Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winupdate.exe

Started by NickG420o1 , Aug 17 2010 11:55 PM

  • Please log in to reply

#1
NickG420o1
Posted 17 August 2010 - 11:55 PM

NickG420o1

    Member

  • Member
  • PipPip
  • 49 posts
Malwarebytes' Anti-Malware 1.44
Database version: 3838
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

8/17/2010 12:49:02 PM
mbam-log-2010-08-17 (12-49-00).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 337707
Time elapsed: 1 hour(s), 17 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Nick\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
C:\Windows\install\winupdate.exe -> No action taken.
C:\Users\Nick\AppData\Local\temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\Nick\AppData\Local\temp\XxX.xXx (Malware.Trace) -> No action taken.
hHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{df7h210u-v2m7-6g4k-630h-7ots5w42m8qw} -> No action taken.


OTL logfile created on: 8/18/2010 12:08:11 AM - Run 3
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Nick\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 138.44 Gb Free Space | 30.72% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.36 Gb Free Space | 35.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 148.98 Gb Free Space | 31.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS-420
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/17 03:14:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/11/16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/12 03:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/06/02 15:59:08 | 001,457,152 | ---- | M] (Phoenix Labs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/08/17 03:14:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 02:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/27 15:28:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/06/27 10:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 10:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 10:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 10:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 10:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 10:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 10:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 10:13:56 | 000,268,504 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/11/16 10:06:50 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/11/16 10:06:44 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/11/16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/17 00:57:00 | 009,545,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/19 09:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/26 16:56:19 | 000,104,384 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/02/17 12:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/04 22:36:47 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/02/04 22:36:47 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/01/26 17:17:09 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 17:17:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/10/31 17:01:02 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/04 14:49:04 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiH8000.sys -- (SaiH8000)
DRV - [2008/01/19 00:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/19 00:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2007/12/27 22:51:14 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/27 22:51:14 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/27 22:51:14 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/27 15:17:49 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/09/12 03:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/09/12 03:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/29 03:56:54 | 000,305,688 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/07/20 00:44:54 | 000,110,120 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pnp680r.sys -- (Pnp680r)
DRV - [2007/06/27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/03/09 17:04:42 | 000,031,072 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/02/26 20:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/02/18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2001/02/28 17:23:18 | 000,009,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2001/02/28 17:23:16 | 000,018,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2001/02/28 17:23:14 | 000,010,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2001/02/28 17:23:12 | 000,005,696 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2001/02/28 17:23:10 | 000,035,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 15:55:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 15:55:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/03 23:07:35 | 000,000,000 | ---D | M]

[2010/05/03 12:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2010/05/03 12:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/08/17 01:59:34 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7th2ckk6.default\extensions
[2010/03/29 14:57:21 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7th2ckk6.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/07/16 21:29:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7th2ckk6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/03 15:51:23 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7th2ckk6.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010/03/03 15:51:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7th2ckk6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/29 14:57:21 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7th2ckk6.default\extensions\SkipScreen@SkipScreen
[2010/08/17 01:59:30 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7th2ckk6.default\extensions\[email protected]
[2010/03/30 01:05:36 | 000,000,931 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7th2ckk6.default\searchplugins\dictionary.xml
[2010/08/17 01:59:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/08/07 20:23:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\Windows\install\winupdate.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\Windows\install\winupdate.exe File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\H\Shell\dinstall\command - "" = H:\Directx\dxsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/17 03:13:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2010/08/17 01:58:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\HideIPEasy
[2010/08/17 01:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HideIPEasy
[2010/08/17 01:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\HideIPEasy
[2010/08/17 01:54:23 | 000,000,000 | ---D | C] -- C:\Windows\install
[2010/08/17 00:54:30 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\TechSmith
[2010/08/17 00:54:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\Downloads\Documents\Camtasia Studio
[2010/08/17 00:53:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/08/17 00:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/08/17 00:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/08/17 00:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/08/17 00:42:27 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\PackageAware
[2010/06/28 21:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/06/28 21:28:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Winamp
[2010/06/06 22:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/06 22:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/06 22:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/06 22:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/06 22:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/01/13 02:30:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nick\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/08/18 00:09:05 | 003,145,728 | -HS- | M] () -- C:\Users\Nick\ntuser.dat
[2010/08/18 00:03:50 | 000,032,784 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/18 00:03:49 | 000,032,784 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/18 00:03:43 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 00:03:43 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/18 00:03:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/18 00:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/17 23:50:01 | 000,524,288 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{e7c766e3-f2e5-11dd-accd-001d091b9d31}.TMContainer00000000000000000001.regtrans-ms
[2010/08/17 23:50:01 | 000,065,536 | -HS- | M] () -- C:\Users\Nick\ntuser.dat{e7c766e3-f2e5-11dd-accd-001d091b9d31}.TM.blf
[2010/08/17 23:49:59 | 001,685,912 | -H-- | M] () -- C:\Users\Nick\AppData\Local\IconCache.db
[2010/08/17 03:14:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2010/08/17 03:13:46 | 000,284,915 | ---- | M] () -- C:\Users\Nick\Desktop\gmer.zip
[2010/08/17 01:50:33 | 000,053,760 | ---- | M] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/31 17:55:27 | 001,994,368 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\vso_ts_preview.xml
[2010/07/29 22:49:41 | 000,000,113 | ---- | M] () -- C:\Windows\(null)toolkit.ini
[2010/07/03 14:57:23 | 000,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/03 14:57:23 | 000,603,774 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/03 14:57:23 | 000,104,834 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/29 15:59:31 | 000,001,976 | ---- | M] () -- C:\Users\Nick\Desktop\Greek Mod.lnk
[2010/06/27 17:15:29 | 000,001,013 | ---- | M] () -- C:\Users\Nick\Desktop\Alexander.lnk
[2010/06/27 17:13:51 | 000,001,008 | ---- | M] () -- C:\Users\Nick\Desktop\Barbarian Invasion.lnk
[2010/05/30 01:04:53 | 000,000,872 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.exe - Shortcut.lnk

