important accounts.

One thing he'll make sure you do is update Java - yours is out of date. Outdated environments and plugins are a potential vector of infection. Same goes for Adobe products. When your machine has been cleaned up, you might want to download something like Secunia PSI - it will tell you when software is out of date and help you find updates.

There are several good free antivirus packages out there. I use Avira; Microsoft Security Essentials is (perhaps surprisingly) another good choice.

Can you also have both, Microsoft Securiuty Essentials and Mcafee, I dont think so right?

And how would I know if that program is gone, my pc is really clean. I'am already leaning towards formatting my pc alot... since every source I found about this problem, the OP formatted his pc in the end...

I really dont like the feeling of not being sure if you have a virus or not but this is clearly one. And indeed maybe I should wait for someone with more knowledge, but if I'am going to make a clean start I better to it ASAP lol

With all due respect gtfo

• Please run OTL.exe again
• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

• Then click the Run Fix button at the top.
• Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
• If it asks to reboot the computer, allow it to reboot.
• If the program freezes, and the computer fails to reboot - let me know.
• Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:

• If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
• Click OK to either and let MBAM proceed with the disinfection process.
• If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

------I ran OTL with the quote you stated and clicked RUn fix, It asked for a reboot which went smootlhy, I just checked taskbar and the weird .exe file with the stated description is already gone? You are quite amazing sir, thanks, nice hand------


