HELP, Do I have a trojan or keylogger
After noticing some weird things with my pc lately iam scared that i got a trojan or even key logger.
Some things When i do "shift + 6" instead of getting one ^ I get two ^^. When I go to task manager i see a very weird process running: It says 38z78FF.exe *32 at the moment and the description behind it says systray .exe stub. When I restart my pc the name of this process is different the next day! Edit: I just shutted it down and now it came back as 38z76C9.exe *32 , same description --> http://img577.imageshack.us/img577/3826/virusffffs.png So i googled ths, when i search the .exe i find nothing but when i searched systray .exe stub i found a german forum where a guy had the same problem. I cant understand it all but it says he is also scared it is a keylogger and he has the SAME problem with the sign ^^ (Source: http://www.trojaner-board.de/99206-s...keylogger.html) I also scanned my PC whole pc with Mcafee Entreprese 8.8 and it had 0 detections..... Am I doomed and do I need to re-install my windows 7 or is this just a normal thing.... =-[ ---------------------- Just read the stickies... Gonna make the logs now. |
Re: HELP, Do I have a trojan or keylogger
Rebooted first then closed all windows and ran OTL like tated.
When I ran OTL the name of the process was am08E88.exe this time.... --------- OTL ---------- OTL logfile created on: 31-5-2011 18:12:47 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eric\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,40% Memory free 8,00 Gb Paging File | 6,80 Gb Available in Paging File | 85,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 93,53 Gb Free Space | 47,91% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 570,37 Gb Free Space | 77,47% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 722,33 Gb Free Space | 77,54% Space Free | Partition Type: NTFS Computer Name: PINGUSMACHINE | User Name: Eric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011-05-31 18:09:48 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Eric\AppData\Local\Temp\amO8E88.exe PRC - [2011-05-31 18:07:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe PRC - [2011-01-12 20:52:12 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe PRC - [2011-01-12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2011-01-12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2011-01-12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2011-01-12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2011-01-12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe PRC - [2011-01-12 14:10:08 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2010-12-23 19:33:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010-12-07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- d:\spellen\Poker\TeamViewer\Version6\TeamViewer_Se rvice.exe PRC - [2010-07-04 20:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010-01-22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009-09-08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009-09-08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe ========== Modules (SafeList) ========== MOD - [2011-05-31 18:07:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011-04-22 18:59:46 | 000,156,248 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2011-04-22 18:59:43 | 000,190,256 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011-01-27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011-05-14 10:46:02 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-01-12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2011-01-12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2010-12-28 18:55:21 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Eric\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service) SRV - [2010-12-23 19:33:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010-12-07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- d:\spellen\Poker\TeamViewer\Version6\TeamViewer_Se rvice.exe -- (TeamViewer6) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-09-08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011-04-22 18:59:46 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2011-04-22 18:59:45 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2011-04-22 18:59:45 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2011-04-22 18:59:44 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2011-04-22 18:59:44 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-01-27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011-01-27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010-11-30 15:28:12 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010-11-17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010-04-27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010-04-27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010-04-27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010-03-04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010-02-18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010-01-22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010-01-22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009-08-13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 D6 E2 2D 5E 1F CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.nl/ig" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-30 14:48:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-05-13 20:24:01 | 000,000,000 | ---D | M] [2010-11-30 15:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions [2010-11-30 15:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Prof iles\mh53hpfw.default\extensions [2010-12-02 21:33:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010-12-02 21:33:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-02 21:33:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2011-03-03 15:05:46 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bolcom-nl.xml [2011-03-03 15:05:46 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\marktplaats-nl.xml [2011-03-03 15:05:46 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\vandale-nl.xml [2011-03-03 15:05:46 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-nl.xml [2011-03-03 15:05:46 | 000,001,106 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-nl.xml O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110422190056.dl l (McAfee, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110422190057.dl l (McAfee, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (Iggptulsy Cyojgq) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-05 13:19:36 | 000,000,052 | RHS- | M] () - G:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSe tup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) ========== Files/Folders - Created Within 30 Days ========== [2011-05-31 18:07:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2011-05-31 18:03:29 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\tdsskiller.exe [2011-05-31 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BE673D5C-12A3-43F5-A37E-3F719F6E1D70} [2011-05-30 14:53:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1169CE5E-7DA4-4FBB-B184-7E5398B34D6D} [2011-05-29 11:07:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B7A5BDC1-D12B-45F1-96B2-CFF832B55FD5} [2011-05-28 23:06:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0CA95843-5098-4072-A546-CDD5BADA4E33} [2011-05-28 10:01:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DE8BCFE9-7093-4207-85A0-406B84A2E42A} [2011-05-27 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\NPS [2011-05-27 16:54:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{19D489C3-8E7D-4582-A403-D25673BFE915} [2011-05-26 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4D5736C6-7192-41B4-801A-354E0AC3376B} [2011-05-25 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{90FC1D79-03E8-4820-A230-7F2AA249D2DA} [2011-05-25 09:12:50 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2011-05-25 09:09:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{72DC0611-DD79-4C47-91DA-A1F128AA985B} [2011-05-24 13:54:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{21C210AA-7945-4B6F-BB91-6C8E99F9ACB5} [2011-05-23 20:57:31 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AFE80141-684F-489B-97AD-7B06580892B0} [2011-05-23 08:57:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F85CAACE-3A4F-4253-85E9-F1F5BAFB458C} [2011-05-22 11:08:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2EB25294-0FEB-41AE-B930-E83C5BF99DFE} [2011-05-21 22:58:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{429CC2F2-F8DB-4D2B-9711-CFD7D508E87B} [2011-05-21 10:13:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9B4BFBDE-C6B2-42A1-B10F-C610487DDC92} [2011-05-20 17:53:35 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4CEEB5AE-A774-4B4F-8A68-56DCFC98B474} [2011-05-19 12:55:49 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011-05-19 12:55:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011-05-19 11:10:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{90076388-1B85-47FC-9A5F-56137938B4A3} [2011-05-18 10:26:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{17884C69-42F3-4488-9F7F-87D70D20B33A} [2011-05-17 20:46:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{62018F9C-52C2-4DA4-9AB5-4F88E72A9B89} [2011-05-17 08:46:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E8FCFAC0-7A29-400F-8162-EA100CC0B108} [2011-05-16 16:36:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Punagoalreplayer [2011-05-16 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{026BEBAE-DADC-4655-A1FA-D70BBA85CAD2} [2011-05-15 10:52:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\Outlook Files [2011-05-15 10:08:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B2B38C8B-EC84-4819-B15B-524FBC013207} [2011-05-14 17:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metastorm ProVision 6.2 SR2 [2011-05-14 17:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metastorm [2011-05-14 17:10:43 | 000,000,000 | ---D | C] -- C:\Deletennaprovision [2011-05-14 17:09:41 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2011-05-14 17:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects [2011-05-14 14:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011-05-14 14:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011-05-14 14:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011-05-14 14:38:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011-05-14 14:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011-05-14 14:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011-05-14 14:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011-05-14 09:29:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{EAADACC6-7B3B-4795-B8F8-9EE16A1C37A9} [2011-05-13 20:50:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\New music [2011-05-13 17:53:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{13839B98-1C1C-46F1-92CB-3C914EAFBFBF} [2011-05-12 13:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011-05-12 10:35:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D3FEB88D-AC67-4B78-8381-F6C84A313692} [2011-05-11 20:38:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BF9E1A82-B3FF-4C6A-8975-D03055775B79} [2011-05-11 13:26:04 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011-05-11 13:26:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011-05-11 13:26:03 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011-05-11 13:26:00 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011-05-11 13:25:59 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011-05-11 08:37:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D4429B65-E792-4391-A89E-D0534A2C334E} [2011-05-10 07:53:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{752F83CF-8772-43C0-8F09-FA27AE599869} [2011-05-09 17:20:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F663A967-8503-4A60-B02E-FE08D9AB49F3} [2011-05-08 11:15:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7DF84322-BEB8-40DF-B883-87AB8300310A} [2011-05-07 23:15:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{079C5FAF-1F25-4F5F-A435-AFC65049DF03} [2011-05-07 10:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011-05-07 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{07C9B128-D098-4ECA-BA73-32D9567D43A6} [2011-05-06 16:20:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8B8AEED9-4AB2-4A23-ADAB-8777FC9A67D8} [2011-05-05 17:51:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{45E5DD48-5A0B-4D1E-93EC-68A5748CF58F} [2011-05-04 10:11:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{29A95F3D-656B-4B58-B0DE-DA620CD2095D} [2011-05-03 17:46:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9432986F-71B8-41BC-8A20-BACC4EB8D187} [2011-05-02 11:26:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9436EE24-CA13-4F57-B35E-1EDCC9E0BBE6} [2011-05-01 23:15:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AC684BA5-FF0E-4CB3-9D9A-B7D2FDF6728B} ========== Files - Modified Within 30 Days ========== [2011-05-31 18:09:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-05-31 18:09:22 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2011-05-31 18:07:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2011-05-31 18:03:35 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\tdsskiller.exe [2011-05-31 17:09:36 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-05-31 17:09:36 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-05-28 17:42:32 | 000,001,647 | ---- | M] () -- C:\Users\Eric\Documents\T4EPlayer.conf [2011-05-28 11:30:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011-05-28 11:30:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-05-28 10:15:47 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011-05-27 16:59:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-05-27 16:59:46 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-05-27 16:59:46 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-05-23 10:30:53 | 000,000,034 | ---- | M] () -- C:\Users\Eric\jagex_runescape_preferences.dat [2011-05-23 10:30:19 | 000,000,129 | ---- | M] () -- C:\Users\Eric\jagex_runescape_preferences2.dat [2011-05-20 20:55:54 | 005,734,829 | ---- | M] () -- C:\Users\Eric\Desktop\song.wmv [2011-05-15 17:45:38 | 000,000,959 | ---- | M] () -- C:\Users\Eric\Desktop\Enterprise and Information Modeling - Shortcut.lnk [2011-05-15 15:12:25 | 000,001,128 | ---- | M] () -- C:\Users\Eric\Documents\Documents - Shortcut.lnk [2011-05-15 10:52:46 | 000,001,135 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2011-05-15 10:07:41 | 000,417,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011-05-14 17:10:53 | 000,000,134 | ---- | M] () -- C:\Windows\ODBC.INI [2011-05-14 17:10:51 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\Metastorm ProVision 6.2 SR2.lnk [2011-05-13 18:39:52 | 000,003,013 | ---- | M] () -- C:\Users\Eric\Desktop\TableNinja.lnk ========== Files Created - No Company Name ========== [2011-05-20 20:54:03 | 005,734,829 | ---- | C] () -- C:\Users\Eric\Desktop\song.wmv [2011-05-15 17:45:38 | 000,000,959 | ---- | C] () -- C:\Users\Eric\Desktop\Enterprise and Information Modeling - Shortcut.lnk [2011-05-15 15:12:25 | 000,001,128 | ---- | C] () -- C:\Users\Eric\Documents\Documents - Shortcut.lnk [2011-05-15 10:52:46 | 000,001,135 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2011-05-14 17:10:53 | 000,000,134 | ---- | C] () -- C:\Windows\ODBC.INI [2011-05-14 17:10:51 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\Metastorm ProVision 6.2 SR2.lnk [2011-05-12 13:37:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011-01-28 12:02:29 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\cutemon2k.dll [2011-01-28 12:02:29 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\UnCutePP.exe [2010-12-28 18:48:02 | 000,059,309 | ---- | C] () -- C:\Program Files (x86)\EULA.nl [2010-12-23 19:30:06 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010-12-23 19:30:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010-12-23 19:30:04 | 000,835,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010-12-21 22:50:12 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2010-12-21 22:01:30 | 000,000,045 | ---- | C] () -- C:\Users\Eric\AppData\Local\machpro.dat [2010-12-21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010-12-18 22:38:55 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010-12-18 22:38:55 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2010-11-30 14:55:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008-04-22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008-04-22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008-04-22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys ========== Custom Scans ========== < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\drivers\*.sys > [2007-10-25 18:26:10 | 000,005,632 | ---- | M] () -- C:\Windows\SysWOW64\drivers\StarOpen.sys [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drivers\wimmount.sys < %systemroot%\system32\drivers\*.dll > < %systemroot%\system32\drivers\*.ini > < %systemroot%\system32\drivers\*.exe > < %SYSTEMDRIVE%\*.* > [2011-05-31 18:09:22 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2011-05-31 18:09:24 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys [2011-05-14 14:15:00 | 000,000,454 | ---- | M] () -- C:\PINGUSMACHINE_20110514141500_ScrubLog.txt [2011-05-31 18:07:06 | 000,065,642 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_31.05.2011_18.05.41_log.txt < %PROGRAMFILES%\*. > [2011-05-12 13:37:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2011-03-25 19:00:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies [2011-01-25 20:09:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update [2011-03-06 12:58:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Stream [2011-01-06 23:42:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies [2010-12-21 16:55:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BRS [2011-05-14 17:09:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Business Objects [2011-05-14 14:38:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2010-11-30 15:28:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite [2011-01-25 19:33:43 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2011-04-14 17:37:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2010-12-02 21:33:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2011-01-25 19:33:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny [2010-11-30 15:00:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee [2011-05-14 17:10:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Metastorm [2011-05-14 14:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services [2011-05-07 10:05:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011-05-14 14:38:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2011-04-22 12:58:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight [2011-05-14 14:38:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011-05-14 14:38:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011-05-14 14:38:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2011-04-30 14:48:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2011-01-27 14:00:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0 [2010-11-30 14:49:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NEC Electronics [2010-12-18 20:38:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL [2010-12-21 21:42:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PostgreSQL [2010-12-21 21:45:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PSQLINSTALL [2010-11-30 14:48:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek [2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2011-01-25 19:34:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung [2010-11-30 14:47:55 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp [2009-07-14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2011-01-21 14:39:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN [2010-12-20 15:02:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vstplugins [2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2010-12-19 12:36:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live [2010-12-16 22:06:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2010-11-30 15:32:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer [2009-07-14 07:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar [2010-12-18 22:44:01 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry < MD5 for: ATAPI.SYS > [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\ms hdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35 _6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: EXPLORER.EXE > [2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc2 4107935a7e25\explorer.exe [2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87 e574ddfe652d\explorer.exe [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe 430bc7ce3761\explorer.exe [2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce 9756e0b786a4\explorer.exe [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819 b343c7ba6202\explorer.exe [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816 eb59c7bb4020\explorer.exe [2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa7 9dc39081d0ba\explorer.exe [2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b033 3b22a99da332\explorer.exe [2009-08-03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84 b558ac4eb41c\explorer.exe [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc 4815c4e292b5\explorer.exe [2009-10-31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc5 08f19359a007\explorer.exe [2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d9 5faae0af7617\explorer.exe [2009-10-31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46 d6aeac7ca7c7\explorer.exe [2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853 c407c78e3ba9\explorer.exe [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada9 98b9936d7566\explorer.exe [2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b 8100e0dd69c2\explorer.exe [2011-02-26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79 ed04ac56c4a9\explorer.exe [2009-08-03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff 19b5932d79ae\explorer.exe < MD5 for: USERINIT.EXE > [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff 103933038d7c\userinit.exe [2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381d abbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7 f2bdeea2829c\winlogon.exe [2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc52 2fd507b468f8\winlogon.exe [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe5 34e7ee8042ad\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:B3D74A13 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 < End of report > |
Re: HELP, Do I have a trojan or keylogger
-----------Extras
OTL Extras logfile created on: 31-5-2011 18:12:47 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eric\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,40% Memory free 8,00 Gb Paging File | 6,80 Gb Available in Paging File | 85,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 93,53 Gb Free Space | 47,91% Space Free | Partition Type: NTFS Drive D: | 736,20 Gb Total Space | 570,37 Gb Free Space | 77,47% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 722,33 Gb Free Space | 77,54% Space Free | Partition Type: NTFS Computer Name: PINGUSMACHINE | User Name: Eric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007 "{90120000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007 "{90120000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007 "{90120000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager "{B361F88B-D513-9D45-E7F2-871B61C46D32}" = WMV9/VC-1 Video Playback "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26 "{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 "{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{B99C4306-3016-4CD8-BF57-5E3385EFDA97}" = Metastorm ProVision 6.2 SR2 "{C3224F3D-3192-40BE-BD24-8183C757B091}" = GPRO Organiser "{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP2 "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy "{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy "{F04899F8-1882-4EF5-BA2C-5B65E41E456A}" = vGO "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{FB1AA04A-97A8-4928-A51E-8F41841E7861}" = TableNinja "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Fraps" = Fraps (remove only) "HoldemManager" = Holdem Manager "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Mikogo" = Mikogo "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Office14.VISIO" = Microsoft Visio Premium 2010 "OpenAL" = OpenAL "PokerStars" = PokerStars "PopTools_is1" = PopTools "PostgreSQL 8.4" = PostgreSQL 8.4 "PunkBusterSvc" = PunkBuster Services "ST6UNST #1" = PS - Power and Sample Size Calculation "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 12140" = Max Payne "Steam App 12150" = Max Payne 2: The Fall of Max Payne "Steam App 12210" = Grand Theft Auto IV "Steam App 12220" = Grand Theft Auto: Episodes from Liberty City "Steam App 12840" = DiRT 2 "Steam App 22600" = Worms Reloaded "Steam App 240" = Counter-Strike: Source "Steam App 2990" = FlatOut 2 "Steam App 3590" = Plants vs. Zombies: Game of the Year "Steam App 400" = Portal "Steam App 42120" = Lead and Gold - Gangs of the Wild West "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 44310" = F1 2010â„Ē "Steam App 4760" = Rome: Total War Gold Edition "Steam App 7200" = TrackMania United "Steam App 9930" = Test Drive Unlimited 2 "T4EPlayer" = T4E Player "TeamViewer 6" = TeamViewer 6 "Turbo Sliders" = Turbo Sliders (remove only) "VLC media player" = VLC media player 1.1.5 "WinLiveSuite" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27-5-2011 14:56:28 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe" on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid. Error - 27-5-2011 14:58:42 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll ".Error in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll " on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid. Error - 28-5-2011 9:04:21 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe" on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid. Error - 28-5-2011 12:13:24 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe" on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid. Error - 28-5-2011 12:15:26 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll ".Error in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll " on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid. Error - 29-5-2011 11:54:09 | Computer Name = PingusMachine | Source = Application Error | ID = 1000 Description = Faulting application name: T4EPlayer.exe, version: 1.3.0.1, time stamp: 0x4d74afa6 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id: 0x1204 Faulting application start time: 0x01cc1ded65299b06 Faulting application path: D:\spellen\T4E Player\T4EPlayer.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: e35c5af9-8a0b-11e0-9546-0025226fd863 Error - 30-5-2011 15:11:59 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe" on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid. Error - 30-5-2011 15:14:04 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll ".Error in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll " on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid. Error - 31-5-2011 3:08:48 | Computer Name = PingusMachine | Source = Application Hang | ID = 1002 Description = The program IEXPLORE.EXE version 8.0.7600.16766 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 820 Start Time: 01cc1f5e2c749b6a Termination Time: 0 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: cfffe918-8b54-11e0-806a-0025226fd863 Error - 31-5-2011 11:20:55 | Computer Name = PingusMachine | Source = Application Error | ID = 1000 Description = Faulting application name: Setup.exe_Microsoft Setup Bootstrapper, version: 14.0.4755.1000, time stamp: 0x4b989df1 Faulting module name: ole32.dll, version: 6.1.7600.16624, time stamp: 0x4c297c56 Exception code: 0xc0000005 Fault offset: 0x0002f367 Faulting process id: 0x153c Faulting application start time: 0x01cc1fa64f6b59ea Faulting application path: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Faulting module path: C:\Windows\syswow64\ole32.dll Report Id: 93b6b88c-8b99-11e0-99ef-0025226fd863 [ System Events ] Error - 30-5-2011 13:47:15 | Computer Name = PingusMachine | Source = DCOM | ID = 10010 Description = Error - 31-5-2011 2:44:56 | Computer Name = PingusMachine | Source = DCOM | ID = 10010 Description = Error - 31-5-2011 11:12:44 | Computer Name = PingusMachine | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{1707C13D-E768-4DE8-A228-0D83F95B6099} because another computer on the network has the same name. The server could not start. < End of report > |
Re: HELP, Do I have a trojan or keylogger
You definitely have something nasty. Quick googles for the "Systray.exe stub trojan" come up with results of people with a similar infection.
I would not trust having that computer on any sort of network (internet-connected or not), and I would begin changing passwords for any sites you may visit on that machine. The best skill for a Windows user to have is the knowledge of how to low-level format and start over :) I suggest you do that ASAP. |
Re: HELP, Do I have a trojan or keylogger
I dont even know how long Iam infected really...... also changes passes woudnt make sense atm.. or i would need to change them on an other pc
Spend last few hours on copying important files to my Mybook. Is there anything i need to think about when i put the windows 7 cd back into my pc and reboot and reinstall windows? Etc formatting EVERYTHING? --- Also I really wonder how i got this, I always had the newest viruscanner with updates etc (one of the best advantages of going to uni :P, free licensed software!), always updated everything and never clicked things i did not trust.......... pffffft |
Re: HELP, Do I have a trojan or keylogger
Have been googling some more and the weird thing is, i only find GERMAN sources with this problem. So weird... also they are all dated from within this last week....
|
Re: HELP, Do I have a trojan or keylogger
Don't really weigh on how long you've had the keylogger, weigh it based on the importance of the information stored on the accounts with which the passwords are protecting. For example, change passwords on anything related to banking even if you can't remember if you've logged in on to that account with that computer. Make sense? :D And yes, change those passwords on another computer or on the machine after you start fresh.
I'm not going to supply rant for "why your anti-virus/anti-malware/whatever software" didn't save you, just know that most bad software these days targets circumvention of those types of software. Windows 7 is a lot better out-of-the-box with regards to default security, but maybe look in to (see stickied post) running as a standard user all the time and only using admin accounts for installing/changing system-level items. Yes, it is very painful, but so is starting from scratch :) |
Re: HELP, Do I have a trojan or keylogger
But running programs like HEM and Tableninja always need admin? Isnt that a big hassle
|
Re: HELP, Do I have a trojan or keylogger
Quote:
|
Re: HELP, Do I have a trojan or keylogger
McAfee, Symantec, AVG all claim that they are selling security suite software for PCs. They are merely illusions of security. Think of them as deadbolt locks. Someone with the proper knowledge will know how to circumvent it.
Personally, I feel more vulnerable by having one of the "big three" security suites. Personally, I'd recommend Microsoft's Security Essentials pack or ClamAV/ClamWin to any non-corporate PC user. Moral of the story: If you have high value for the content that you store on your computer, you probably need to add more layers of security. |
Re: HELP, Do I have a trojan or keylogger
you don't need to format yet, and i would avoid using passwords rather than change them all, until it is fixed. the extent of my fixing knowledge is running malwarebytes but there are a few experts on this stuff around.
|
Re: HELP, Do I have a trojan or keylogger
OP, don't reformat yet. Just wait for Gabe or someone with similar experience to read your thread. He'll be able to help.
In the meantime, though, don't use that machine for anything sensitive (particularly email, poker and banking). Use a different machine to change passwords on your most important accounts. One thing he'll make sure you do is update Java - yours is out of date. Outdated environments and plugins are a potential vector of infection. Same goes for Adobe products. When your machine has been cleaned up, you might want to download something like Secunia PSI - it will tell you when software is out of date and help you find updates. There are several good free antivirus packages out there. I use Avira; Microsoft Security Essentials is (perhaps surprisingly) another good choice. |
Re: HELP, Do I have a trojan or keylogger
Can you also have both, Microsoft Securiuty Essentials and Mcafee, I dont think so right?
And how would I know if that program is gone, my pc is really clean. I'am already leaning towards formatting my pc alot... since every source I found about this problem, the OP formatted his pc in the end... I really dont like the feeling of not being sure if you have a virus or not but this is clearly one. And indeed maybe I should wait for someone with more knowledge, but if I'am going to make a clean start I better to it ASAP lol |
Re: HELP, Do I have a trojan or keylogger
Quote:
Code:
:files
Please download Malwarebytes' Anti-Malware from here. Double Click mbam-setup.exe to install the application.
|
Re: HELP, Do I have a trojan or keylogger
------I ran OTL with the quote you stated and clicked RUn fix, It asked for a reboot which went smootlhy, I just checked taskbar and the weird .exe file with the stated description is already gone? You are quite amazing sir, thanks, nice hand------
-----LOG FILES ------- All processes killed ========== FILES ========== C:\Recycle.Bin\Recycle.Bin.exe moved successfully. C:\Users\Eric\AppData\Local\{BE673D5C-12A3-43F5-A37E-3F719F6E1D70} folder moved successfully. C:\Users\Eric\AppData\Local\{1169CE5E-7DA4-4FBB-B184-7E5398B34D6D} folder moved successfully. C:\Users\Eric\AppData\Local\{B7A5BDC1-D12B-45F1-96B2-CFF832B55FD5} folder moved successfully. C:\Users\Eric\AppData\Local\{0CA95843-5098-4072-A546-CDD5BADA4E33} folder moved successfully. C:\Users\Eric\AppData\Local\{DE8BCFE9-7093-4207-85A0-406B84A2E42A} folder moved successfully. C:\Users\Eric\AppData\Local\{19D489C3-8E7D-4582-A403-D25673BFE915} folder moved successfully. C:\Users\Eric\AppData\Local\{4D5736C6-7192-41B4-801A-354E0AC3376B} folder moved successfully. C:\Users\Eric\AppData\Local\{90FC1D79-03E8-4820-A230-7F2AA249D2DA} folder moved successfully. C:\Users\Eric\AppData\Local\{72DC0611-DD79-4C47-91DA-A1F128AA985B} folder moved successfully. C:\Users\Eric\AppData\Local\{21C210AA-7945-4B6F-BB91-6C8E99F9ACB5} folder moved successfully. C:\Users\Eric\AppData\Local\{AFE80141-684F-489B-97AD-7B06580892B0} folder moved successfully. C:\Users\Eric\AppData\Local\{F85CAACE-3A4F-4253-85E9-F1F5BAFB458C} folder moved successfully. C:\Users\Eric\AppData\Local\{2EB25294-0FEB-41AE-B930-E83C5BF99DFE} folder moved successfully. C:\Users\Eric\AppData\Local\{429CC2F2-F8DB-4D2B-9711-CFD7D508E87B} folder moved successfully. C:\Users\Eric\AppData\Local\{9B4BFBDE-C6B2-42A1-B10F-C610487DDC92} folder moved successfully. C:\Users\Eric\AppData\Local\{4CEEB5AE-A774-4B4F-8A68-56DCFC98B474} folder moved successfully. C:\Users\Eric\AppData\Local\{90076388-1B85-47FC-9A5F-56137938B4A3} folder moved successfully. C:\Users\Eric\AppData\Local\{17884C69-42F3-4488-9F7F-87D70D20B33A} folder moved successfully. C:\Users\Eric\AppData\Local\{62018F9C-52C2-4DA4-9AB5-4F88E72A9B89} folder moved successfully. C:\Users\Eric\AppData\Local\{E8FCFAC0-7A29-400F-8162-EA100CC0B108} folder moved successfully. C:\Users\Eric\AppData\Local\{026BEBAE-DADC-4655-A1FA-D70BBA85CAD2} folder moved successfully. C:\Users\Eric\AppData\Local\{B2B38C8B-EC84-4819-B15B-524FBC013207} folder moved successfully. C:\Users\Eric\AppData\Local\{EAADACC6-7B3B-4795-B8F8-9EE16A1C37A9} folder moved successfully. C:\Users\Eric\AppData\Local\{13839B98-1C1C-46F1-92CB-3C914EAFBFBF} folder moved successfully. C:\Users\Eric\AppData\Local\{D3FEB88D-AC67-4B78-8381-F6C84A313692} folder moved successfully. C:\Users\Eric\AppData\Local\{BF9E1A82-B3FF-4C6A-8975-D03055775B79} folder moved successfully. C:\Users\Eric\AppData\Local\{D4429B65-E792-4391-A89E-D0534A2C334E} folder moved successfully. C:\Users\Eric\AppData\Local\{752F83CF-8772-43C0-8F09-FA27AE599869} folder moved successfully. C:\Users\Eric\AppData\Local\{F663A967-8503-4A60-B02E-FE08D9AB49F3} folder moved successfully. C:\Users\Eric\AppData\Local\{7DF84322-BEB8-40DF-B883-87AB8300310A} folder moved successfully. C:\Users\Eric\AppData\Local\{079C5FAF-1F25-4F5F-A435-AFC65049DF03} folder moved successfully. C:\Users\Eric\AppData\Local\{07C9B128-D098-4ECA-BA73-32D9567D43A6} folder moved successfully. C:\Users\Eric\AppData\Local\{8B8AEED9-4AB2-4A23-ADAB-8777FC9A67D8} folder moved successfully. C:\Users\Eric\AppData\Local\{45E5DD48-5A0B-4D1E-93EC-68A5748CF58F} folder moved successfully. C:\Users\Eric\AppData\Local\{29A95F3D-656B-4B58-B0DE-DA620CD2095D} folder moved successfully. C:\Users\Eric\AppData\Local\{9432986F-71B8-41BC-8A20-BACC4EB8D187} folder moved successfully. C:\Users\Eric\AppData\Local\{9436EE24-CA13-4F57-B35E-1EDCC9E0BBE6} folder moved successfully. C:\Users\Eric\AppData\Local\{AC684BA5-FF0E-4CB3-9D9A-B7D2FDF6728B} folder moved successfully. ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\NPSStartup deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\4E3E0230AEBB4E96 deleted successfully. File C:\Recycle.Bin\Recycle.Bin.exe not found. G:\autorun.inf moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 7695288 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Eric ->Temp folder emptied: 288574 bytes ->Temporary Internet Files folder emptied: 81016296 bytes ->Java cache emptied: 14539977 bytes ->FireFox cache emptied: 48584160 bytes ->Flash cache emptied: 199205 bytes User: postgres ->Temp folder emptied: 7693750 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 33907024 bytes %systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 82344 bytes Total Files Cleaned = 185,00 mb OTL by OldTimer - Version 3.2.23.0 log created on 06012011_090444 Files\Folders moved on Reboot... C:\Users\Eric\AppData\Local\Temp\McAfeeLogs\Update rUI_PINGUSMACHINE.log moved successfully. C:\Users\Eric\AppData\Local\Temp\McAfeeLogs\Update rUI_PINGUSMACHINE_error.log moved successfully. C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFil e.txt moved successfully. C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_001_ moved successfully. C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_002_ moved successfully. C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_003_ moved successfully. C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_MAP_ moved successfully. C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\urlclassifier3.sqlite moved successfully. C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\XUL.mfl moved successfully. Registry entries deleted on Reboot... ~Gonna run Malwarebytes now like you stated. Do you got any idea what this virus was? Amazing stuff going on here. |
Re: HELP, Do I have a trojan or keylogger
-----Malwarebytes log-----
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6741 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 1-6-2011 9:14:30 mbam-log-2011-06-01 (09-14-30).txt Scan type: Quick scan Objects scanned: 172014 Time elapsed: 2 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Files Infected: c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Looks like its fixed, thanks alot man, if you google "systray .exe stub" people should find this thread instead of those other (german) forums, they all got pretty bad adivse compared to here and they all re-installed their pc in the end it looks like, while the fix is quick if you KNOW what to do (gabe his stuff...), I dont know how hard it is to know what you have to do though .... |
Re: HELP, Do I have a trojan or keylogger
That was easy
I saw a suspicious autorun.inf. It could a worm spreading by infected USB drives. I suggest you immunize all your USB drives, including those in digital cameras, mp3/4 players and mobile phones. ==================== Please download Flash_Disinfector by sUBs from here and save it to your desktop.
==================== You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
After installing Java, go to Start > Control Panel > Java to open the Java Control Panel. Under the General tab, Temporary Internet Files click Settings, then click Delete Files. Select both options and click OK to delete the Java cache. ==================== Please download aswMBR by Alwil Software from here and save it to your desktop.
|
Re: HELP, Do I have a trojan or keylogger
Does that mean I also got it the virus from some kinda USB device? Only USB devices I use are storage devices or my phone...
Can you also see by those logs or info what the virus did? I still need to change all my passwords right? BTW after reading all the stickies in here I'am still thinking to reinstall my pc lol, even after fixing the problem. Thanks Gabe. I appreciate it alot =] |
Re: HELP, Do I have a trojan or keylogger
Quote:
Quote:
I hope your problems don't return, pingu. |
Re: HELP, Do I have a trojan or keylogger
Quote:
Quote:
Quote:
Also, how often does someone "plant" a virus on your machine that you do know about? This is silly. Also also also also, OP isn't just running MBAM. There's a reason that Gabe is taking him through a number of different steps. You must make a lot of money to be able to afford all those tin foil hats. |
Re: HELP, Do I have a trojan or keylogger
Quote:
The behavior that OP was describing made it seem like this was more than ad-ware or just a nuisance. I don't think I was giving bad (free) information, but maybe I was was missing the purpose of this forum which is for Gabe, the "Geek Squad Employee of the Year," to have a place to share his skills when he isn't out racing around in his black and white VW bug wearing his skinny tie and cop badge. Quote:
|
Re: HELP, Do I have a trojan or keylogger
Quote:
Feel free to join and run through GeekPolice Academy to learn what I did. It will take about 9-12 months, and you will give better advice than blurting "OMG REFORMAT" FYI MBR infections survive a format. |
Re: HELP, Do I have a trojan or keylogger
Hello there, sorry for necroposting but after googling it it seems to me that this is still the only good thread about this thing that is not in German. Which is strange, anyway I'm having the same problem and after reading the thread I don't understand what exactly I'm supposed to do with OTL to begin with. If someone posted a step-by-step instruction it would be very appreciated. Thank you in advance.
|
Re: HELP, Do I have a trojan or keylogger
What Gabe told me to do fixed everything ^^.
|
Re: HELP, Do I have a trojan or keylogger
Quote:
Please open a new thread with your problem and donīt continue here. |
All times are GMT -4. The time now is 02:52 AM. |
Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Đ 2008-2020, Two Plus Two Interactive