========== Files Created - No Company Name ==========

[2010/08/17 15:00:25 | 000,293,376 | ---- | C] () -- C:\Users\Nick\Desktop\gmer.exe
[2010/08/17 03:13:45 | 000,284,915 | ---- | C] () -- C:\Users\Nick\Desktop\gmer.zip
[2010/08/17 00:43:19 | 000,202,048 | ---- | C] () -- C:\Windows\System32\AVLibrary.dll
[2010/07/29 22:49:41 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2010/06/27 18:49:35 | 000,001,976 | ---- | C] () -- C:\Users\Nick\Desktop\Greek Mod.lnk
[2010/06/27 17:13:58 | 000,001,013 | ---- | C] () -- C:\Users\Nick\Desktop\Alexander.lnk
[2010/06/27 17:13:51 | 000,001,008 | ---- | C] () -- C:\Users\Nick\Desktop\Barbarian Invasion.lnk
[2010/05/30 01:04:53 | 000,000,872 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox.exe - Shortcut.lnk
[2010/03/02 15:27:18 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/01/07 03:19:09 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/10/06 23:13:57 | 001,994,368 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\vso_ts_preview.xml
[2009/10/06 23:10:27 | 000,087,608 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\inst.exe
[2009/10/06 18:36:10 | 000,172,032 | ---- | C] () -- C:\Windows\System32\viscomgifenc.dll
[2009/10/06 18:36:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\viscomtran.dll
[2009/10/06 18:36:09 | 006,963,712 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009/10/06 18:36:09 | 000,452,608 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009/10/06 18:36:09 | 000,323,584 | ---- | C] () -- C:\Windows\System32\FoxImager.dll
[2009/10/06 18:36:09 | 000,154,624 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009/10/06 18:36:09 | 000,028,160 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009/10/06 18:36:09 | 000,019,456 | ---- | C] () -- C:\Windows\System32\videocore.dll
[2009/09/15 18:34:18 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/05/08 01:56:05 | 000,032,784 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/08 01:55:55 | 000,032,784 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/04 22:36:47 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/02/04 22:36:47 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/02/04 22:22:58 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/01/17 21:24:37 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/12/27 16:19:22 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/12/27 16:19:22 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/12/11 03:37:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/11/17 00:20:54 | 000,022,328 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\PnkBstrK.sys
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/10/31 17:01:02 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/04/12 04:53:47 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2008/04/04 14:49:04 | 001,282,048 | ---- | C] () -- C:\Windows\System32\SaiC8000.Dll
[2008/04/04 14:49:04 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC8000_0C.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC8000_10.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC8000_0A.dll
[2008/04/04 14:49:04 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC8000_07.dll
[2008/04/04 14:49:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC8000_09.dll
[2008/04/04 14:49:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC8000_0402.dll
[2008/04/04 14:49:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC8000_11.dll
[2008/03/29 07:21:34 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/16 01:00:01 | 000,000,092 | ---- | C] () -- C:\Users\Nick\AppData\Local\fusioncache.dat
[2008/01/13 02:30:12 | 000,000,034 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\pcouffin.log
[2008/01/13 02:30:02 | 000,007,887 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\pcouffin.cat
[2008/01/13 02:30:02 | 000,001,144 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\pcouffin.inf
[2008/01/02 15:13:30 | 000,053,760 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/14 12:42:27 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/11/09 06:01:59 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psyswin32.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2009/02/09 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\acccore
[2009/03/25 16:24:49 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Aim
[2008/01/18 19:36:39 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\CD Art Display
[2008/10/31 17:00:29 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools
[2008/11/10 16:54:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DAEMON Tools Pro
[2008/01/06 03:07:35 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\DataSafeOnline
[2009/10/06 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\dBpoweramp
[2008/11/03 13:56:45 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\ESET
[2010/08/17 01:58:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\HideIPEasy
[2009/10/08 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\ID3 renamer
[2009/11/14 07:26:09 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\MusicBrainz
[2008/07/21 04:49:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Orbit
[2008/10/31 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Outertech
[2009/05/08 01:03:49 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SystemRequirementsLab
[2009/03/15 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\The Creative Assembly
[2010/05/03 12:28:00 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TomTom
[2010/03/11 05:24:02 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Trillian
[2009/02/09 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uniblue
[2010/08/17 00:50:25 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent
[2010/07/31 17:55:28 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Vso
[2009/03/30 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WNR
[2009/03/25 15:57:12 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/01/03 22:34:22 | 000,000,234 | ---- | M] () -- C:\Windows\Tasks\elbyExecuteWithUAC.job
[2010/08/17 23:50:02 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/25 01:21:24 | 000,000,344 | -H-- | M] () -- C:\Windows\Tasks\XboxStatTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 02:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/12/27 22:51:51 | 000,005,356 | RH-- | M] () -- C:\dell.sdr
[2009/02/26 04:11:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/02 17:59:01 | 000,000,725 | -H-- | M] () -- C:\IPH.PH
[2009/02/26 04:11:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/18 00:03:32 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/09/12 20:24:41 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/17 18:18:55 | 000,000,429 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Nick\Desktop\gmer.exe
[2010/08/17 03:14:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2010/02/06 21:53:53 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\TFC.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-16 02:45:18

