Two Plus Two Publishing LLC Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > Other Topics > Computer Technical Help

Notices

Computer Technical Help Post your questions about computer hardware and software and configuring same here.

Reply
 
Thread Tools Display Modes
Old 05-31-2011, 12:08 PM   #1
old hand
 
Pokerpingu's Avatar
 
Join Date: Mar 2009
Posts: 1,624
HELP, Do I have a trojan or keylogger

After noticing some weird things with my pc lately iam scared that i got a trojan or even key logger.

Some things
When i do "shift + 6" instead of getting one ^ I get two ^^.

When I go to task manager i see a very weird process running:
It says 38z78FF.exe *32 at the moment and the description behind it says systray .exe stub. When I restart my pc the name of this process is different the next day!

Edit: I just shutted it down and now it came back as 38z76C9.exe *32 , same description -->


So i googled ths, when i search the .exe i find nothing but when i searched systray .exe stub i found a german forum where a guy had the same problem. I cant understand it all but it says he is also scared it is a keylogger and he has the SAME problem with the sign ^^
(Source: http://www.trojaner-board.de/99206-s...keylogger.html)

I also scanned my PC whole pc with Mcafee Entreprese 8.8 and it had 0 detections.....


Am I doomed and do I need to re-install my windows 7 or is this just a normal thing.... =-[






----------------------
Just read the stickies...

Gonna make the logs now.
Pokerpingu is offline   Reply With Quote
Old 05-31-2011, 12:21 PM   #2
old hand
 
Pokerpingu's Avatar
 
Join Date: Mar 2009
Posts: 1,624
Re: HELP, Do I have a trojan or keylogger

Rebooted first then closed all windows and ran OTL like tated.

When I ran OTL the name of the process was am08E88.exe this time....

--------- OTL ----------


OTL logfile created on: 31-5-2011 18:12:47 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eric\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,40% Memory free
8,00 Gb Paging File | 6,80 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 93,53 Gb Free Space | 47,91% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 570,37 Gb Free Space | 77,47% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 722,33 Gb Free Space | 77,54% Space Free | Partition Type: NTFS

Computer Name: PINGUSMACHINE | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-05-31 18:09:48 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Eric\AppData\Local\Temp\amO8E88.exe
PRC - [2011-05-31 18:07:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011-01-12 20:52:12 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011-01-12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011-01-12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011-01-12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2011-01-12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2011-01-12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2011-01-12 14:10:08 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010-12-23 19:33:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-12-07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- d:\spellen\Poker\TeamViewer\Version6\TeamViewer_Se rvice.exe
PRC - [2010-07-04 20:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010-01-22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009-09-08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009-09-08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe


========== Modules (SafeList) ==========

MOD - [2011-05-31 18:07:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-04-22 18:59:46 | 000,156,248 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011-04-22 18:59:43 | 000,190,256 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011-01-27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-05-14 10:46:02 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-01-12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011-01-12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010-12-28 18:55:21 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Eric\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010-12-23 19:33:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-12-07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- d:\spellen\Poker\TeamViewer\Version6\TeamViewer_Se rvice.exe -- (TeamViewer6)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-09-08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-04-22 18:59:46 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011-04-22 18:59:45 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011-04-22 18:59:45 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011-04-22 18:59:44 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011-04-22 18:59:44 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-01-27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-01-27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-11-30 15:28:12 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-11-17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010-04-27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010-04-27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010-04-27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010-03-04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-02-18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010-01-22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-01-22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009-08-13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 D6 E2 2D 5E 1F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.nl/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-30 14:48:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-05-13 20:24:01 | 000,000,000 | ---D | M]

[2010-11-30 15:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2010-11-30 15:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Prof iles\mh53hpfw.default\extensions
[2010-12-02 21:33:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-12-02 21:33:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-12-02 21:33:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-03 15:05:46 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2011-03-03 15:05:46 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2011-03-03 15:05:46 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\vandale-nl.xml
[2011-03-03 15:05:46 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2011-03-03 15:05:46 | 000,001,106 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110422190056.dl l (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110422190057.dl l (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (Iggptulsy Cyojgq)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-11-05 13:19:36 | 000,000,052 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