-----LOG FILES -------

All processes killed
========== FILES ==========
C:\Recycle.Bin\Recycle.Bin.exe moved successfully.
C:\Users\Eric\AppData\Local\{BE673D5C-12A3-43F5-A37E-3F719F6E1D70} folder moved successfully.
C:\Users\Eric\AppData\Local\{1169CE5E-7DA4-4FBB-B184-7E5398B34D6D} folder moved successfully.
C:\Users\Eric\AppData\Local\{B7A5BDC1-D12B-45F1-96B2-CFF832B55FD5} folder moved successfully.
C:\Users\Eric\AppData\Local\{0CA95843-5098-4072-A546-CDD5BADA4E33} folder moved successfully.
C:\Users\Eric\AppData\Local\{DE8BCFE9-7093-4207-85A0-406B84A2E42A} folder moved successfully.
C:\Users\Eric\AppData\Local\{19D489C3-8E7D-4582-A403-D25673BFE915} folder moved successfully.
C:\Users\Eric\AppData\Local\{4D5736C6-7192-41B4-801A-354E0AC3376B} folder moved successfully.
C:\Users\Eric\AppData\Local\{90FC1D79-03E8-4820-A230-7F2AA249D2DA} folder moved successfully.
C:\Users\Eric\AppData\Local\{72DC0611-DD79-4C47-91DA-A1F128AA985B} folder moved successfully.
C:\Users\Eric\AppData\Local\{21C210AA-7945-4B6F-BB91-6C8E99F9ACB5} folder moved successfully.
C:\Users\Eric\AppData\Local\{AFE80141-684F-489B-97AD-7B06580892B0} folder moved successfully.
C:\Users\Eric\AppData\Local\{F85CAACE-3A4F-4253-85E9-F1F5BAFB458C} folder moved successfully.
C:\Users\Eric\AppData\Local\{2EB25294-0FEB-41AE-B930-E83C5BF99DFE} folder moved successfully.
C:\Users\Eric\AppData\Local\{429CC2F2-F8DB-4D2B-9711-CFD7D508E87B} folder moved successfully.
C:\Users\Eric\AppData\Local\{9B4BFBDE-C6B2-42A1-B10F-C610487DDC92} folder moved successfully.
C:\Users\Eric\AppData\Local\{4CEEB5AE-A774-4B4F-8A68-56DCFC98B474} folder moved successfully.
C:\Users\Eric\AppData\Local\{90076388-1B85-47FC-9A5F-56137938B4A3} folder moved successfully.
C:\Users\Eric\AppData\Local\{17884C69-42F3-4488-9F7F-87D70D20B33A} folder moved successfully.
C:\Users\Eric\AppData\Local\{62018F9C-52C2-4DA4-9AB5-4F88E72A9B89} folder moved successfully.
C:\Users\Eric\AppData\Local\{E8FCFAC0-7A29-400F-8162-EA100CC0B108} folder moved successfully.
C:\Users\Eric\AppData\Local\{026BEBAE-DADC-4655-A1FA-D70BBA85CAD2} folder moved successfully.
C:\Users\Eric\AppData\Local\{B2B38C8B-EC84-4819-B15B-524FBC013207} folder moved successfully.
C:\Users\Eric\AppData\Local\{EAADACC6-7B3B-4795-B8F8-9EE16A1C37A9} folder moved successfully.
C:\Users\Eric\AppData\Local\{13839B98-1C1C-46F1-92CB-3C914EAFBFBF} folder moved successfully.
C:\Users\Eric\AppData\Local\{D3FEB88D-AC67-4B78-8381-F6C84A313692} folder moved successfully.
C:\Users\Eric\AppData\Local\{BF9E1A82-B3FF-4C6A-8975-D03055775B79} folder moved successfully.
C:\Users\Eric\AppData\Local\{D4429B65-E792-4391-A89E-D0534A2C334E} folder moved successfully.
C:\Users\Eric\AppData\Local\{752F83CF-8772-43C0-8F09-FA27AE599869} folder moved successfully.
C:\Users\Eric\AppData\Local\{F663A967-8503-4A60-B02E-FE08D9AB49F3} folder moved successfully.
C:\Users\Eric\AppData\Local\{7DF84322-BEB8-40DF-B883-87AB8300310A} folder moved successfully.
C:\Users\Eric\AppData\Local\{079C5FAF-1F25-4F5F-A435-AFC65049DF03} folder moved successfully.
C:\Users\Eric\AppData\Local\{07C9B128-D098-4ECA-BA73-32D9567D43A6} folder moved successfully.
C:\Users\Eric\AppData\Local\{8B8AEED9-4AB2-4A23-ADAB-8777FC9A67D8} folder moved successfully.
C:\Users\Eric\AppData\Local\{45E5DD48-5A0B-4D1E-93EC-68A5748CF58F} folder moved successfully.
C:\Users\Eric\AppData\Local\{29A95F3D-656B-4B58-B0DE-DA620CD2095D} folder moved successfully.
C:\Users\Eric\AppData\Local\{9432986F-71B8-41BC-8A20-BACC4EB8D187} folder moved successfully.
C:\Users\Eric\AppData\Local\{9436EE24-CA13-4F57-B35E-1EDCC9E0BBE6} folder moved successfully.
C:\Users\Eric\AppData\Local\{AC684BA5-FF0E-4CB3-9D9A-B7D2FDF6728B} folder moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\4E3E0230AEBB4E96 deleted successfully.
File C:\Recycle.Bin\Recycle.Bin.exe not found.
G:\autorun.inf moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 7695288 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eric
->Temp folder emptied: 288574 bytes
->Temporary Internet Files folder emptied: 81016296 bytes
->Java cache emptied: 14539977 bytes
->FireFox cache emptied: 48584160 bytes
->Flash cache emptied: 199205 bytes

User: postgres
->Temp folder emptied: 7693750 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33907024 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 82344 bytes

Total Files Cleaned = 185,00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06012011_090444

Files\Folders moved on Reboot...
C:\Users\Eric\AppData\Local\Temp\McAfeeLogs\Update rUI_PINGUSMACHINE.log moved successfully.
C:\Users\Eric\AppData\Local\Temp\McAfeeLogs\Update rUI_PINGUSMACHINE_error.log moved successfully.
C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFil e.txt moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\urlclassifier3.sqlite moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...





~Gonna run Malwarebytes now like you stated. Do you got any idea what this virus was? Amazing stuff going on here.

-----Malwarebytes log-----


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6741

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1-6-2011 9:14:30
mbam-log-2011-06-01 (09-14-30).txt

Scan type: Quick scan
Objects scanned: 172014
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.


Looks like its fixed, thanks alot man, if you google "systray .exe stub" people should find this thread instead of those other (german) forums, they all got pretty bad adivse compared to here and they all re-installed their pc in the end it looks like, while the fix is quick if you KNOW what to do (gabe his stuff...), I dont know how hard it is to know what you have to do though ....

That was easy

I saw a suspicious autorun.inf. It could a worm spreading by infected USB drives.
I suggest you immunize all your USB drives, including those in digital cameras, mp3/4 players and mobile phones.

====================

Please download Flash_Disinfector by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run the tool
• When requested, insert the USB flash disk(s) you want to to immunize/disinfect
• Hold down the Shift key when inserting the drive(s) until Windows detects the drive
• Click OK to start the disinfection process
• Repeat running Flash_Disinfector.exe for every flash drive you wish to immunize.
• Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that you choose to disinfect. Do not delete that folder!

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.

• Go to Start > Control Panel
• Double-click on Add or Remove Programs
• Look for entries that say Java, Java RunTime Environment or J2SE.
• Uninstall all of them that are not named Java (TM) 6 Update 25

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 25).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

• Double click aswMBR.exe to run the tool
• Click the Scan button to start the scan
• Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
• Once the scan finishes click Save log to save the log to your desktop
• Copy and paste the contents of this log (aswMBR.txt) into your next reply.

Does that mean I also got it the virus from some kinda USB device? Only USB devices I use are storage devices or my phone...

Can you also see by those logs or info what the virus did? I still need to change all my passwords right? BTW after reading all the stickies in here I'am still thinking to reinstall my pc lol, even after fixing the problem.

Thanks Gabe. I appreciate it alot =]

With all due respect, if someone had planted an unidentified virus or keylogger on your computer without you knowing it, you would feel comfortable running Malwarebytes and calling it a day? Maybe they hold you to high regard in this forum, but I think you'd probably be better saving your talents for the Geek Squad.

I'm sure it was...

I hope your problems don't return, pingu.

As Gabe said, the presence of a sketchy looking autorun.inf suggests that at some point you were compromised by a worm of that type. There are plenty around. However, I think that was only his initial reaction to your question. I'm fairly sure it wasn't a definitive "this is what you had and there was nothing else".

I don't think any of your logs are going to tell you any of the information you have in mind (e.g. whether any information was stolen, etc). Carry on following Gabe's instructions; once your computer is clean and everything's updated then change your passwords if you've not already done so from a known clean machine.

lol @ Geek Squad reference

Also, how often does someone "plant" a virus on your machine that you do know about? This is silly. Also also also also, OP isn't just running MBAM. There's a reason that Gabe is taking him through a number of different steps.

You must make a lot of money to be able to afford all those tin foil hats.

That is pretty silly. I wasn't trying to imply there would be a time you would know about it, rather that you don't know how it got there, how long it has been there and what information it may have gathered.

The behavior that OP was describing made it seem like this was more than ad-ware or just a nuisance.

I don't think I was giving bad (free) information, but maybe I was was missing the purpose of this forum which is for Gabe, the "Geek Squad Employee of the Year," to have a place to share his skills when he isn't out racing around in his black and white VW bug wearing his skinny tie and cop badge.

Government contracts do pay a large portion of my annual income.

I can be found at GeekPolice.net.
Feel free to join and run through GeekPolice Academy to learn what I did. It will take about 9-12 months, and you will give better advice than blurting "OMG REFORMAT"

FYI MBR infections survive a format.

Hello there, sorry for necroposting but after googling it it seems to me that this is still the only good thread about this thing that is not in German. Which is strange, anyway I'm having the same problem and after reading the thread I don't understand what exactly I'm supposed to do with OTL to begin with. If someone posted a step-by-step instruction it would be very appreciated. Thank you in advance.

What Gabe told me to do fixed everything ^^.

http://forumserver.twoplustwo.com/48...puter-1028333/

Please open a new thread with your problem and don´t continue here.