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:868C5BDF1A208EA3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:88050731
< End of report >
Hello, I need some help finishing removing this infection.
I have a six month old saved Registry file, From Erunt. GMER Froze my PC so I don't have that log to post. The Infections posted in the Melwarebytes Log are quarantine. I got Infected with this Trojan on the 16th. ESET Stopped it from connecting out bound and in. Melwarebytes Stopped Windows and a program file called OrygKI94k from crashing after quarantining the infected files. Wasn't able to update Melware so I just scanned with the last updated database 3/8/10, Database version:3838

Edited by NickG420o1, 17 August 2010 - 11:58 PM.

  • 0

Advertisements

#2
Rorschach112
Posted 18 August 2010 - 05:22 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
[list]
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies =-
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\H\Shell\dinstall\command - "" = H:\Directx\dxsetup.exe -- File not found
@Alternate Data Stream - 24 bytes -> C:\Windows:868C5BDF1A208EA3

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
/list]


Open OTL click the none button paste this in the custom scan box


netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.exe
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Update\*.*
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
color 9f & set /c
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
color 9f & type %SYSTEMDRIVE%\boot.ini /c
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*



click run scan post that log
  • 0

#3
NickG420o1
Posted 18 August 2010 - 04:25 PM

NickG420o1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
OTL logfile created on: 8/18/2010 5:16:54 PM - Run 4
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Nick\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 136.40 Gb Free Space | 30.26% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.36 Gb Free Space | 35.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 148.98 Gb Free Space | 31.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS-420
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Nick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^uTorrent Turbo Booster.lnk - C:\PROGRA~1\UTORRE~1\UTORRE~1.EXE - File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CCUTRAYICON - hkey= - key= - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\DELL\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSServer - hkey= - key= - File not found
MsConfig - StartUpReg: PeerGuardian - hkey= - key= - C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe File not found
MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe File not found
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 02:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/12/27 22:51:51 | 000,005,356 | RH-- | M] () -- C:\dell.sdr
[2009/02/26 04:11:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/02 17:59:01 | 000,000,725 | -H-- | M] () -- C:\IPH.PH
[2009/02/26 04:11:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/18 17:13:41 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.exe >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/09/12 20:24:41 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\*. >
[2009/09/15 18:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2009/10/05 20:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/09/21 17:14:37 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2010/04/02 17:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2010/06/06 22:24:35 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/08/21 15:49:41 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2009/10/05 17:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/01/28 20:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\CDisplay
[2009/10/06 18:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\Cheetah Burner
[2010/08/17 00:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/10/07 22:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/02/05 22:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2007/12/27 16:09:19 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/12/27 16:04:24 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/12/27 15:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/03/22 09:33:33 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/01/03 22:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2010/01/03 21:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/09/17 07:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\Expstudio
[2010/03/18 09:26:32 | 000,000,000 | ---D | M] -- C:\Program Files\FallOut
[2008/10/31 19:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\GetDiz
[2010/08/17 02:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\HideIPEasy
[2010/06/27 17:11:56 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/12/27 15:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/01/25 20:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/06 22:26:07 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/06 22:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/01/18 13:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/17 23:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/10 04:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/10 00:16:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/12/11 09:42:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/08/01 20:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/12/11 09:42:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/12/11 09:43:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/12/25 01:19:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2008/12/11 09:41:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/12/27 15:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2008/09/12 20:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/24 15:55:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/17 17:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/27 15:13:39 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/09/21 17:16:00 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/08/17 14:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2010/01/19 18:25:50 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2010/05/03 15:03:02 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/29 13:24:30 | 000,000,000 | ---D | M] -- C:\Program Files\Sandboxie
[2008/01/02 23:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\SEGA
[2007/12/27 14:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2010/01/03 23:17:38 | 000,000,000 | ---D | M] -- C:\Program Files\SlySoft
[2009/05/08 01:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009/11/14 09:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\TagScanner
[2010/08/17 00:52:26 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2008/12/11 03:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\The Rosetta Stone
[2010/05/03 12:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite
[2010/05/03 12:27:49 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010/05/03 12:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2009/04/07 12:40:02 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/08/18 17:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\Trillian
[2008/12/27 16:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\Ultra Video Converter
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/01/27 00:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2008/02/15 17:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/10/06 23:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2010/06/28 21:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/06/28 21:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2008/09/12 20:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/09/12 20:16:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/09/12 20:16:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/09/12 20:16:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/05/09 17:52:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/05/09 17:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/10/21 17:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/01/25 20:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/09/12 20:16:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/09/12 20:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/07/31 23:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/01/16 13:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\Xilisoft
[2007/12/27 15:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\XPSMiniViewGadget

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-16 02:45:18

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< color 9f & set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Nick\AppData\Roaming
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=XPS-420
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Nick
LOCALAPPDATA=C:\Users\Nick\AppData\Local
LOGONSERVER=\\XPS-420
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Nick\AppData\Local\Temp
TMP=C:\Users\Nick\AppData\Local\Temp
USERDOMAIN=XPS-420
USERNAME=Nick
USERPROFILE=C:\Users\Nick
windir=C:\Windows

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< color 9f & type %SYSTEMDRIVE%\boot.ini /c >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/17 18:18:55 | 000,000,429 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Nick\Desktop\gmer.exe
[2010/08/17 03:14:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2010/02/06 21:53:53 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >
< End of report >
  • 0

#4
Rorschach112
Posted 19 August 2010 - 06:16 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#5
NickG420o1
Posted 20 August 2010 - 06:13 PM

NickG420o1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4453

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

8/20/2010 6:21:50 PM
mbam-log-2010-08-20 (18-21-50).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 342562
Time elapsed: 1 hour(s), 9 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
NickG420o1
Posted 20 August 2010 - 10:08 PM

NickG420o1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 20, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 20, 2010 16:38:47
Records in database: 4127786
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 208496
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 02:49:27


File name / Threat / Threats count
C:\Program Files\Trillian\Patch.exe Infected: Trojan-Dropper.Win32.FC.dl 1
C:\Users\Nick\Downloads\Documents\Files\Software\anydvd cleaning tools\Fox Killer.exe Infected: HackTool.Win32.KKFinder.ba 1
C:\Users\Nick\Downloads\Documents\Files\Software\Trillian v4.1.0.22\Patch.exe Infected: Trojan-Dropper.Win32.FC.dl 1

Selected area has been scanned.

This are software
  • 0

#7
Rorschach112
Posted 21 August 2010 - 05:08 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP