Virus causing things to stop working?

View previous topic View next topic Go down

Virus causing things to stop working?

Post by merlin7tx on 14th January 2010, 1:55 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:17, on 14/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe
C:\Users\samsung\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Message Queuing Service (MSMQSVC) - Unknown owner - C:\Windows\system32\mqsv32.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 6583 bytes



For about a week now, my mouse has magically stopped working, webcam doesn't work, and now my harddrive is not reading my Sims 3 CD. I know the CD works just fine, so I don't get what's going on, other than it has to be a virus or something.

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 14th January 2010, 7:25 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O23 - Service: Message Queuing Service (MSMQSVC) - Unknown owner - C:\Windows\system32\mqsv32.exe (file missing)



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 15th January 2010, 12:58 am

Malwarebytes' Anti-Malware 1.44
Database version: 3565
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

15/01/2010 09:58:08
mbam-log-2010-01-15 (09-58-08).txt

Scan type: Quick Scan
Objects scanned: 107775
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\samsung\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


ok but mouse and webcam still not working. Also, now the H: drive is saying there is a Sim 2 Freetime CD in there and there isn't.

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 15th January 2010, 7:29 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 16th January 2010, 5:03 am

OTL logfile created on: 16/01/2010 13:57:35 - Run 2
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\samsung\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89.00 Gb Total Space | 7.31 Gb Free Space | 8.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 980.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: SAMSUNG-PC
Current User Name: samsung
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/16 13:53:33 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\samsung\Desktop\OTL.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 15:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/15 22:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 22:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/09/10 22:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/18 17:18:52 | 00,150,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/06/18 17:18:48 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/06/18 17:18:46 | 00,145,944 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/06/18 17:18:42 | 00,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/18 17:18:36 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/06/12 22:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/05/23 14:11:56 | 00,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/05/23 13:43:52 | 00,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/22 17:33:54 | 00,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/05/13 09:13:28 | 00,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2008/04/25 21:31:34 | 00,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008/04/17 15:26:46 | 00,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008/04/17 11:50:00 | 06,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/12 13:19:52 | 01,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/02/12 13:19:52 | 00,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/01/21 11:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/16 17:37:38 | 00,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2007/07/05 07:41:42 | 00,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007/05/14 11:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 13:53:33 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\samsung\Desktop\OTL.exe
MOD - [2008/01/21 11:33:14 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MSMQSVC)
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/15 22:31:53 | 00,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 22:30:02 | 00,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/09/10 22:01:28 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/23 14:11:56 | 00,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/05/23 13:43:52 | 00,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/05/13 08:47:20 | 00,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008/01/21 11:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 17:37:38 | 00,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2007/05/14 11:54:36 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/28 04:20:46 | 00,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/28 04:20:20 | 00,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/28 04:20:08 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/03/27 08:51:09 | 00,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/27 08:51:06 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/26 18:00:30 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/03 15:38:11 | 00,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008/06/16 21:38:10 | 00,318,488 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/06/12 18:43:16 | 02,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/12 18:43:16 | 02,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/06/04 17:54:22 | 00,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/05/08 18:51:18 | 00,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2008/04/17 16:31:00 | 02,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/28 19:19:54 | 01,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008/02/14 08:17:10 | 00,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/01/21 11:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 11:32:53 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 11:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 11:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 11:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 11:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 11:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 11:32:51 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 11:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 11:32:50 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 11:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 11:32:49 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 11:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 11:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 11:32:49 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 11:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 11:32:48 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 11:32:48 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 11:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 11:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 11:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 11:32:45 | 02,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 11:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 11:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 11:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 11:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/28 10:51:00 | 00,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/13 15:17:58 | 00,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/16 07:20:26 | 00,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/07/16 07:20:24 | 00,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/03/01 18:34:22 | 00,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/11/28 16:11:00 | 01,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 18:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 18:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 18:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 18:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 18:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 18:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 18:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 18:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 18:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 18:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 18:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 17:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 17:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 17:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 17:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 17:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 17:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 16:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 16:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 15:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2002/07/17 08:53:02 | 00,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "google.com"


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 20:18:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 20:18:51 | 00,000,000 | ---D | M]

[2009/08/20 19:29:12 | 00,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\mozilla\Extensions
[2009/08/20 19:29:12 | 00,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/01/15 19:30:29 | 00,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\mozilla\Firefox\Profiles\o6n5ba6b.default\extensions
[2009/04/06 12:57:38 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\samsung\AppData\Roaming\mozilla\Firefox\Profiles\o6n5ba6b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/31 20:08:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Korean IME Migration] C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 210.220.163.82 219.250.36.130
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\samsung\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\samsung\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 06:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 14:31:08 | 00,000,000 | R--D | M] - H:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008/01/12 14:40:28 | 00,703,552 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/01/12 00:17:04 | 00,662,592 | R--- | M] (Electronic Arts Inc.) - H:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008/01/12 14:40:09 | 00,000,150 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{73bd0cfd-3c73-11de-bee7-002269db88eb}\Shell\AutoRun\command - "" = fg8m.exe
O33 - MountPoints2\{73bd0cfd-3c73-11de-bee7-002269db88eb}\Shell\explore\Command - "" = fg8m.exe
O33 - MountPoints2\{73bd0cfd-3c73-11de-bee7-002269db88eb}\Shell\open\Command - "" = fg8m.exe
O33 - MountPoints2\{882ba06e-cf10-11de-9e68-002269db88eb}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
O33 - MountPoints2\{882ba156-cf10-11de-9e68-002269db88eb}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{a472e44c-d1b7-11dd-a255-002269db88eb}\Shell\Open\command - "" = H:\resycled\boot.com -- File not found
O33 - MountPoints2\{ce2c3a7b-9817-11de-97b5-002269db88eb}\Shell\AutoRun\command - "" = I:\fg8m.exe -- File not found
O33 - MountPoints2\{ce2c3a7b-9817-11de-97b5-002269db88eb}\Shell\explore\Command - "" = I:\fg8m.exe -- File not found
O33 - MountPoints2\{ce2c3a7b-9817-11de-97b5-002269db88eb}\Shell\open\Command - "" = I:\fg8m.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008/01/12 14:40:28 | 00,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/16 13:53:17 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\samsung\Desktop\OTL.exe
[2010/01/13 17:59:02 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 17:59:02 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/09 19:18:06 | 00,000,000 | ---D | C] -- C:\Program Files\iriver
[2010/01/03 18:14:11 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Skype
[2010/01/03 18:13:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/01/03 18:13:44 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/12/31 20:05:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2009/12/30 09:46:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Flood Light Games
[2009/12/29 22:55:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2009/12/29 22:52:34 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Virtual City
[2009/12/29 22:47:52 | 00,000,000 | ---D | C] -- C:\Program Files\Virtual City
[2009/12/29 22:45:05 | 00,000,000 | ---D | C] -- C:\Program Files\Agatha Christie Dead Mans Folly
[2009/12/29 21:01:17 | 00,000,000 | ---D | C] -- C:\Program Files\Fashion Assistant
[2009/12/27 11:57:44 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Gamers Digital
[2009/12/27 11:57:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Gamers Digital
[2009/12/27 09:15:27 | 00,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2009/12/24 23:47:34 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Big Fish Games
[2009/12/24 22:43:32 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\ChaYoWo Games
[2009/12/23 19:24:26 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Local\Artist Colony
[2009/12/23 19:24:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Artist Colony
[2009/12/22 20:02:18 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Orneon
[2009/12/22 09:38:45 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\ERS G-Studio
[2009/12/19 14:28:14 | 00,000,000 | ---D | C] -- C:\Users\samsung\Documents\MyHeritage
[2009/12/19 14:28:13 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\MyHeritage
[2009/12/19 14:28:13 | 00,000,000 | ---D | C] -- C:\ProgramData\MyHeritage
[2009/12/19 14:27:59 | 00,000,000 | ---D | C] -- C:\Program Files\Family Toolbar
[2009/12/19 14:27:53 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx
[2009/12/19 14:27:53 | 00,372,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ijl15.dll
[2009/12/19 14:27:52 | 00,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmapi32.ocx
[2009/12/19 14:27:52 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2009/12/19 14:26:40 | 00,000,000 | ---D | C] -- C:\MyHeritage
[2009/12/19 13:56:32 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Millennia
[2009/12/19 13:56:32 | 00,000,000 | ---D | C] -- C:\Users\samsung\Documents\Legacy Charts
[2009/12/19 13:48:42 | 00,000,000 | ---D | C] -- C:\Legacy
[2006/11/24 14:14:44 | 00,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006/11/24 14:14:44 | 00,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll

========== Files - Modified Within 30 Days ==========

[2010/01/16 13:57:36 | 03,407,872 | -HS- | M] () -- C:\Users\samsung\NTUSER.DAT
[2010/01/16 13:53:33 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\samsung\Desktop\OTL.exe
[2010/01/16 12:36:49 | 00,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/16 12:36:49 | 00,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/15 12:41:33 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/15 12:41:33 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/15 12:41:33 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/15 12:37:48 | 00,109,056 | ---- | M] () -- C:\Users\samsung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/15 12:36:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/15 12:36:48 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/15 09:59:35 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/15 09:59:25 | 00,524,288 | -HS- | M] () -- C:\Users\samsung\NTUSER.DAT{36f5d6c3-d2a0-11dd-948d-002269db88eb}.TMContainer00000000000000000001.regtrans-ms
[2010/01/15 09:59:25 | 00,065,536 | -HS- | M] () -- C:\Users\samsung\NTUSER.DAT{36f5d6c3-d2a0-11dd-948d-002269db88eb}.TM.blf
[2010/01/15 09:59:22 | 01,712,974 | -H-- | M] () -- C:\Users\samsung\AppData\Local\IconCache.db
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/03 18:13:46 | 00,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/12/24 19:08:33 | 00,091,558 | ---- | M] () -- C:\Users\samsung\Desktop\AJH-BarredOwl-mouse.jpg
[2009/12/20 00:24:59 | 00,000,894 | ---- | M] () -- C:\Windows\MyHeritage.INI
[2009/12/19 14:28:00 | 00,000,668 | ---- | M] () -- C:\Users\samsung\Desktop\MyHeritage Family Tree Builder.lnk

========== Files Created - No Company Name ==========

[2010/01/09 19:27:05 | 00,002,728 | ---- | C] () -- C:\Windows\System32\mini_spectrum2.swf
[2010/01/09 19:18:19 | 00,077,824 | ---- | C] () -- C:\Windows\System32\csdlocalmon.dll
[2010/01/03 18:13:46 | 00,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/12/24 19:08:32 | 00,091,558 | ---- | C] () -- C:\Users\samsung\Desktop\AJH-BarredOwl-mouse.jpg
[2009/12/19 14:29:47 | 00,000,894 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2009/12/19 14:28:00 | 00,000,668 | ---- | C] () -- C:\Users\samsung\Desktop\MyHeritage Family Tree Builder.lnk
[2009/12/19 14:27:53 | 00,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009/11/21 18:40:00 | 00,034,033 | ---- | C] () -- C:\Users\samsung\AppData\Roaming\SQLite3.dll
[2009/09/08 01:41:46 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/13 01:52:36 | 00,000,050 | ---- | C] () -- C:\Windows\Progs_.ini
[2009/06/26 01:18:07 | 00,005,055 | ---- | C] () -- C:\ProgramData\ywasvxup.hvs
[2009/06/26 00:32:42 | 00,000,119 | ---- | C] () -- C:\Windows\Video Converter Standard.ini
[2009/06/26 00:30:11 | 00,000,058 | ---- | C] () -- C:\Windows\pro Video Converter Standard.ini
[2009/05/19 13:53:08 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/02 17:33:57 | 00,000,000 | ---- | C] () -- C:\Windows\System32\xwr89476.dll
[2009/05/02 17:33:57 | 00,000,000 | ---- | C] () -- C:\Windows\System32\wr89476.dll
[2009/03/27 08:51:09 | 00,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/03/27 08:51:06 | 00,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/19 00:03:51 | 00,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2009/02/16 13:31:18 | 00,032,940 | ---- | C] () -- C:\Users\samsung\AppData\Local\slot2.mm1
[2009/02/16 13:26:42 | 00,003,580 | ---- | C] () -- C:\Users\samsung\AppData\Local\slot1.mm1
[2009/01/01 06:02:39 | 00,001,356 | ---- | C] () -- C:\Users\samsung\AppData\Local\d3d9caps.dat
[2008/12/26 09:06:17 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/12/24 00:41:13 | 00,109,056 | ---- | C] () -- C:\Users\samsung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 15:47:49 | 00,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008/07/03 15:44:28 | 00,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008/07/03 15:44:28 | 00,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008/07/03 15:33:31 | 00,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008/07/03 15:31:18 | 00,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/07/03 14:03:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/07/03 14:03:18 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2007/05/15 17:07:10 | 00,069,632 | ---- | C] () -- C:\Windows\System32\CSD_IRIVER_GEN.DLL
[2007/02/15 16:51:02 | 00,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006/11/29 17:00:28 | 00,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006/11/02 16:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/09 10:01:28 | 00,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/03/06 19:47:48 | 00,077,560 | ---- | C] () -- C:\Windows\System32\libungif.dll