========== Files/Folders - Created Within 30 Days ==========

[2011-05-31 18:07:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011-05-31 18:03:29 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\tdsskiller.exe
[2011-05-31 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BE673D5C-12A3-43F5-A37E-3F719F6E1D70}
[2011-05-30 14:53:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1169CE5E-7DA4-4FBB-B184-7E5398B34D6D}
[2011-05-29 11:07:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B7A5BDC1-D12B-45F1-96B2-CFF832B55FD5}
[2011-05-28 23:06:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0CA95843-5098-4072-A546-CDD5BADA4E33}
[2011-05-28 10:01:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DE8BCFE9-7093-4207-85A0-406B84A2E42A}
[2011-05-27 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\NPS
[2011-05-27 16:54:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{19D489C3-8E7D-4582-A403-D25673BFE915}
[2011-05-26 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4D5736C6-7192-41B4-801A-354E0AC3376B}
[2011-05-25 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{90FC1D79-03E8-4820-A230-7F2AA249D2DA}
[2011-05-25 09:12:50 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011-05-25 09:09:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{72DC0611-DD79-4C47-91DA-A1F128AA985B}
[2011-05-24 13:54:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{21C210AA-7945-4B6F-BB91-6C8E99F9ACB5}
[2011-05-23 20:57:31 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AFE80141-684F-489B-97AD-7B06580892B0}
[2011-05-23 08:57:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F85CAACE-3A4F-4253-85E9-F1F5BAFB458C}
[2011-05-22 11:08:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2EB25294-0FEB-41AE-B930-E83C5BF99DFE}
[2011-05-21 22:58:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{429CC2F2-F8DB-4D2B-9711-CFD7D508E87B}
[2011-05-21 10:13:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9B4BFBDE-C6B2-42A1-B10F-C610487DDC92}
[2011-05-20 17:53:35 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4CEEB5AE-A774-4B4F-8A68-56DCFC98B474}
[2011-05-19 12:55:49 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011-05-19 12:55:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011-05-19 11:10:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{90076388-1B85-47FC-9A5F-56137938B4A3}
[2011-05-18 10:26:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{17884C69-42F3-4488-9F7F-87D70D20B33A}
[2011-05-17 20:46:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{62018F9C-52C2-4DA4-9AB5-4F88E72A9B89}
[2011-05-17 08:46:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E8FCFAC0-7A29-400F-8162-EA100CC0B108}
[2011-05-16 16:36:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Punagoalreplayer
[2011-05-16 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{026BEBAE-DADC-4655-A1FA-D70BBA85CAD2}
[2011-05-15 10:52:43 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\Outlook Files
[2011-05-15 10:08:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B2B38C8B-EC84-4819-B15B-524FBC013207}
[2011-05-14 17:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metastorm ProVision 6.2 SR2
[2011-05-14 17:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metastorm
[2011-05-14 17:10:43 | 000,000,000 | ---D | C] -- C:\Deletennaprovision
[2011-05-14 17:09:41 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011-05-14 17:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2011-05-14 14:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011-05-14 14:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011-05-14 14:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011-05-14 14:38:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011-05-14 14:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011-05-14 14:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011-05-14 14:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011-05-14 09:29:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{EAADACC6-7B3B-4795-B8F8-9EE16A1C37A9}
[2011-05-13 20:50:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\New music
[2011-05-13 17:53:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{13839B98-1C1C-46F1-92CB-3C914EAFBFBF}
[2011-05-12 13:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011-05-12 10:35:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D3FEB88D-AC67-4B78-8381-F6C84A313692}
[2011-05-11 20:38:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BF9E1A82-B3FF-4C6A-8975-D03055775B79}
[2011-05-11 13:26:04 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011-05-11 13:26:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011-05-11 13:26:03 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011-05-11 13:26:00 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011-05-11 13:25:59 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011-05-11 08:37:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D4429B65-E792-4391-A89E-D0534A2C334E}
[2011-05-10 07:53:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{752F83CF-8772-43C0-8F09-FA27AE599869}
[2011-05-09 17:20:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F663A967-8503-4A60-B02E-FE08D9AB49F3}
[2011-05-08 11:15:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7DF84322-BEB8-40DF-B883-87AB8300310A}
[2011-05-07 23:15:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{079C5FAF-1F25-4F5F-A435-AFC65049DF03}
[2011-05-07 10:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011-05-07 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{07C9B128-D098-4ECA-BA73-32D9567D43A6}
[2011-05-06 16:20:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8B8AEED9-4AB2-4A23-ADAB-8777FC9A67D8}
[2011-05-05 17:51:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{45E5DD48-5A0B-4D1E-93EC-68A5748CF58F}
[2011-05-04 10:11:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{29A95F3D-656B-4B58-B0DE-DA620CD2095D}
[2011-05-03 17:46:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9432986F-71B8-41BC-8A20-BACC4EB8D187}
[2011-05-02 11:26:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{9436EE24-CA13-4F57-B35E-1EDCC9E0BBE6}
[2011-05-01 23:15:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AC684BA5-FF0E-4CB3-9D9A-B7D2FDF6728B}

========== Files - Modified Within 30 Days ==========

[2011-05-31 18:09:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-05-31 18:09:22 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-31 18:07:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011-05-31 18:03:35 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\tdsskiller.exe
[2011-05-31 17:09:36 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-05-31 17:09:36 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-05-28 17:42:32 | 000,001,647 | ---- | M] () -- C:\Users\Eric\Documents\T4EPlayer.conf
[2011-05-28 11:30:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011-05-28 11:30:30 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-05-28 10:15:47 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011-05-27 16:59:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-05-27 16:59:46 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-05-27 16:59:46 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-05-23 10:30:53 | 000,000,034 | ---- | M] () -- C:\Users\Eric\jagex_runescape_preferences.dat
[2011-05-23 10:30:19 | 000,000,129 | ---- | M] () -- C:\Users\Eric\jagex_runescape_preferences2.dat
[2011-05-20 20:55:54 | 005,734,829 | ---- | M] () -- C:\Users\Eric\Desktop\song.wmv
[2011-05-15 17:45:38 | 000,000,959 | ---- | M] () -- C:\Users\Eric\Desktop\Enterprise and Information Modeling - Shortcut.lnk
[2011-05-15 15:12:25 | 000,001,128 | ---- | M] () -- C:\Users\Eric\Documents\Documents - Shortcut.lnk
[2011-05-15 10:52:46 | 000,001,135 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011-05-15 10:07:41 | 000,417,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-05-14 17:10:53 | 000,000,134 | ---- | M] () -- C:\Windows\ODBC.INI
[2011-05-14 17:10:51 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\Metastorm ProVision 6.2 SR2.lnk
[2011-05-13 18:39:52 | 000,003,013 | ---- | M] () -- C:\Users\Eric\Desktop\TableNinja.lnk

========== Files Created - No Company Name ==========

[2011-05-20 20:54:03 | 005,734,829 | ---- | C] () -- C:\Users\Eric\Desktop\song.wmv
[2011-05-15 17:45:38 | 000,000,959 | ---- | C] () -- C:\Users\Eric\Desktop\Enterprise and Information Modeling - Shortcut.lnk
[2011-05-15 15:12:25 | 000,001,128 | ---- | C] () -- C:\Users\Eric\Documents\Documents - Shortcut.lnk
[2011-05-15 10:52:46 | 000,001,135 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011-05-14 17:10:53 | 000,000,134 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-05-14 17:10:51 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\Metastorm ProVision 6.2 SR2.lnk
[2011-05-12 13:37:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-01-28 12:02:29 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\cutemon2k.dll
[2011-01-28 12:02:29 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\UnCutePP.exe
[2010-12-28 18:48:02 | 000,059,309 | ---- | C] () -- C:\Program Files (x86)\EULA.nl
[2010-12-23 19:30:06 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-12-23 19:30:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010-12-23 19:30:04 | 000,835,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010-12-21 22:50:12 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010-12-21 22:01:30 | 000,000,045 | ---- | C] () -- C:\Users\Eric\AppData\Local\machpro.dat
[2010-12-21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-12-18 22:38:55 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010-12-18 22:38:55 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010-11-30 14:55:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008-04-22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008-04-22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008-04-22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008-04-22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys >
[2007-10-25 18:26:10 | 000,005,632 | ---- | M] () -- C:\Windows\SysWOW64\drivers\StarOpen.sys
[2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys
[2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drivers\wimmount.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2011-05-31 18:09:22 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-31 18:09:24 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys
[2011-05-14 14:15:00 | 000,000,454 | ---- | M] () -- C:\PINGUSMACHINE_20110514141500_ScrubLog.txt
[2011-05-31 18:07:06 | 000,065,642 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_31.05.2011_18.05.41_log.txt

< %PROGRAMFILES%\*. >
[2011-05-12 13:37:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011-03-25 19:00:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2011-01-25 20:09:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011-03-06 12:58:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Stream
[2011-01-06 23:42:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010-12-21 16:55:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BRS
[2011-05-14 17:09:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Business Objects
[2011-05-14 14:38:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010-11-30 15:28:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011-01-25 19:33:43 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011-04-14 17:37:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010-12-02 21:33:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011-01-25 19:33:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2010-11-30 15:00:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2011-05-14 17:10:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Metastorm
[2011-05-14 14:33:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011-05-07 10:05:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011-05-14 14:38:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011-04-22 12:58:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011-05-14 14:38:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011-05-14 14:38:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011-05-14 14:38:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011-04-30 14:48:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011-01-27 14:00:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010-11-30 14:49:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NEC Electronics
[2010-12-18 20:38:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
[2010-12-21 21:42:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PostgreSQL
[2010-12-21 21:45:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PSQLINSTALL
[2010-11-30 14:48:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011-01-25 19:34:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2010-11-30 14:47:55 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009-07-14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011-01-21 14:39:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010-12-20 15:02:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vstplugins
[2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010-12-19 12:36:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010-12-16 22:06:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010-11-30 15:32:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009-07-14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009-07-14 07:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009-07-14 07:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010-12-18 22:44:01 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry


< MD5 for: ATAPI.SYS >
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\ms hdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35 _6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc2 4107935a7e25\explorer.exe
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87 e574ddfe652d\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe 430bc7ce3761\explorer.exe
[2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce 9756e0b786a4\explorer.exe
[2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819 b343c7ba6202\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816 eb59c7bb4020\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa7 9dc39081d0ba\explorer.exe
[2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b033 3b22a99da332\explorer.exe
[2009-08-03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84 b558ac4eb41c\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc 4815c4e292b5\explorer.exe
[2009-10-31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc5 08f19359a007\explorer.exe
[2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d9 5faae0af7617\explorer.exe
[2009-10-31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46 d6aeac7ca7c7\explorer.exe
[2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853 c407c78e3ba9\explorer.exe
[2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada9 98b9936d7566\explorer.exe
[2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b 8100e0dd69c2\explorer.exe
[2011-02-26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79 ed04ac56c4a9\explorer.exe
[2009-08-03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff 19b5932d79ae\explorer.exe

< MD5 for: USERINIT.EXE >
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff 103933038d7c\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381d abbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7 f2bdeea2829c\winlogon.exe
[2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc52 2fd507b468f8\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe5 34e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
Pokerpingu is offline   Reply With Quote
Old 05-31-2011, 12:22 PM   #3
old hand
 
Pokerpingu's Avatar
 
Join Date: Mar 2009
Posts: 1,624
Re: HELP, Do I have a trojan or keylogger

-----------Extras

OTL Extras logfile created on: 31-5-2011 18:12:47 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eric\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,40% Memory free
8,00 Gb Paging File | 6,80 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 93,53 Gb Free Space | 47,91% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 570,37 Gb Free Space | 77,47% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 722,33 Gb Free Space | 77,54% Space Free | Partition Type: NTFS

Computer Name: PINGUSMACHINE | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
"{90120000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B361F88B-D513-9D45-E7F2-871B61C46D32}" = WMV9/VC-1 Video Playback
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B99C4306-3016-4CD8-BF57-5E3385EFDA97}" = Metastorm ProVision 6.2 SR2
"{C3224F3D-3192-40BE-BD24-8183C757B091}" = GPRO Organiser
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP2
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F04899F8-1882-4EF5-BA2C-5B65E41E456A}" = vGO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FB1AA04A-97A8-4928-A51E-8F41841E7861}" = TableNinja
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Fraps" = Fraps (remove only)
"HoldemManager" = Holdem Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PopTools_is1" = PopTools
"PostgreSQL 8.4" = PostgreSQL 8.4
"PunkBusterSvc" = PunkBuster Services
"ST6UNST #1" = PS - Power and Sample Size Calculation
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12140" = Max Payne
"Steam App 12150" = Max Payne 2: The Fall of Max Payne
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 12840" = DiRT 2
"Steam App 22600" = Worms Reloaded
"Steam App 240" = Counter-Strike: Source
"Steam App 2990" = FlatOut 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 400" = Portal
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 44310" = F1 2010„
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 7200" = TrackMania United
"Steam App 9930" = Test Drive Unlimited 2
"T4EPlayer" = T4E Player
"TeamViewer 6" = TeamViewer 6
"Turbo Sliders" = Turbo Sliders (remove only)
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27-5-2011 14:56:28 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 27-5-2011 14:58:42 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll ".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll "
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 28-5-2011 9:04:21 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 28-5-2011 12:13:24 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 28-5-2011 12:15:26 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll ".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll "
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 29-5-2011 11:54:09 | Computer Name = PingusMachine | Source = Application Error | ID = 1000
Description = Faulting application name: T4EPlayer.exe, version: 1.3.0.1, time stamp:
0x4d74afa6 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
0x1204 Faulting application start time: 0x01cc1ded65299b06 Faulting application path:
D:\spellen\T4E Player\T4EPlayer.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: e35c5af9-8a0b-11e0-9546-0025226fd863

Error - 30-5-2011 15:11:59 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack200. exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 30-5-2011 15:14:04 | Computer Name = PingusMachine | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll ".Error
in manifest or policy file "D:\Programs\SPSS\Statistics\19\JRE\bin\unpack.dll "
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 31-5-2011 3:08:48 | Computer Name = PingusMachine | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 8.0.7600.16766 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 820 Start
Time: 01cc1f5e2c749b6a Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: cfffe918-8b54-11e0-806a-0025226fd863

Error - 31-5-2011 11:20:55 | Computer Name = PingusMachine | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_Microsoft Setup Bootstrapper,
version: 14.0.4755.1000, time stamp: 0x4b989df1 Faulting module name: ole32.dll,
version: 6.1.7600.16624, time stamp: 0x4c297c56 Exception code: 0xc0000005 Fault
offset: 0x0002f367 Faulting process id: 0x153c Faulting application start time: 0x01cc1fa64f6b59ea
Faulting
application path: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office
Setup Controller\Setup.exe Faulting module path: C:\Windows\syswow64\ole32.dll Report
Id: 93b6b88c-8b99-11e0-99ef-0025226fd863

[ System Events ]
Error - 30-5-2011 13:47:15 | Computer Name = PingusMachine | Source = DCOM | ID = 10010
Description =

Error - 31-5-2011 2:44:56 | Computer Name = PingusMachine | Source = DCOM | ID = 10010
Description =

Error - 31-5-2011 11:12:44 | Computer Name = PingusMachine | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{1707C13D-E768-4DE8-A228-0D83F95B6099}
because another computer on the network has the same name. The server could not
start.


< End of report >
Pokerpingu is offline   Reply With Quote
Old 05-31-2011, 02:12 PM   #4
enthusiast
 
Join Date: May 2011
Location: Valley of the Sun
Posts: 61
Re: HELP, Do I have a trojan or keylogger

You definitely have something nasty. Quick googles for the "Systray.exe stub trojan" come up with results of people with a similar infection.

I would not trust having that computer on any sort of network (internet-connected or not), and I would begin changing passwords for any sites you may visit on that machine.

The best skill for a Windows user to have is the knowledge of how to low-level format and start over I suggest you do that ASAP.
Alphabits is offline   Reply With Quote
Old 05-31-2011, 02:29 PM   #5
old hand
 
Pokerpingu's Avatar
 
Join Date: Mar 2009
Posts: 1,624
Re: HELP, Do I have a trojan or keylogger

I dont even know how long Iam infected really...... also changes passes woudnt make sense atm.. or i would need to change them on an other pc

Spend last few hours on copying important files to my Mybook.

Is there anything i need to think about when i put the windows 7 cd back into my pc and reboot and reinstall windows? Etc formatting EVERYTHING?


---

Also I really wonder how i got this, I always had the newest viruscanner with updates etc (one of the best advantages of going to uni :P, free licensed software!), always updated everything and never clicked things i did not trust.......... pffffft
Pokerpingu is offline   Reply With Quote
Old 05-31-2011, 03:28 PM   #6
old hand
 
Pokerpingu's Avatar
 
Join Date: Mar 2009
Posts: 1,624
Re: HELP, Do I have a trojan or keylogger

Have been googling some more and the weird thing is, i only find GERMAN sources with this problem. So weird... also they are all dated from within this last week....
Pokerpingu is offline   Reply With Quote
Old 05-31-2011, 04:39 PM   #7
enthusiast
 
Join Date: May 2011
Location: Valley of the Sun
Posts: 61
Re: HELP, Do I have a trojan or keylogger

Don't really weigh on how long you've had the keylogger, weigh it based on the importance of the information stored on the accounts with which the passwords are protecting. For example, change passwords on anything related to banking even if you can't remember if you've logged in on to that account with that computer. Make sense? And yes, change those passwords on another computer or on the machine after you start fresh.

I'm not going to supply rant for "why your anti-virus/anti-malware/whatever software" didn't save you, just know that most bad software these days targets circumvention of those types of software. Windows 7 is a lot better out-of-the-box with regards to default security, but maybe look in to (see stickied post) running as a standard user all the time and only using admin accounts for installing/changing system-level items. Yes, it is very painful, but so is starting from scratch
Alphabits is offline   Reply With Quote
Old 05-31-2011, 05:13 PM   #8
old hand
 
Pokerpingu's Avatar
 
Join Date: Mar 2009
Posts: 1,624
Re: HELP, Do I have a trojan or keylogger

But running programs like HEM and Tableninja always need admin? Isnt that a big hassle
Pokerpingu is offline   Reply With Quote
Old 05-31-2011, 05:23 PM   #9
enthusiast
 
Join Date: May 2011
Location: Valley of the Sun
Posts: 61
Re: HELP, Do I have a trojan or keylogger

Quote:
Originally Posted by Pokerpingu View Post
But running programs like HEM and Tableninja always need admin? Isnt that a big hassle
If you right-click on any application's shortcut and go to Properties, click Advanced on the Shortcut tab. Here you can specify that program to exert admin privileges when it starts. If something runs as a service rather than an application, that is even easier to overcome.
Alphabits is offline   Reply With Quote
Old 05-31-2011, 05:41 PM   #10
enthusiast
 
Join Date: May 2011
Location: Valley of the Sun
Posts: 61
Re: HELP, Do I have a trojan or keylogger

McAfee, Symantec, AVG all claim that they are selling security suite software for PCs. They are merely illusions of security. Think of them as deadbolt locks. Someone with the proper knowledge will know how to circumvent it.

Personally, I feel more vulnerable by having one of the "big three" security suites. Personally, I'd recommend Microsoft's Security Essentials pack or ClamAV/ClamWin to any non-corporate PC user.

Moral of the story: If you have high value for the content that you store on your computer, you probably need to add more layers of security.
Alphabits is offline   Reply With Quote
Old 05-31-2011, 05:52 PM   #11
veteran
 
Join Date: Sep 2008
Location: VA
Posts: 2,202
Re: HELP, Do I have a trojan or keylogger

you don't need to format yet, and i would avoid using passwords rather than change them all, until it is fixed. the extent of my fixing knowledge is running malwarebytes but there are a few experts on this stuff around.
wahoo3 is offline   Reply With Quote
Old 05-31-2011, 07:20 PM   #12
old hand
 
thunderbolts's Avatar
 
Join Date: Aug 2008
Posts: 1,825
Re: HELP, Do I have a trojan or keylogger

OP, don't reformat yet. Just wait for Gabe or someone with similar experience to read your thread. He'll be able to help.

In the meantime, though, don't use that machine for anything sensitive (particularly email, poker and banking). Use a different machine to change passwords on your most important accounts.

One thing he'll make sure you do is update Java - yours is out of date. Outdated environments and plugins are a potential vector of infection. Same goes for Adobe products. When your machine has been cleaned up, you might want to download something like Secunia PSI - it will tell you when software is out of date and help you find updates.

There are several good free antivirus packages out there. I use Avira; Microsoft Security Essentials is (perhaps surprisingly) another good choice.
thunderbolts is offline   Reply With Quote
Old 06-01-2011, 02:56 AM   #13
old hand
 
Pokerpingu's Avatar
 
Join Date: Mar 2009
Posts: 1,624
Re: HELP, Do I have a trojan or keylogger

Can you also have both, Microsoft Securiuty Essentials and Mcafee, I dont think so right?

And how would I know if that program is gone, my pc is really clean. I'am already leaning towards formatting my pc alot... since every source I found about this problem, the OP formatted his pc in the end...

I really dont like the feeling of not being sure if you have a virus or not but this is clearly one. And indeed maybe I should wait for someone with more knowledge, but if I'am going to make a clean start I better to it ASAP lol
Pokerpingu is offline   Reply With Quote
Old 06-01-2011, 02:57 AM   #14
Malware Jedi
 
Gabethebabe's Avatar
 
Join Date: Oct 2007
Location: In front of my monitor
Posts: 18,814
Re: HELP, Do I have a trojan or keylogger

Quote:
Originally Posted by Alphabits View Post
The best skill for a Windows user to have is the knowledge of how to low-level format and start over I suggest you do that ASAP.
With all due respect gtfo
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
Code:
:files
C:\Recycle.Bin\Recycle.Bin.exe
C:\Users\Eric\AppData\Local\{BE673D5C-12A3-43F5-A37E-3F719F6E1D70}
C:\Users\Eric\AppData\Local\{1169CE5E-7DA4-4FBB-B184-7E5398B34D6D}
C:\Users\Eric\AppData\Local\{B7A5BDC1-D12B-45F1-96B2-CFF832B55FD5}
C:\Users\Eric\AppData\Local\{0CA95843-5098-4072-A546-CDD5BADA4E33}
C:\Users\Eric\AppData\Local\{DE8BCFE9-7093-4207-85A0-406B84A2E42A}
C:\Users\Eric\AppData\Local\{19D489C3-8E7D-4582-A403-D25673BFE915}
C:\Users\Eric\AppData\Local\{4D5736C6-7192-41B4-801A-354E0AC3376B}
C:\Users\Eric\AppData\Local\{90FC1D79-03E8-4820-A230-7F2AA249D2DA}
C:\Users\Eric\AppData\Local\{72DC0611-DD79-4C47-91DA-A1F128AA985B}
C:\Users\Eric\AppData\Local\{21C210AA-7945-4B6F-BB91-6C8E99F9ACB5}
C:\Users\Eric\AppData\Local\{AFE80141-684F-489B-97AD-7B06580892B0}
C:\Users\Eric\AppData\Local\{F85CAACE-3A4F-4253-85E9-F1F5BAFB458C}
C:\Users\Eric\AppData\Local\{2EB25294-0FEB-41AE-B930-E83C5BF99DFE}
C:\Users\Eric\AppData\Local\{429CC2F2-F8DB-4D2B-9711-CFD7D508E87B}
C:\Users\Eric\AppData\Local\{9B4BFBDE-C6B2-42A1-B10F-C610487DDC92}
C:\Users\Eric\AppData\Local\{4CEEB5AE-A774-4B4F-8A68-56DCFC98B474}
C:\Users\Eric\AppData\Local\{90076388-1B85-47FC-9A5F-56137938B4A3}
C:\Users\Eric\AppData\Local\{17884C69-42F3-4488-9F7F-87D70D20B33A}
C:\Users\Eric\AppData\Local\{62018F9C-52C2-4DA4-9AB5-4F88E72A9B89}
C:\Users\Eric\AppData\Local\{E8FCFAC0-7A29-400F-8162-EA100CC0B108}
C:\Users\Eric\AppData\Local\{026BEBAE-DADC-4655-A1FA-D70BBA85CAD2}
C:\Users\Eric\AppData\Local\{B2B38C8B-EC84-4819-B15B-524FBC013207}
C:\Users\Eric\AppData\Local\{EAADACC6-7B3B-4795-B8F8-9EE16A1C37A9}
C:\Users\Eric\AppData\Local\{13839B98-1C1C-46F1-92CB-3C914EAFBFBF}
C:\Users\Eric\AppData\Local\{D3FEB88D-AC67-4B78-8381-F6C84A313692}
C:\Users\Eric\AppData\Local\{BF9E1A82-B3FF-4C6A-8975-D03055775B79}
C:\Users\Eric\AppData\Local\{D4429B65-E792-4391-A89E-D0534A2C334E}
C:\Users\Eric\AppData\Local\{752F83CF-8772-43C0-8F09-FA27AE599869}
C:\Users\Eric\AppData\Local\{F663A967-8503-4A60-B02E-FE08D9AB49F3}
C:\Users\Eric\AppData\Local\{7DF84322-BEB8-40DF-B883-87AB8300310A}
C:\Users\Eric\AppData\Local\{079C5FAF-1F25-4F5F-A435-AFC65049DF03}
C:\Users\Eric\AppData\Local\{07C9B128-D098-4ECA-BA73-32D9567D43A6}
C:\Users\Eric\AppData\Local\{8B8AEED9-4AB2-4A23-ADAB-8777FC9A67D8}
C:\Users\Eric\AppData\Local\{45E5DD48-5A0B-4D1E-93EC-68A5748CF58F}
C:\Users\Eric\AppData\Local\{29A95F3D-656B-4B58-B0DE-DA620CD2095D}
C:\Users\Eric\AppData\Local\{9432986F-71B8-41BC-8A20-BACC4EB8D187}
C:\Users\Eric\AppData\Local\{9436EE24-CA13-4F57-B35E-1EDCC9E0BBE6}
C:\Users\Eric\AppData\Local\{AC684BA5-FF0E-4CB3-9D9A-B7D2FDF6728B}

:otl
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (Iggptulsy Cyojgq)
O32 - AutoRun File - [2008-11-05 13:19:36 | 000,000,052 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]

:commands
[emptytemp]
[reboot]
  • Then click the Run Fix button at the top.
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)
====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.
Post the contents of the MBAM log in your next reply, please.
Gabethebabe is offline   Reply With Quote
Old 06-01-2011, 03:10 AM   #15
old hand
 
Pokerpingu's Avatar
 
Join Date: Mar 2009
Posts: 1,624
Re: HELP, Do I have a trojan or keylogger

------I ran OTL with the quote you stated and clicked RUn fix, It asked for a reboot which went smootlhy, I just checked taskbar and the weird .exe file with the stated description is already gone? You are quite amazing sir, thanks, nice hand------


-----LOG FILES -------

All processes killed
========== FILES ==========
C:\Recycle.Bin\Recycle.Bin.exe moved successfully.
C:\Users\Eric\AppData\Local\{BE673D5C-12A3-43F5-A37E-3F719F6E1D70} folder moved successfully.
C:\Users\Eric\AppData\Local\{1169CE5E-7DA4-4FBB-B184-7E5398B34D6D} folder moved successfully.
C:\Users\Eric\AppData\Local\{B7A5BDC1-D12B-45F1-96B2-CFF832B55FD5} folder moved successfully.
C:\Users\Eric\AppData\Local\{0CA95843-5098-4072-A546-CDD5BADA4E33} folder moved successfully.
C:\Users\Eric\AppData\Local\{DE8BCFE9-7093-4207-85A0-406B84A2E42A} folder moved successfully.
C:\Users\Eric\AppData\Local\{19D489C3-8E7D-4582-A403-D25673BFE915} folder moved successfully.
C:\Users\Eric\AppData\Local\{4D5736C6-7192-41B4-801A-354E0AC3376B} folder moved successfully.
C:\Users\Eric\AppData\Local\{90FC1D79-03E8-4820-A230-7F2AA249D2DA} folder moved successfully.
C:\Users\Eric\AppData\Local\{72DC0611-DD79-4C47-91DA-A1F128AA985B} folder moved successfully.
C:\Users\Eric\AppData\Local\{21C210AA-7945-4B6F-BB91-6C8E99F9ACB5} folder moved successfully.
C:\Users\Eric\AppData\Local\{AFE80141-684F-489B-97AD-7B06580892B0} folder moved successfully.
C:\Users\Eric\AppData\Local\{F85CAACE-3A4F-4253-85E9-F1F5BAFB458C} folder moved successfully.
C:\Users\Eric\AppData\Local\{2EB25294-0FEB-41AE-B930-E83C5BF99DFE} folder moved successfully.
C:\Users\Eric\AppData\Local\{429CC2F2-F8DB-4D2B-9711-CFD7D508E87B} folder moved successfully.
C:\Users\Eric\AppData\Local\{9B4BFBDE-C6B2-42A1-B10F-C610487DDC92} folder moved successfully.
C:\Users\Eric\AppData\Local\{4CEEB5AE-A774-4B4F-8A68-56DCFC98B474} folder moved successfully.
C:\Users\Eric\AppData\Local\{90076388-1B85-47FC-9A5F-56137938B4A3} folder moved successfully.
C:\Users\Eric\AppData\Local\{17884C69-42F3-4488-9F7F-87D70D20B33A} folder moved successfully.
C:\Users\Eric\AppData\Local\{62018F9C-52C2-4DA4-9AB5-4F88E72A9B89} folder moved successfully.
C:\Users\Eric\AppData\Local\{E8FCFAC0-7A29-400F-8162-EA100CC0B108} folder moved successfully.
C:\Users\Eric\AppData\Local\{026BEBAE-DADC-4655-A1FA-D70BBA85CAD2} folder moved successfully.
C:\Users\Eric\AppData\Local\{B2B38C8B-EC84-4819-B15B-524FBC013207} folder moved successfully.
C:\Users\Eric\AppData\Local\{EAADACC6-7B3B-4795-B8F8-9EE16A1C37A9} folder moved successfully.
C:\Users\Eric\AppData\Local\{13839B98-1C1C-46F1-92CB-3C914EAFBFBF} folder moved successfully.
C:\Users\Eric\AppData\Local\{D3FEB88D-AC67-4B78-8381-F6C84A313692} folder moved successfully.
C:\Users\Eric\AppData\Local\{BF9E1A82-B3FF-4C6A-8975-D03055775B79} folder moved successfully.
C:\Users\Eric\AppData\Local\{D4429B65-E792-4391-A89E-D0534A2C334E} folder moved successfully.
C:\Users\Eric\AppData\Local\{752F83CF-8772-43C0-8F09-FA27AE599869} folder moved successfully.
C:\Users\Eric\AppData\Local\{F663A967-8503-4A60-B02E-FE08D9AB49F3} folder moved successfully.
C:\Users\Eric\AppData\Local\{7DF84322-BEB8-40DF-B883-87AB8300310A} folder moved successfully.
C:\Users\Eric\AppData\Local\{079C5FAF-1F25-4F5F-A435-AFC65049DF03} folder moved successfully.
C:\Users\Eric\AppData\Local\{07C9B128-D098-4ECA-BA73-32D9567D43A6} folder moved successfully.
C:\Users\Eric\AppData\Local\{8B8AEED9-4AB2-4A23-ADAB-8777FC9A67D8} folder moved successfully.
C:\Users\Eric\AppData\Local\{45E5DD48-5A0B-4D1E-93EC-68A5748CF58F} folder moved successfully.
C:\Users\Eric\AppData\Local\{29A95F3D-656B-4B58-B0DE-DA620CD2095D} folder moved successfully.
C:\Users\Eric\AppData\Local\{9432986F-71B8-41BC-8A20-BACC4EB8D187} folder moved successfully.
C:\Users\Eric\AppData\Local\{9436EE24-CA13-4F57-B35E-1EDCC9E0BBE6} folder moved successfully.
C:\Users\Eric\AppData\Local\{AC684BA5-FF0E-4CB3-9D9A-B7D2FDF6728B} folder moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\4E3E0230AEBB4E96 deleted successfully.
File C:\Recycle.Bin\Recycle.Bin.exe not found.
G:\autorun.inf moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 7695288 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eric
->Temp folder emptied: 288574 bytes
->Temporary Internet Files folder emptied: 81016296 bytes
->Java cache emptied: 14539977 bytes
->FireFox cache emptied: 48584160 bytes
->Flash cache emptied: 199205 bytes

User: postgres
->Temp folder emptied: 7693750 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33907024 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 82344 bytes

Total Files Cleaned = 185,00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06012011_090444

Files\Folders moved on Reboot...
C:\Users\Eric\AppData\Local\Temp\McAfeeLogs\Update rUI_PINGUSMACHINE.log moved successfully.
C:\Users\Eric\AppData\Local\Temp\McAfeeLogs\Update rUI_PINGUSMACHINE_error.log moved successfully.
C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFil e.txt moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\urlclassifier3.sqlite moved successfully.
C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profil es\mh53hpfw.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...





~Gonna run Malwarebytes now like you stated. Do you got any idea what this virus was? Amazing stuff going on here.
Pokerpingu is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All times are GMT -4. The time now is 11:01 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright 2008-2010, Two Plus Two Interactive