========== Files - Unicode (All) ==========
[2008/12/24 00:30:23 | 00,000,000 | -HSD | M](C:\ProgramData\?? ??) -- C:\ProgramData\시작 메뉴
[2008/12/24 00:30:23 | 00,000,000 | -HSD | M](C:\ProgramData\?? ??) -- C:\ProgramData\바탕 화면
[2008/12/24 00:30:23 | 00,000,000 | -HSD | M](C:\ProgramData\?? ??) -- C:\ProgramData\시작 메뉴
[2008/12/24 00:30:23 | 00,000,000 | -HSD | M](C:\ProgramData\?? ??) -- C:\ProgramData\바탕 화면
[2008/12/24 00:30:23 | 00,000,000 | -HSD | C](C:\ProgramData\?? ??) -- C:\ProgramData\시작 메뉴
[2008/12/24 00:30:23 | 00,000,000 | -HSD | C](C:\ProgramData\?? ??) -- C:\ProgramData\바탕 화면
(C:\ProgramData\?? ??) -- C:\ProgramData\시작 메뉴
(C:\ProgramData\?? ??) -- C:\ProgramData\바탕 화면

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18BFD8F8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
< End of report >


I didn't see an Extra file anywhere.

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 16th January 2010, 5:05 am

Nevermind, found it.

Extra File Info

OTL Extras logfile created on: 16/01/2010 14:03:44 - Run 3
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\samsung\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89.00 Gb Total Space | 7.31 Gb Free Space | 8.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 980.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: SAMSUNG-PC
Current User Name: samsung
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\windows\update.exe" = C:\windows\update.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Windows\system32\iexplorer.exe" = C:\Windows\system32\iexplorer.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C0538C-B093-4034-ADE3-B4BFD0512ADE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0577C3A0-8013-454D-A4AE-65FC6FC3F6C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{0FDBFB81-58A1-4207-A768-7B6D040A4A19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31340AD6-871E-4138-AE09-2AC14A7E4D45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5A5F6E16-0CBA-4BCB-A67E-4BEB7522C9F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5D50B3D5-0D5C-4C65-AA20-39B2BAAAEC7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{645D25B4-62A2-42A6-ACF0-8912BDC48D57}" = lport=2869 | protocol=6 | dir=in | app=system |
"{691842F2-F129-4651-A6EA-54EDA2C6A43C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EC9872C-BA67-49ED-B561-1AE3843EB7A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7613E339-AEB6-4596-8217-7E17E710E9F0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8170D3F5-92C1-4FFB-8B9A-DF6E6E1F5DEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85ACDEDA-50BB-40D9-A2B1-A9154402D624}" = rport=137 | protocol=17 | dir=out | app=system |
"{8A1660A5-0260-4BCB-B905-457B688A17C5}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C53FBA5-15CA-4583-A493-432E30A81BD6}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A6159A9-BDB4-44AE-8B6E-952E8108D77C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9BF406FE-E644-4117-B9A0-E9CD255AB01F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A10CD89F-C638-425C-B355-897A43A6D251}" = lport=139 | protocol=6 | dir=in | app=system |
"{C14C2060-C552-4138-86F4-BEF8F1935457}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5D8BB8F-AA08-48A2-B22A-D73D002D467D}" = rport=139 | protocol=6 | dir=out | app=system |
"{D041D8C2-F29F-490F-8BEA-C216FDD5EB44}" = rport=138 | protocol=17 | dir=out | app=system |
"{DC1C3FB3-F0FC-4C25-881D-2D22BF6C036E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EBF683-81EE-4C3F-A8DB-F4E41FBB65DA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0E16D245-6D12-49B9-A08F-A02907ABAD0E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{13AEB686-A943-4CCA-A328-5F1A4E59FB3B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{13C4F4BD-17B5-40AB-AD5C-6B96AC280A8C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{151A7910-3ABD-4868-B08F-963F0DACC779}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{21154F6B-D6C1-4A85-8C7F-A25658C92EC2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{38461AA5-5620-4731-836C-61A6374CF0B3}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{3FEAF90F-9292-412C-9770-24F5F29120E5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4DA6A084-D319-4632-B48F-6268ACEC809F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{542C0A0E-02AC-4452-B916-7D87F9FDBDC6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6DA59ABB-10B1-476B-986E-A4245671A952}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75091ECF-5672-419F-A414-5016E52346D0}" = protocol=58 | dir=in | app=system |
"{8D75CF63-E7D4-40DB-B99F-0FC743711CC8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9FCFD78A-33D2-43D2-9FE4-B591C37EB167}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A2F5BF90-C8D5-4526-A395-B5090623BD1A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4439EEA-195B-4CA0-8DA7-394694933D1C}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{BF57E137-475A-449D-802B-1B04575AC077}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C89EA34E-D488-4820-B914-097012F9E529}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAE1D2A4-4613-46C6-BE6D-3C0B9DA7FA8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D10793B9-9EA5-463D-9329-4BE2F20A0B99}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{F1010F11-BDF7-429D-AAD7-BC55006AA49A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{F1A633FF-C223-452C-8860-C8F78BF420D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F285A09A-8002-41C1-8358-E5C25BC56E77}" = protocol=6 | dir=in | app=c:\windows\system32\p3melonsvr.exe |
"{F4EBF22A-ECC4-4C66-A548-EF62FF6C18D9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FC7AB518-5A7E-4F5B-BB72-966CCB558891}" = protocol=17 | dir=in | app=c:\windows\system32\p3melonsvr.exe |
"TCP Query User{37F7C2E3-2B22-4944-B04E-EF68DB292AA0}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{68F49154-097E-4310-A7F7-A698F67F5CCC}C:\program files\gretech\gomplayer\gom.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomplayer\gom.exe |
"TCP Query User{719114E0-6F91-40AB-B712-18C651AF8EFD}C:\windows\system32\iexplorer.exe" = protocol=6 | dir=in | app=c:\windows\system32\iexplorer.exe |
"TCP Query User{83C4C6A9-DC5F-4A25-AB3F-F150B3DDEC7B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{856789C9-F03E-470B-8B26-B08E6A662EBB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{DFF3668D-B8B4-4B9D-897F-2F7838B1F54A}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{F64ED395-EF55-4014-BA91-51F984953713}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{0F9B9361-32BD-4C80-AD0B-4F2F992C706F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5F4BB218-D3C5-4084-80B9-78A69D29B3F6}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{62A7653A-F467-4B55-A9B2-7D0CE56CAF07}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6B11CCA9-621D-4910-9ED1-C5E16F01E4C9}C:\windows\system32\iexplorer.exe" = protocol=17 | dir=in | app=c:\windows\system32\iexplorer.exe |
"UDP Query User{9D8F2EA9-BA98-4273-9586-71C407667169}C:\program files\gretech\gomplayer\gom.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomplayer\gom.exe |
"UDP Query User{9EDF884E-7D6B-469D-A3BA-C36A00994003}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{DBBDE289-08DB-454C-8A72-C180A5CB08C4}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2B7E5C72-B312-48F0-B1D5-41BAA3FB1665}" = DnFGuide
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2E3AFEE4-F8F9-4B0A-ACEC-2A05197EB1B1}" = PC Troubleshooting
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{629C9047-541D-4682-9CFB-0431D17C8D2F}" = nTracker
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0412-0000-0000000FF1CE}" = Microsoft Office Access MUI (Korean) 2007
"{90120000-0015-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0412-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Korean) 2007
"{90120000-0016-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0412-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Korean) 2007
"{90120000-0018-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0412-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Korean) 2007
"{90120000-0019-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0412-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Korean) 2007
"{90120000-001A-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0412-0000-0000000FF1CE}" = Microsoft Office Word MUI (Korean) 2007
"{90120000-001B-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007
"{90120000-001F-0412-0000-0000000FF1CE}_PROHYBRIDR_{B017C4D5-E774-4A94-A8E3-380489B86F47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0412-0000-0000000FF1CE}_PROPLUS_{B017C4D5-E774-4A94-A8E3-380489B86F47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
"{90120000-0028-0412-0000-0000000FF1CE}_PROHYBRIDR_{15281683-B481-47B8-A981-7043F35441FF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0412-0000-0000000FF1CE}_PROPLUS_{15281683-B481-47B8-A981-7043F35441FF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0412-0000-0000000FF1CE}" = Microsoft Office Proofing (Korean) 2007
"{90120000-0044-0412-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Korean) 2007
"{90120000-0044-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0412-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Korean) 2007
"{90120000-006E-0412-0000-0000000FF1CE}_PROHYBRIDR_{54E2904F-86F8-459E-AADA-FE0D01DDDC5E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0412-0000-0000000FF1CE}_PROPLUS_{54E2904F-86F8-459E-AADA-FE0D01DDDC5E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = 인텔(R) PROSet/무선 WiFi 소프트웨어
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC9B1280-16A8-4CC3-97FA-86C6392B2D08}" = DnFScreensaver
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Artist Colony 1.00" = Artist Colony 1.00
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comical_is1" = Comical 0.8
"EADM" = EA Download Manager
"Family Tree Builder" = MyHeritage Family Tree Builder
"FrostWire" = FrostWire 4.17.2
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2E3AFEE4-F8F9-4B0A-ACEC-2A05197EB1B1}" = PC Troubleshooting
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"iriver plus 3" = iriver plus 3 (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Virtual City" = Virtual City
"Vuze" = Vuze
"WinLiveSuite_Wave3" = Windows Live Essentials
"XecureWeb Control" = XecureWeb Control
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/12/2009 06:53:07 | Computer Name = samsung-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 09/12/2009 06:53:07 | Computer Name = samsung-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 09/12/2009 06:53:07 | Computer Name = samsung-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 09/12/2009 06:53:07 | Computer Name = samsung-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 09/12/2009 06:53:28 | Computer Name = samsung-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 09/12/2009 06:53:28 | Computer Name = samsung-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 09/12/2009 14:23:40 | Computer Name = samsung-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2009 09:31:17 | Computer Name = samsung-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/12/2009 17:46:30 | Computer Name = samsung-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/12/2009 05:50:21 | Computer Name = samsung-PC | Source = Windows Search Service | ID = 3013
Description =

[ OSession Events ]
Error - 19/04/2009 01:34:08 | Computer Name = samsung-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 76472
seconds with 960 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/12/2008 05:42:53 | Computer Name = samsung-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 24/12/2008 05:42:53 | Computer Name = samsung-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 24/12/2008 05:42:53 | Computer Name = samsung-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 24/12/2008 06:11:53 | Computer Name = samsung-PC | Source = HTTP | ID = 15016
Description =

Error - 24/12/2008 06:13:11 | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/12/2008 06:17:28 | Computer Name = samsung-PC | Source = HTTP | ID = 15016
Description =

Error - 24/12/2008 09:18:58 | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 24/12/2008 09:59:10 | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 24/12/2008 11:26:57 | Computer Name = samsung-PC | Source = HTTP | ID = 15016
Description =

Error - 24/12/2008 11:27:44 | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 16th January 2010, 9:09 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O32 - AutoRun File - [2006/09/19 06:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/01/12 14:31:08 | 00,000,000 | R--D | M] - H:\AutoRun -- [ UDF ]
    O32 - AutoRun File - [2008/01/12 14:40:28 | 00,703,552 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ UDF ]
    O32 - AutoRun File - [2008/01/12 00:17:04 | 00,662,592 | R--- | M] (Electronic Arts Inc.) - H:\AutoRunGUI.dll -- [ UDF ]
    O32 - AutoRun File - [2008/01/12 14:40:09 | 00,000,150 | R--- | M] () - H:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{73bd0cfd-3c73-11de-bee7-002269db88eb}\Shell\AutoRun\command - "" = fg8m.exe
    O33 - MountPoints2\{73bd0cfd-3c73-11de-bee7-002269db88eb}\Shell\explore\Command - "" = fg8m.exe
    O33 - MountPoints2\{73bd0cfd-3c73-11de-bee7-002269db88eb}\Shell\open\Command - "" = fg8m.exe
    O33 - MountPoints2\{882ba06e-cf10-11de-9e68-002269db88eb}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
    O33 - MountPoints2\{882ba156-cf10-11de-9e68-002269db88eb}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
    O33 - MountPoints2\{a472e44c-d1b7-11dd-a255-002269db88eb}\Shell\Open\command - "" = H:\resycled\boot.com -- File not found
    O33 - MountPoints2\{ce2c3a7b-9817-11de-97b5-002269db88eb}\Shell\AutoRun\command - "" = I:\fg8m.exe -- File not found
    O33 - MountPoints2\{ce2c3a7b-9817-11de-97b5-002269db88eb}\Shell\explore\Command - "" = I:\fg8m.exe -- File not found
    O33 - MountPoints2\{ce2c3a7b-9817-11de-97b5-002269db88eb}\Shell\open\Command - "" = I:\fg8m.exe -- File not found
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008/01/12 14:40:28 | 00,703,552 | R--- | M] (Electronic Arts Inc.)


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 16th January 2010, 11:57 pm

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\autoexec.bat moved successfully.
File not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. H:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73bd0cfd-3c73-11de-bee7-002269db88eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73bd0cfd-3c73-11de-bee7-002269db88eb}\ not found.
File fg8m.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73bd0cfd-3c73-11de-bee7-002269db88eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73bd0cfd-3c73-11de-bee7-002269db88eb}\ not found.
File fg8m.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73bd0cfd-3c73-11de-bee7-002269db88eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73bd0cfd-3c73-11de-bee7-002269db88eb}\ not found.
File fg8m.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{882ba06e-cf10-11de-9e68-002269db88eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882ba06e-cf10-11de-9e68-002269db88eb}\ not found.
File I:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{882ba156-cf10-11de-9e68-002269db88eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882ba156-cf10-11de-9e68-002269db88eb}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a472e44c-d1b7-11dd-a255-002269db88eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a472e44c-d1b7-11dd-a255-002269db88eb}\ not found.
File H:\resycled\boot.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce2c3a7b-9817-11de-97b5-002269db88eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce2c3a7b-9817-11de-97b5-002269db88eb}\ not found.
File I:\fg8m.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce2c3a7b-9817-11de-97b5-002269db88eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce2c3a7b-9817-11de-97b5-002269db88eb}\ not found.
File I:\fg8m.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce2c3a7b-9817-11de-97b5-002269db88eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce2c3a7b-9817-11de-97b5-002269db88eb}\ not found.
File I:\fg8m.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.

OTL by OldTimer - Version 3.1.25.1 log created on 01172010_085056

Files\Folders moved on Reboot...
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. H:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...



On another note, mouse and webcam are now working. The H: drive is still thinking there is a CD in there though. Sad tearing

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 17th January 2010, 1:29 am

Please download [You must be registered and logged in to see this link.] to your Desktop and run it by double clicking the program's icon.

  1. Wait a couple of seconds for initial scan to finish.
  2. Connect all of your USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds.
  3. If there are more USB storage devices to scan, please take a note about the order in which these were connected.
  4. After all the devices are scanned, right click in the Monitor tab, and choose "Save log". That will open the log in Notepad. Please copy and paste the log into this thread.
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 17th January 2010, 3:24 am

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 17/01/2010 12:23:02

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {29d90b29-d0b9-11dd-8a13-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 29d90b29-d0b9-11dd-8a13-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

========================================
Initial scan finished!
========================================

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 17th January 2010, 6:35 pm

Hmm, does your H:\ drive still see a CD?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 17th January 2010, 9:56 pm

ya, it's still there. Sad tearing

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 19th January 2010, 11:30 am

bump

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 19th January 2010, 7:06 pm

Hello.
Can you open the H:\ drive like a folder when no CD is in it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 19th January 2010, 10:17 pm

ah, never mind! i got it to go away! Thanks though! Smile

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 25th January 2010, 10:06 am

My god, having the same problem again, just the mouse this time. I don't get it, I scan everything that I download and nothing ever comes up. I think I just need to stop downloading or get a new antivirus program. X.x

Mind helping me once more with this? I've redone all of this already and nothing has worked.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:13, on 25/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Users\samsung\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Message Queuing Service (MSMQSVC) - Unknown owner - C:\Windows\system32\mqsv32.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 6345 bytes

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 25th January 2010, 9:50 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 25th January 2010, 10:13 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3565
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

26/01/2010 07:13:30
mbam-log-2010-01-26 (07-13-30).txt

Scan type: Quick Scan
Objects scanned: 107942
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 26th January 2010, 10:45 am

bump?

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 26th January 2010, 6:21 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 26th January 2010, 10:29 pm

OTL:
OTL logfile created on: 27/01/2010 07:25:45 - Run 5
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\samsung\Desktop\Misc
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89.00 Gb Total Space | 24.58 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 2.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 980.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: SAMSUNG-PC
Current User Name: samsung
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/16 13:53:33 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\samsung\Desktop\Misc\OTL.exe
PRC - [2010/01/09 20:18:42 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/30 00:35:34 | 00,199,616 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2008/10/29 15:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/15 22:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 22:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/09/10 22:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/18 17:18:52 | 00,150,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/06/18 17:18:48 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/06/18 17:18:46 | 00,145,944 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/06/18 17:18:42 | 00,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/18 17:18:36 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/06/12 22:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/05/23 14:11:56 | 00,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/05/23 13:43:52 | 00,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/22 17:33:54 | 00,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/05/13 09:13:28 | 00,085,672 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2008/04/25 21:31:34 | 00,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008/04/17 15:26:46 | 00,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008/04/17 11:50:00 | 06,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/12 13:19:52 | 00,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/01/21 11:33:00 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/16 17:37:38 | 00,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2007/07/05 07:41:42 | 00,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007/05/14 11:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 13:53:33 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\samsung\Desktop\Misc\OTL.exe
MOD - [2008/01/21 11:33:14 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MSMQSVC)
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/15 22:31:53 | 00,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 22:30:02 | 00,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/09/10 22:01:28 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/23 14:11:56 | 00,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/05/23 13:43:52 | 00,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/05/13 08:47:20 | 00,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008/01/21 11:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 17:37:38 | 00,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2007/05/14 11:54:36 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/28 04:20:46 | 00,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/28 04:20:20 | 00,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/28 04:20:08 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/03/27 08:51:09 | 00,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/27 08:51:06 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/26 18:00:30 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/03 15:38:11 | 00,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008/06/16 21:38:10 | 00,318,488 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/06/12 18:43:16 | 02,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/12 18:43:16 | 02,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/06/04 17:54:22 | 00,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/05/08 18:51:18 | 00,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2008/04/17 16:31:00 | 02,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/28 19:19:54 | 01,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008/02/14 08:17:10 | 00,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/01/21 11:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 11:32:53 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 11:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 11:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 11:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 11:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 11:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 11:32:51 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 11:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 11:32:50 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 11:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 11:32:49 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 11:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 11:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 11:32:49 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 11:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 11:32:48 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 11:32:48 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 11:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 11:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 11:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 11:32:45 | 02,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 11:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 11:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 11:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 11:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/28 10:51:00 | 00,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/13 15:17:58 | 00,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/16 07:20:26 | 00,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/07/16 07:20:24 | 00,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/03/01 18:34:22 | 00,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/11/28 16:11:00 | 01,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 18:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 18:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 18:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 18:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 18:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 18:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 18:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 18:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 18:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 18:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 18:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 17:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 17:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 17:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 17:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 17:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 17:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 16:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 16:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 15:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2002/07/17 08:53:02 | 00,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "google.com"


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 20:18:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 20:18:51 | 00,000,000 | ---D | M]

[2009/08/20 19:29:12 | 00,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\mozilla\Extensions
[2009/08/20 19:29:12 | 00,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/01/26 21:24:09 | 00,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\mozilla\Firefox\Profiles\o6n5ba6b.default\extensions
[2009/04/06 12:57:38 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\samsung\AppData\Roaming\mozilla\Firefox\Profiles\o6n5ba6b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/31 20:08:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Korean IME Migration] C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 210.220.163.82 219.250.36.130
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\samsung\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\samsung\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/10 08:00:24 | 00,000,000 | ---D | M] - F:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2009/11/10 07:30:03 | 03,108,864 | R--- | M] (UBISOFT) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/10/31 20:08:19 | 00,000,059 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/01/12 14:31:08 | 00,000,000 | R--D | M] - H:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008/01/12 14:40:28 | 00,703,552 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/01/12 00:17:04 | 00,662,592 | R--- | M] (Electronic Arts Inc.) - H:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008/01/12 14:40:09 | 00,000,150 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{cda0bb14-d32b-11dd-b13e-002269db88eb}\Shell - "" = AutoRun
O33 - MountPoints2\{cda0bb14-d32b-11dd-b13e-002269db88eb}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009/11/10 07:30:03 | 03,108,864 | R--- | M] (UBISOFT)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/22 08:37:21 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Valusoft
[2010/01/22 08:37:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Valusoft
[2010/01/22 08:13:53 | 00,000,000 | ---D | C] -- C:\Users\samsung\Documents\Warnings at Waverly Academy
[2010/01/22 05:21:15 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 05:21:15 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 05:21:15 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/01/22 05:21:14 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/01/22 05:21:14 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/01/22 05:21:14 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 05:21:14 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 05:21:13 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/22 05:21:13 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/01/22 05:21:13 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/01/22 05:21:13 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 22:35:02 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\TheFixerUpper
[2010/01/21 22:33:00 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Local\Oberon Games
[2010/01/21 13:23:05 | 00,000,000 | ---D | C] -- C:\Nancy Drew
[2010/01/21 13:19:35 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/01/21 13:13:28 | 00,000,000 | ---D | C] -- C:\Program Files\Nancy Drew
[2010/01/20 22:26:39 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\BigFishGames
[2010/01/17 08:50:56 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/13 17:59:02 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 17:59:02 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/09 19:18:06 | 00,000,000 | ---D | C] -- C:\Program Files\iriver
[2010/01/03 18:14:11 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Skype
[2010/01/03 18:13:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/01/03 18:13:44 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/12/31 20:05:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2009/12/30 09:46:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Flood Light Games
[2009/12/29 22:55:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2009/12/29 22:52:34 | 00,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Virtual City
[2009/12/29 22:47:52 | 00,000,000 | ---D | C] -- C:\Program Files\Virtual City
[2006/11/24 14:14:44 | 00,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006/11/24 14:14:44 | 00,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll

========== Files - Modified Within 30 Days ==========

[2010/01/27 07:25:50 | 03,407,872 | -HS- | M] () -- C:\Users\samsung\NTUSER.DAT
[2010/01/27 05:42:51 | 00,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 05:42:51 | 00,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 22:56:41 | 00,136,704 | ---- | M] () -- C:\Users\samsung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 19:49:33 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/26 19:49:33 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/26 19:49:33 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/26 19:42:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/26 19:42:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/26 19:40:52 | 00,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/26 19:40:40 | 00,524,288 | -HS- | M] () -- C:\Users\samsung\NTUSER.DAT{36f5d6c3-d2a0-11dd-948d-002269db88eb}.TMContainer00000000000000000001.regtrans-ms
[2010/01/26 19:40:40 | 00,065,536 | -HS- | M] () -- C:\Users\samsung\NTUSER.DAT{36f5d6c3-d2a0-11dd-948d-002269db88eb}.TM.blf
[2010/01/26 19:39:29 | 02,881,595 | -H-- | M] () -- C:\Users\samsung\AppData\Local\IconCache.db
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/03 18:13:46 | 00,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2010/01/09 19:27:05 | 00,002,728 | ---- | C] () -- C:\Windows\System32\mini_spectrum2.swf
[2010/01/09 19:18:19 | 00,077,824 | ---- | C] () -- C:\Windows\System32\csdlocalmon.dll
[2010/01/03 18:13:46 | 00,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/12/19 14:29:47 | 00,000,894 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2009/12/19 14:27:53 | 00,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009/11/21 18:40:00 | 00,034,033 | ---- | C] () -- C:\Users\samsung\AppData\Roaming\SQLite3.dll
[2009/09/08 01:41:46 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/13 01:52:36 | 00,000,050 | ---- | C] () -- C:\Windows\Progs_.ini
[2009/06/26 01:18:07 | 00,005,055 | ---- | C] () -- C:\ProgramData\ywasvxup.hvs
[2009/06/26 00:32:42 | 00,000,119 | ---- | C] () -- C:\Windows\Video Converter Standard.ini
[2009/06/26 00:30:11 | 00,000,058 | ---- | C] () -- C:\Windows\pro Video Converter Standard.ini
[2009/05/19 13:53:08 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/02 17:33:57 | 00,000,000 | ---- | C] () -- C:\Windows\System32\xwr89476.dll
[2009/05/02 17:33:57 | 00,000,000 | ---- | C] () -- C:\Windows\System32\wr89476.dll
[2009/03/27 08:51:09 | 00,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/03/27 08:51:06 | 00,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/19 00:03:51 | 00,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2009/02/16 13:31:18 | 00,032,940 | ---- | C] () -- C:\Users\samsung\AppData\Local\slot2.mm1
[2009/02/16 13:26:42 | 00,003,580 | ---- | C] () -- C:\Users\samsung\AppData\Local\slot1.mm1
[2009/01/01 06:02:39 | 00,001,356 | ---- | C] () -- C:\Users\samsung\AppData\Local\d3d9caps.dat
[2008/12/26 09:06:17 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/12/24 00:41:13 | 00,136,704 | ---- | C] () -- C:\Users\samsung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 15:47:49 | 00,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008/07/03 15:44:28 | 00,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008/07/03 15:44:28 | 00,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008/07/03 15:33:31 | 00,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008/07/03 15:31:18 | 00,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/07/03 14:03:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/07/03 14:03:18 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2007/05/15 17:07:10 | 00,069,632 | ---- | C] () -- C:\Windows\System32\CSD_IRIVER_GEN.DLL
[2007/02/15 16:51:02 | 00,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006/11/29 17:00:28 | 00,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006/11/02 16:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/09 10:01:28 | 00,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/03/06 19:47:48 | 00,077,560 | ---- | C] () -- C:\Windows\System32\libungif.dll

========== Files - Unicode (All) ==========
[2008/12/24 00:30:23 | 00,000,000 | -HSD | M](C:\ProgramData\?? ??) -- C:\ProgramData\시작 메뉴
[2008/12/24 00:30:23 | 00,000,000 | -HSD | M](C:\ProgramData\?? ??) -- C:\ProgramData\바탕 화면
[2008/12/24 00:30:23 | 00,000,000 | -HSD | M](C:\ProgramData\?? ??) -- C:\ProgramData\시작 메뉴
[2008/12/24 00:30:23 | 00,000,000 | -HSD | M](C:\ProgramData\?? ??) -- C:\ProgramData\바탕 화면
[2008/12/24 00:30:23 | 00,000,000 | -HSD | C](C:\ProgramData\?? ??) -- C:\ProgramData\시작 메뉴
[2008/12/24 00:30:23 | 00,000,000 | -HSD | C](C:\ProgramData\?? ??) -- C:\ProgramData\바탕 화면
(C:\ProgramData\?? ??) -- C:\ProgramData\시작 메뉴
(C:\ProgramData\?? ??) -- C:\ProgramData\바탕 화면

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18BFD8F8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
< End of report >

Extra:
OTL Extras logfile created on: 27/01/2010 07:25:45 - Run 5
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\samsung\Desktop\Misc
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89.00 Gb Total Space | 24.58 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 2.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 980.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: SAMSUNG-PC
Current User Name: samsung
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\windows\update.exe" = C:\windows\update.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Windows\system32\iexplorer.exe" = C:\Windows\system32\iexplorer.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C0538C-B093-4034-ADE3-B4BFD0512ADE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0577C3A0-8013-454D-A4AE-65FC6FC3F6C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{0FDBFB81-58A1-4207-A768-7B6D040A4A19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31340AD6-871E-4138-AE09-2AC14A7E4D45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5A5F6E16-0CBA-4BCB-A67E-4BEB7522C9F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5D50B3D5-0D5C-4C65-AA20-39B2BAAAEC7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{645D25B4-62A2-42A6-ACF0-8912BDC48D57}" = lport=2869 | protocol=6 | dir=in | app=system |
"{691842F2-F129-4651-A6EA-54EDA2C6A43C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6EC9872C-BA67-49ED-B561-1AE3843EB7A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7613E339-AEB6-4596-8217-7E17E710E9F0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8170D3F5-92C1-4FFB-8B9A-DF6E6E1F5DEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85ACDEDA-50BB-40D9-A2B1-A9154402D624}" = rport=137 | protocol=17 | dir=out | app=system |
"{8A1660A5-0260-4BCB-B905-457B688A17C5}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C53FBA5-15CA-4583-A493-432E30A81BD6}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A6159A9-BDB4-44AE-8B6E-952E8108D77C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9BF406FE-E644-4117-B9A0-E9CD255AB01F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A10CD89F-C638-425C-B355-897A43A6D251}" = lport=139 | protocol=6 | dir=in | app=system |
"{C14C2060-C552-4138-86F4-BEF8F1935457}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5D8BB8F-AA08-48A2-B22A-D73D002D467D}" = rport=139 | protocol=6 | dir=out | app=system |
"{D041D8C2-F29F-490F-8BEA-C216FDD5EB44}" = rport=138 | protocol=17 | dir=out | app=system |
"{DC1C3FB3-F0FC-4C25-881D-2D22BF6C036E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EBF683-81EE-4C3F-A8DB-F4E41FBB65DA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0E16D245-6D12-49B9-A08F-A02907ABAD0E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{13AEB686-A943-4CCA-A328-5F1A4E59FB3B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{151A7910-3ABD-4868-B08F-963F0DACC779}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{21154F6B-D6C1-4A85-8C7F-A25658C92EC2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{38461AA5-5620-4731-836C-61A6374CF0B3}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{3FEAF90F-9292-412C-9770-24F5F29120E5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{48F49785-1D2B-4FEA-A512-F3546C7A305F}" = protocol=58 | dir=in | app=system |
"{4DA6A084-D319-4632-B48F-6268ACEC809F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{542C0A0E-02AC-4452-B916-7D87F9FDBDC6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6DA59ABB-10B1-476B-986E-A4245671A952}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8D75CF63-E7D4-40DB-B99F-0FC743711CC8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9FCFD78A-33D2-43D2-9FE4-B591C37EB167}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A2F5BF90-C8D5-4526-A395-B5090623BD1A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4439EEA-195B-4CA0-8DA7-394694933D1C}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{BF57E137-475A-449D-802B-1B04575AC077}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C89EA34E-D488-4820-B914-097012F9E529}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAE1D2A4-4613-46C6-BE6D-3C0B9DA7FA8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D10793B9-9EA5-463D-9329-4BE2F20A0B99}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{DD41FF23-780A-422A-B00D-AAC6561ED99A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{F1010F11-BDF7-429D-AAD7-BC55006AA49A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{F1A633FF-C223-452C-8860-C8F78BF420D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F285A09A-8002-41C1-8358-E5C25BC56E77}" = protocol=6 | dir=in | app=c:\windows\system32\p3melonsvr.exe |
"{F4EBF22A-ECC4-4C66-A548-EF62FF6C18D9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FC7AB518-5A7E-4F5B-BB72-966CCB558891}" = protocol=17 | dir=in | app=c:\windows\system32\p3melonsvr.exe |
"TCP Query User{37F7C2E3-2B22-4944-B04E-EF68DB292AA0}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{68F49154-097E-4310-A7F7-A698F67F5CCC}C:\program files\gretech\gomplayer\gom.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomplayer\gom.exe |
"TCP Query User{719114E0-6F91-40AB-B712-18C651AF8EFD}C:\windows\system32\iexplorer.exe" = protocol=6 | dir=in | app=c:\windows\system32\iexplorer.exe |
"TCP Query User{83C4C6A9-DC5F-4A25-AB3F-F150B3DDEC7B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{856789C9-F03E-470B-8B26-B08E6A662EBB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{DFF3668D-B8B4-4B9D-897F-2F7838B1F54A}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{F64ED395-EF55-4014-BA91-51F984953713}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{0F9B9361-32BD-4C80-AD0B-4F2F992C706F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5F4BB218-D3C5-4084-80B9-78A69D29B3F6}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{62A7653A-F467-4B55-A9B2-7D0CE56CAF07}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6B11CCA9-621D-4910-9ED1-C5E16F01E4C9}C:\windows\system32\iexplorer.exe" = protocol=17 | dir=in | app=c:\windows\system32\iexplorer.exe |
"UDP Query User{9D8F2EA9-BA98-4273-9586-71C407667169}C:\program files\gretech\gomplayer\gom.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomplayer\gom.exe |
"UDP Query User{9EDF884E-7D6B-469D-A3BA-C36A00994003}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{DBBDE289-08DB-454C-8A72-C180A5CB08C4}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2B7E5C72-B312-48F0-B1D5-41BAA3FB1665}" = DnFGuide
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2E3AFEE4-F8F9-4B0A-ACEC-2A05197EB1B1}" = PC Troubleshooting
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{411DAD75-86F2-4C70-8666-EA14BE017690}" = Nancy Drew: Warnings at Waverly Academy
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{629C9047-541D-4682-9CFB-0431D17C8D2F}" = nTracker
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0412-0000-0000000FF1CE}" = Microsoft Office Access MUI (Korean) 2007
"{90120000-0015-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0412-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Korean) 2007
"{90120000-0016-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0412-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Korean) 2007
"{90120000-0018-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0412-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Korean) 2007
"{90120000-0019-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0412-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Korean) 2007
"{90120000-001A-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0412-0000-0000000FF1CE}" = Microsoft Office Word MUI (Korean) 2007
"{90120000-001B-0412-0000-0000000FF1CE}_PROHYBRIDR_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007
"{90120000-001F-0412-0000-0000000FF1CE}_PROHYBRIDR_{B017C4D5-E774-4A94-A8E3-380489B86F47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0412-0000-0000000FF1CE}_PROPLUS_{B017C4D5-E774-4A94-A8E3-380489B86F47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
"{90120000-0028-0412-0000-0000000FF1CE}_PROHYBRIDR_{15281683-B481-47B8-A981-7043F35441FF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0412-0000-0000000FF1CE}_PROPLUS_{15281683-B481-47B8-A981-7043F35441FF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0412-0000-0000000FF1CE}" = Microsoft Office Proofing (Korean) 2007
"{90120000-0044-0412-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Korean) 2007
"{90120000-0044-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0412-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Korean) 2007
"{90120000-006E-0412-0000-0000000FF1CE}_PROHYBRIDR_{54E2904F-86F8-459E-AADA-FE0D01DDDC5E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0412-0000-0000000FF1CE}_PROPLUS_{54E2904F-86F8-459E-AADA-FE0D01DDDC5E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = 인텔(R) PROSet/무선 WiFi 소프트웨어
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC9B1280-16A8-4CC3-97FA-86C6392B2D08}" = DnFScreensaver
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Artist Colony 1.00" = Artist Colony 1.00
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comical_is1" = Comical 0.8
"EADM" = EA Download Manager
"Family Tree Builder" = MyHeritage Family Tree Builder
"FrostWire" = FrostWire 4.17.2
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2E3AFEE4-F8F9-4B0A-ACEC-2A05197EB1B1}" = PC Troubleshooting
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"iriver plus 3" = iriver plus 3 (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"The Search for Amelia Earhart 1.00" = The Search for Amelia Earhart 1.00
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Virtual City" = Virtual City
"Vuze" = Vuze
"WinLiveSuite_Wave3" = Windows Live Essentials
"XecureWeb Control" = XecureWeb Control
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 27th January 2010, 1:34 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O32 - AutoRun File - [2009/11/10 08:00:24 | 00,000,000 | ---D | M] - F:\AutoPlay -- [ CDFS ]
    O32 - AutoRun File - [2009/11/10 07:30:03 | 03,108,864 | R--- | M] (UBISOFT) - F:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2009/10/31 20:08:19 | 00,000,059 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2008/01/12 14:31:08 | 00,000,000 | R--D | M] - H:\AutoRun -- [ UDF ]
    O32 - AutoRun File - [2008/01/12 14:40:28 | 00,703,552 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ UDF ]
    O32 - AutoRun File - [2008/01/12 00:17:04 | 00,662,592 | R--- | M] (Electronic Arts Inc.) - H:\AutoRunGUI.dll -- [ UDF ]
    O32 - AutoRun File - [2008/01/12 14:40:09 | 00,000,150 | R--- | M] () - H:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{cda0bb14-d32b-11dd-b13e-002269db88eb}\Shell - "" = AutoRun
    O33 - MountPoints2\{cda0bb14-d32b-11dd-b13e-002269db88eb}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009/11/10 07:30:03 | 03,108,864 | R--- | M] (UBISOFT)


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 27th January 2010, 1:26 pm

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.1.25.1 log created on 01272010_222610

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 27th January 2010, 9:29 pm

Hello.
Did you miss :OTL as the top line? I think that's why it didn't work.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 27th January 2010, 10:49 pm

Sorry, I did miss that. Sad tearing

========== OTL ==========
File not found.
File move failed. F:\autorun.exe scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. H:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cda0bb14-d32b-11dd-b13e-002269db88eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cda0bb14-d32b-11dd-b13e-002269db88eb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cda0bb14-d32b-11dd-b13e-002269db88eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cda0bb14-d32b-11dd-b13e-002269db88eb}\ not found.
File move failed. F:\autorun.exe scheduled to be moved on reboot.

OTL by OldTimer - Version 3.1.25.1 log created on 01282010_074335

Files\Folders moved on Reboot...
File\Folder F:\autorun.exe not found!
File\Folder F:\autorun.inf not found!
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. H:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 27th January 2010, 11:52 pm

Hmm, what is the H:\ drive?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 28th January 2010, 1:18 am

I don't know, it just says H: DVD drive. That stupid thing keeps saying there's a Sims cd in there when there isn't. O.o

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 28th January 2010, 5:54 pm

Can you open the H:\ drive like a folder?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 28th January 2010, 9:37 pm

yes i can and it has information on in like a cd is in the drive but there isn't a cd!

Here's what's on the drive:

five folders in order - AutoRun, Support, TSBin, TSData, ViTALiTY

Nine other files - AutoRun, autorun.setup, AutoRunGUI.dll, common_filelist, compressed RAR file, eauninstall.app, eauninstall icon, Sims2EP7 shortcut, and Sims2EP7 Uninst.

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 29th January 2010, 9:47 am

bump

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 30th January 2010, 3:53 am

bump

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 30th January 2010, 12:01 pm

bump?

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 30th January 2010, 5:15 pm

Please have some patience, my ISP is having problems.

Delete the autorun folder. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 30th January 2010, 9:53 pm

Sorry not meaning to be pushy

I tried to delete the folder but it says its being used.

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 31st January 2010, 8:16 pm

Are you able to boot to Safe Mode and delete it there?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 4th February 2010, 8:45 am

I was able to delete it in Safe Mode, thankfully. But my mouse and webcam are still not working. Also, when I restarted from Safe Mode I got the blue screen of death. O.o

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 5th February 2010, 9:34 am

What info does the BSOD give?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by merlin7tx on 5th February 2010, 12:29 pm

I wasn't able to read it, it passed by so quickly. It only happened for a second. O.o

merlin7tx
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-11-26
OS OS : Windows Vista
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus causing things to stop working?

Post by Belahzur on 5th February 2010, 4:47 pm

See here:
[You must be registered and logged in to see this link.]

Turn off the automatic reboot. Now when the BSOD happens, the machine wont reboot until you press the reboot/shutdown button.

Now, can you tell me what it says?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum