Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with InfoStealer Gampass


  • This topic is locked This topic is locked

#1
jimfdowning

jimfdowning

    Member

  • Member
  • PipPipPip
  • 149 posts
Hi Please help

I'm infected with Infostealer Gampass

Also since infection on my :c drive there are the follwong locked folders

$recycle.bin
Documents and settings
Recovery
System Volumn information

These folders were not there before & I think they maybe related to the virus

Any help would be greatly appreciated

I am running Windows 7 64 bit

Thanks in advance

Attached Thumbnails

  • Capture.JPG

  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan bot paste this in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Things I would like to see in your reply:
  • MBAM Log
  • OTL.txt and Extras.txt

  • 0

#3
jimfdowning

jimfdowning

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
A
[2010/10/15 17:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/10/15 17:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\My Received Files
[2010/10/15 17:13:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/15 15:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/15 15:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/10/15 15:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/10/15 15:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Apple
[2010/10/15 15:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/10/15 15:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/10/15 15:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010/10/15 15:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010/10/15 15:31:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\River Past G5
[2010/10/15 15:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\River Past G5
[2010/10/15 15:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\River Past
[2010/10/15 15:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\River Past
[2010/10/15 10:21:04 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/10/15 10:20:57 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/10/15 10:20:57 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/10/15 10:20:51 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2010/10/15 10:06:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\.jbidwatcher
[2010/10/14 19:44:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\AVS4YOU
[2010/10/14 19:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/10/14 19:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/10/14 19:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2010/10/13 22:01:53 | 000,000,000 | R--D | C] -- C:\Users\Jim\Documents\Scanned Documents
[2010/10/13 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\Fax
[2010/10/13 13:17:15 | 000,349,800 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/10/13 12:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\My Drivers
[2010/10/13 12:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Innovative Solutions
[2010/10/13 12:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2010/10/13 12:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2010/10/11 15:37:18 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\GeoVid
[2010/10/11 15:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\fmm
[2010/10/11 15:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GeoVid
[2010/10/11 15:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\GeoVid
[2010/10/11 15:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoVid
[2010/10/11 15:27:15 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2010/10/11 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\URSoft
[2010/10/11 15:15:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\:spam: Studio
[2010/10/11 15:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}
[2010/10/11 15:10:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}
[2010/10/11 15:09:20 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\PackageAware
[2010/10/11 11:53:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/10/11 11:53:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/10/11 10:26:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\vlc
[2010/10/11 10:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/10/11 10:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2010/10/11 10:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GigaTribe
[2010/10/10 19:46:40 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/10 19:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/10/10 19:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberScrub Privacy Suite
[2010/10/10 19:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/10 19:12:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\VSO
[2010/10/10 19:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2010/10/10 19:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/10 19:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/10 19:05:59 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys
[2010/10/10 19:05:59 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys
[2010/10/10 19:05:58 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys
[2010/10/10 19:05:58 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys
[2010/10/10 19:05:58 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys
[2010/10/10 19:05:58 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys
[2010/10/10 19:05:58 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys
[2010/10/10 19:05:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1108000.005
[2010/10/10 19:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/10 19:02:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/10/09 13:59:22 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/09 13:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/09 13:58:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/10/09 13:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/10/09 13:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/10/09 13:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRar
[2010/10/08 20:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\ElevatedDiagnostics
[2010/10/08 16:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\GigaTribe Downloads
[2010/10/08 16:16:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Shalsoft
[2010/10/07 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\Tracing
[2010/10/07 21:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/10/07 21:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/10/07 21:41:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/07 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/07 21:34:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Windows Live
[2010/10/07 21:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/10/07 21:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/10/07 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\eMule
[2010/10/07 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\WinRAR
[2010/10/07 20:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Macromedia
[2010/10/07 20:12:59 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\CyberScrub
[2010/10/07 20:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/10/07 20:11:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Adobe
[2010/10/07 19:59:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\IDM
[2010/10/07 19:59:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\Downloads
[2010/10/07 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\DMCache
[2010/10/07 19:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/07 19:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/07 19:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/07 19:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/10/07 18:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/10/07 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2010/10/07 18:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/10/07 18:57:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/10/07 18:56:57 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/10/07 18:56:57 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/10/07 18:56:57 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/10/07 18:56:57 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/10/07 18:56:49 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/10/07 18:56:49 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/10/07 18:56:49 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/10/07 18:56:49 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/10/07 18:56:48 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/10/07 18:56:48 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/10/07 18:56:43 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/10/07 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/10/07 18:56:35 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/10/07 18:56:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/10/07 18:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/10/07 18:55:47 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/10/07 18:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/10/07 18:55:41 | 000,000,000 | ---D | C] -- C:\Intel
[2010/10/07 18:55:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DeviceVM
[2010/10/07 18:55:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/07 10:34:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/10/07 01:41:34 | 000,000,000 | R--D | C] -- C:\Users\Jim\Searches
[2010/10/07 01:41:34 | 000,000,000 | -H-D | C] -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/07 01:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Identities
[2010/10/07 01:41:23 | 000,000,000 | R--D | C] -- C:\Users\Jim\Contacts
[2010/10/07 01:41:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\VirtualStore
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\AppData\Local\Temporary Internet Files
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Templates
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Start Menu
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\SendTo
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Recent
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\PrintHood
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\NetHood
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Documents\My Videos
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Documents\My Pictures
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Documents\My Music
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\My Documents
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Local Settings
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\AppData\Local\History
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Cookies
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Application Data
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\AppData\Local\Application Data
[2010/10/07 01:41:09 | 000,000,000 | --SD | C] -- C:\Users\Jim\AppData\Roaming\Microsoft
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Videos
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Saved Games
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Pictures
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Music
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Links
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Favorites
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Downloads
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\My Documents
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Desktop
[2010/10/07 01:41:09 | 000,000,000 | -H-D | C] -- C:\Users\Jim\AppData
[2010/10/07 01:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Temp
[2010/10/07 01:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Microsoft
[2010/10/07 01:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Media Center Programs
[2010/10/07 01:40:54 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/10/07 01:40:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/07 01:35:19 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/10/07 01:34:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/27 11:10:06 | 001,185,956 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Cat.DB
[2010/10/27 11:05:10 | 000,018,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 11:05:10 | 000,018,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 11:02:12 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/27 11:02:12 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/27 11:02:12 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/27 11:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2010/10/27 10:58:03 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2010/10/27 10:57:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/27 10:57:36 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 10:04:19 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 09:41:18 | 000,009,728 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/10/26 22:31:51 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/26 16:13:32 | 000,001,107 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/26 16:13:30 | 000,001,083 | ---- | M] () -- C:\Users\Jim\Desktop\FreeFileViewer.lnk
[2010/10/26 16:11:46 | 002,057,848 | ---- | M] (W3i, LLC) -- C:\Users\Jim\Desktop\FreeFileViewer2010Setup.exe
[2010/10/25 20:33:14 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\JBidwatcher 2.1.lnk
[2010/10/25 11:10:04 | 000,001,052 | ---- | M] () -- C:\Users\Jim\Desktop\AVI MPEG RM WMV Splitter.lnk
[2010/10/25 09:52:25 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\Days5.ini
[2010/10/23 14:30:28 | 000,001,071 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Video Snapshots Genius.lnk
[2010/10/23 14:30:28 | 000,001,047 | ---- | M] () -- C:\Users\Jim\Desktop\Video Snapshots.lnk
[2010/10/23 14:04:32 | 000,001,084 | ---- | M] () -- C:\Users\Jim\Desktop\Video Cleaner Pro.lnk
[2010/10/22 17:41:30 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/21 09:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/10/19 10:21:01 | 000,007,680 | ---- | M] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 15:31:25 | 000,165,363 | ---- | M] () -- C:\Windows\Video Cleaner Pro Uninstaller.exe
[2010/10/15 10:49:33 | 004,435,892 | ---- | M] () -- C:\Users\Jim\Desktop\JBidwatcher-2.1.2.exe
[2010/10/14 21:58:48 | 000,225,672 | ---- | M] () -- C:\Users\Jim\Desktop\CrucialUKScan.exe
[2010/10/14 19:43:22 | 000,001,297 | ---- | M] () -- C:\Users\Jim\Desktop\AVS4YOU Software Navigator.lnk
[2010/10/14 19:42:48 | 000,001,248 | ---- | M] () -- C:\Users\Jim\Desktop\AVS Video Converter 6.lnk
[2010/10/13 12:58:23 | 000,001,118 | ---- | M] () -- C:\Users\Jim\Desktop\DriverMax.lnk
[2010/10/11 15:35:24 | 000,001,034 | ---- | M] () -- C:\Users\Jim\Desktop\VidCrop.lnk
[2010/10/11 10:26:43 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/11 10:11:42 | 000,001,031 | ---- | M] () -- C:\Users\Jim\Desktop\Internet Download Manager.lnk
[2010/10/11 10:07:54 | 000,001,025 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk
[2010/10/11 10:07:54 | 000,000,981 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\GigaTribe.lnk
[2010/10/11 10:07:54 | 000,000,957 | ---- | M] () -- C:\Users\Jim\Desktop\GigaTribe.lnk
[2010/10/10 19:45:07 | 000,001,071 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberScrub Privacy Suite.lnk
[2010/10/10 19:45:07 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\CyberScrub Privacy Suite.lnk
[2010/10/10 19:28:32 | 000,002,480 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/10/10 18:56:48 | 000,001,537 | ---- | M] () -- C:\Users\Jim\Desktop\iexplore - Shortcut.lnk
[2010/10/09 13:59:16 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/09 13:59:16 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/09 13:59:16 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/08 22:57:34 | 000,001,441 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/08 22:28:14 | 000,015,562 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2010/10/07 18:54:08 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2010/10/07 01:43:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/07 01:38:05 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/10/07 01:38:05 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 10:04:19 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 09:34:42 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/10/26 16:13:50 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2010/10/26 16:13:32 | 000,001,107 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/26 16:13:30 | 000,001,083 | ---- | C] () -- C:\Users\Jim\Desktop\FreeFileViewer.lnk
[2010/10/26 09:34:17 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/10/25 20:33:14 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\JBidwatcher 2.1.lnk
[2010/10/25 10:57:05 | 000,001,052 | ---- | C] () -- C:\Users\Jim\Desktop\AVI MPEG RM WMV Splitter.lnk
[2010/10/25 09:52:25 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\Days5.ini
[2010/10/23 14:30:28 | 000,001,071 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Video Snapshots Genius.lnk
[2010/10/23 14:30:28 | 000,001,047 | ---- | C] () -- C:\Users\Jim\Desktop\Video Snapshots.lnk
[2010/10/22 17:47:04 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\RDAccess.dll
[2010/10/22 17:47:02 | 000,025,864 | ---- | C] () -- C:\Windows\SysWow64\EEInstMngr.exe
[2010/10/22 17:47:02 | 000,024,620 | ---- | C] () -- C:\Windows\SysWow64\alert2093.wav
[2010/10/22 17:46:52 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\MSGHOO32.OCX
[2010/10/21 09:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/10/20 14:35:34 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/18 09:25:59 | 000,006,144 | ---- | C] () -- C:\Windows\SysNative\HdmiCoin.dll
[2010/10/15 15:37:04 | 000,001,084 | ---- | C] () -- C:\Users\Jim\Desktop\Video Cleaner Pro.lnk
[2010/10/15 15:31:22 | 000,165,363 | ---- | C] () -- C:\Windows\Video Cleaner Pro Uninstaller.exe
[2010/10/15 10:49:33 | 004,435,892 | ---- | C] () -- C:\Users\Jim\Desktop\JBidwatcher-2.1.2.exe
[2010/10/15 10:20:56 | 000,005,396 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2010/10/15 10:20:55 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/10/15 10:20:55 | 000,982,240 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2010/10/15 10:20:51 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/10/15 10:20:51 | 000,092,356 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2010/10/15 10:20:47 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/10/15 10:20:47 | 000,439,308 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2010/10/15 10:20:44 | 000,189,408 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2010/10/15 10:20:44 | 000,121,121 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2010/10/15 10:20:44 | 000,103,997 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2010/10/15 10:20:44 | 000,102,843 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2010/10/15 10:20:43 | 000,165,251 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2010/10/15 10:20:43 | 000,136,327 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2010/10/15 10:20:43 | 000,133,680 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2010/10/15 10:20:43 | 000,125,477 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2010/10/15 10:20:43 | 000,123,164 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2010/10/15 10:20:43 | 000,120,695 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2010/10/15 10:20:43 | 000,120,287 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2010/10/15 10:20:43 | 000,119,533 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2010/10/15 10:20:43 | 000,119,513 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2010/10/15 10:20:43 | 000,119,286 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2010/10/15 10:20:43 | 000,118,997 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2010/10/15 10:20:43 | 000,118,631 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2010/10/15 10:20:43 | 000,118,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2010/10/15 10:20:43 | 000,117,984 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2010/10/15 10:20:43 | 000,114,779 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2010/10/15 10:20:43 | 000,114,308 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2010/10/15 10:20:42 | 000,178,288 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2010/10/15 10:20:42 | 000,152,600 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2010/10/15 10:20:42 | 000,139,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2010/10/15 10:20:42 | 000,122,858 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2010/10/15 10:20:42 | 000,122,638 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2010/10/15 10:20:42 | 000,118,684 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2010/10/15 10:20:42 | 000,114,179 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2010/10/15 10:20:42 | 000,110,156 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2010/10/14 21:58:56 | 000,225,672 | ---- | C] () -- C:\Users\Jim\Desktop\CrucialUKScan.exe
[2010/10/14 19:43:22 | 000,001,297 | ---- | C] () -- C:\Users\Jim\Desktop\AVS4YOU Software Navigator.lnk
[2010/10/14 19:42:48 | 000,001,248 | ---- | C] () -- C:\Users\Jim\Desktop\AVS Video Converter 6.lnk
[2010/10/13 13:17:15 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/10/13 12:58:23 | 000,001,118 | ---- | C] () -- C:\Users\Jim\Desktop\DriverMax.lnk
[2010/10/11 15:37:36 | 000,007,680 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 15:35:24 | 000,001,034 | ---- | C] () -- C:\Users\Jim\Desktop\VidCrop.lnk
[2010/10/11 15:35:22 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/11 15:35:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/11 15:35:22 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/10/11 10:26:43 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/11 10:11:42 | 000,001,031 | ---- | C] () -- C:\Users\Jim\Desktop\Internet Download Manager.lnk
[2010/10/11 10:07:54 | 000,001,025 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk
[2010/10/11 10:07:54 | 000,000,981 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\GigaTribe.lnk
[2010/10/11 10:07:54 | 000,000,957 | ---- | C] () -- C:\Users\Jim\Desktop\GigaTribe.lnk
[2010/10/10 19:45:07 | 000,001,071 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberScrub Privacy Suite.lnk
[2010/10/10 19:45:06 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\CyberScrub Privacy Suite.lnk
[2010/10/10 19:44:59 | 000,000,084 | ---- | C] () -- C:\Windows\csact.ini
[2010/10/10 19:28:00 | 001,185,956 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Cat.DB
[2010/10/10 19:05:59 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.cat
[2010/10/10 19:05:59 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symnetv64.cat
[2010/10/10 19:05:59 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symnet64.cat
[2010/10/10 19:05:59 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa.inf
[2010/10/10 19:05:59 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symnetv.inf
[2010/10/10 19:05:59 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symnet.inf
[2010/10/10 19:05:58 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.cat
[2010/10/10 19:05:58 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.cat
[2010/10/10 19:05:58 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.cat
[2010/10/10 19:05:58 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\iron.cat
[2010/10/10 19:05:58 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds.inf
[2010/10/10 19:05:58 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.inf
[2010/10/10 19:05:58 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.inf
[2010/10/10 19:05:58 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\iron.inf
[2010/10/10 19:05:57 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.cat
[2010/10/10 19:05:57 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.inf
[2010/10/10 19:05:34 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\isolate.ini
[2010/10/10 18:56:48 | 000,001,537 | ---- | C] () -- C:\Users\Jim\Desktop\iexplore - Shortcut.lnk
[2010/10/09 13:59:22 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/09 13:59:22 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/09 13:59:08 | 000,002,480 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/10/08 22:57:34 | 000,001,441 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/08 22:28:14 | 000,015,562 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2010/10/07 18:57:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/10/07 18:57:15 | 000,205,824 | ---- | C] () -- C:\Windows\SysNative\iglhsip64.dll
[2010/10/07 18:57:14 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2010/10/07 18:57:14 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\iglhcp64.dll
[2010/10/07 18:57:14 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/10/07 18:57:14 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2010/10/07 18:57:14 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2010/10/07 18:57:14 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2010/10/07 18:57:14 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2010/10/07 18:54:08 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/10/07 18:46:37 | 028,135,936 | ---- | C] () -- C:\Users\Jim\Desktop\w7lxe.exe
[2010/10/07 01:43:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/07 01:41:10 | 000,000,290 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/07 01:41:10 | 000,000,272 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/07 01:34:42 | 1582,686,208 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/23 14:00:47 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Bitsoft
[2010/10/20 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\BSplayer
[2010/10/20 14:18:04 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\BSplayer Pro
[2010/10/07 20:12:59 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\CyberScrub
[2010/10/27 10:58:13 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DMCache
[2010/10/26 22:35:27 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FreeFileViewer
[2010/10/14 15:36:35 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GeoVid
[2010/10/13 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\IDM
[2010/10/15 15:31:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\River Past G5
[2010/10/11 15:27:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\URSoft
[2010/10/23 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\VSO
[2010/10/27 10:58:03 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2009/07/14 06:08:49 | 000,013,014 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/27 10:57:36 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/10/27 10:57:44 | 2110,251,008 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B4AF47A7

< End of report >
  • 0

#4
jimfdowning

jimfdowning

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Sorry think i did that wrong ill do it agian. 2 mins :D
  • 0

#5
jimfdowning

jimfdowning

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4962

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/10/2010 11:26:30
mbam-log-2010-10-27 (11-26-30).txt

Scan type: Quick scan
Objects scanned: 136816
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 27/10/2010 11:08:46 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Jim\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 207.33 Gb Free Space | 89.06% Space Free | Partition Type: NTFS
Drive F: | 15.08 Gb Total Space | 3.86 Gb Free Space | 25.56% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 87.17 Gb Free Space | 58.48% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/27 11:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/09 10:59:10 | 004,425,728 | ---- | M] () -- C:\Program Files (x86)\GigaTribe\gigatribe.exe
PRC - [2010/03/01 14:00:34 | 009,216,928 | ---- | M] (Innovative Solutions) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/11/11 16:33:06 | 003,171,760 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/10/15 10:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2008/09/25 14:54:04 | 002,040,456 | ---- | M] (CyberScrub LLC) -- C:\Program Files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe


========== Modules (SafeList) ==========

MOD - [2010/10/27 11:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/03/26 16:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\idmmkb.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/09 13:59:16 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/03 13:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/25 12:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/05/06 05:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 06:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/22 04:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 03:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 03:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/15 08:45:26 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/02/26 19:39:24 | 000,132,608 | ---- | M] (Unibrain) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ubohci.sys -- (ubohci)
DRV:64bit: - [2010/02/26 19:38:48 | 000,092,160 | ---- | M] (Unibrain) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\UBUMAPI.sys -- (ubumapi)
DRV:64bit: - [2010/02/26 19:38:30 | 000,024,064 | ---- | M] (Unibrain) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\UBSBM.sys -- (ubsbm)
DRV:64bit: - [2010/02/26 01:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/08/30 01:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/03/22 19:59:12 | 000,022,224 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2010/10/19 21:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101026.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/10/09 14:05:54 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101026.048\EX64.SYS -- (NAVEX15)
DRV - [2010/10/09 14:05:54 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/10/09 14:05:54 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/09 14:05:54 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101026.048\ENG64.SYS -- (NAVENG)
DRV - [2010/10/07 18:54:15 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/10/02 00:00:02 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 2C 1C B3 A4 68 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/10/10 19:05:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/10/09 13:59:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/10/07 01:45:23 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DriverMax] C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Privacy Suite RiskMonitor] C:\Program Files (x86)\CyberScrub Privacy Suite\Launch.exe ()
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk = C:\Program Files (x86)\GigaTribe\gigatribe.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\idmmbc.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\idmmbc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 11:01:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2010/10/27 10:04:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Malwarebytes
[2010/10/27 10:04:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/27 10:04:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/27 10:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/27 10:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/26 20:50:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\house.705.hdtv-lol_FreeeeWorld.info
[2010/10/26 16:14:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\FreeFileViewer
[2010/10/26 16:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeFileViewer
[2010/10/26 16:11:47 | 002,057,848 | ---- | C] (W3i, LLC) -- C:\Users\Jim\Desktop\FreeFileViewer2010Setup.exe
[2010/10/25 20:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberFOX Software
[2010/10/25 10:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVI MPEG RM WMV Splitter
[2010/10/23 14:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Snapshots Genius
[2010/10/23 14:00:47 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Bitsoft
[2010/10/22 17:47:18 | 000,022,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\elrawdsk.sys
[2010/10/22 17:47:18 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Evidence Eliminator
[2010/10/22 17:47:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\rddrv_9034752
[2010/10/22 17:47:02 | 000,143,360 | ---- | C] (Robin Hood Software Ltd) -- C:\Windows\SysWow64\EEGenFn1.dll
[2010/10/22 17:47:02 | 000,040,712 | ---- | C] (evidence-eliminator.com) -- C:\Windows\SysWow64\eetransx.exe
[2010/10/22 17:46:52 | 000,114,696 | ---- | C] (Teletech Systems, Inc.) -- C:\Windows\SysWow64\Fablock6.ocx
[2010/10/21 09:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/10/20 14:27:07 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\My Galleries
[2010/10/20 14:18:04 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\BSplayer Pro
[2010/10/20 14:18:04 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\BSplayer
[2010/10/18 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\CrashDumps
[2010/10/18 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Media Player Classic
[2010/10/18 09:26:00 | 000,187,392 | ---- | C] (Unibrain) -- C:\Windows\SysNative\drivers\UB1394.sys
[2010/10/18 09:26:00 | 000,132,608 | ---- | C] (Unibrain) -- C:\Windows\SysNative\drivers\ubohci.sys
[2010/10/18 09:26:00 | 000,092,160 | ---- | C] (Unibrain) -- C:\Windows\SysNative\drivers\UBUMAPI.sys
[2010/10/18 09:26:00 | 000,024,064 | ---- | C] (Unibrain) -- C:\Windows\SysNative\drivers\UBSBM.sys
[2010/10/15 18:00:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\DivX
[2010/10/15 17:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/10/15 17:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/10/15 17:58:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/10/15 17:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/10/15 17:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\My Received Files
[2010/10/15 17:13:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/15 15:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/15 15:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/10/15 15:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/10/15 15:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Apple
[2010/10/15 15:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/10/15 15:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/10/15 15:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010/10/15 15:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010/10/15 15:31:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\River Past G5
[2010/10/15 15:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\River Past G5
[2010/10/15 15:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\River Past
[2010/10/15 15:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\River Past
[2010/10/15 10:21:04 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/10/15 10:20:57 | 000,338,336 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/10/15 10:20:57 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/10/15 10:20:51 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2010/10/15 10:06:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\.jbidwatcher
[2010/10/14 19:44:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\AVS4YOU
[2010/10/14 19:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/10/14 19:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/10/14 19:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2010/10/13 22:01:53 | 000,000,000 | R--D | C] -- C:\Users\Jim\Documents\Scanned Documents
[2010/10/13 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\Fax
[2010/10/13 13:17:15 | 000,349,800 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010/10/13 12:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\My Drivers
[2010/10/13 12:58:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Innovative Solutions
[2010/10/13 12:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2010/10/13 12:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2010/10/11 15:37:18 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\GeoVid
[2010/10/11 15:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\fmm
[2010/10/11 15:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GeoVid
[2010/10/11 15:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\GeoVid
[2010/10/11 15:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoVid
[2010/10/11 15:27:15 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2010/10/11 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\URSoft
[2010/10/11 15:15:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\:spam: Studio
[2010/10/11 15:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}
[2010/10/11 15:10:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}
[2010/10/11 15:09:20 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\PackageAware
[2010/10/11 11:53:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/10/11 11:53:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/10/11 10:26:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\vlc
[2010/10/11 10:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/10/11 10:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2010/10/11 10:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GigaTribe
[2010/10/10 19:46:40 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/10 19:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/10/10 19:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberScrub Privacy Suite
[2010/10/10 19:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/10 19:12:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\VSO
[2010/10/10 19:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2010/10/10 19:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/10 19:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/10 19:05:59 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys
[2010/10/10 19:05:59 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys
[2010/10/10 19:05:58 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys
[2010/10/10 19:05:58 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys
[2010/10/10 19:05:58 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys
[2010/10/10 19:05:58 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys
[2010/10/10 19:05:58 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys
[2010/10/10 19:05:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1108000.005
[2010/10/10 19:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/10 19:02:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/10/09 13:59:22 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/09 13:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/09 13:58:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/10/09 13:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/10/09 13:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/10/09 13:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRar
[2010/10/08 20:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\ElevatedDiagnostics
[2010/10/08 16:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\GigaTribe Downloads
[2010/10/08 16:16:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Shalsoft
[2010/10/07 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\Tracing
[2010/10/07 21:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/10/07 21:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/10/07 21:41:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/07 21:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/07 21:34:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Windows Live
[2010/10/07 21:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/10/07 21:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/10/07 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\eMule
[2010/10/07 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\WinRAR
[2010/10/07 20:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Macromedia
[2010/10/07 20:12:59 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\CyberScrub
[2010/10/07 20:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/10/07 20:11:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Adobe
[2010/10/07 19:59:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\IDM
[2010/10/07 19:59:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\Documents\Downloads
[2010/10/07 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\DMCache
[2010/10/07 19:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/07 19:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/07 19:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/07 19:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/10/07 18:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/10/07 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2010/10/07 18:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/10/07 18:57:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/10/07 18:56:57 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/10/07 18:56:57 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/10/07 18:56:57 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/10/07 18:56:57 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/10/07 18:56:49 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/10/07 18:56:49 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/10/07 18:56:49 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/10/07 18:56:49 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/10/07 18:56:48 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/10/07 18:56:48 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/10/07 18:56:43 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/10/07 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/10/07 18:56:35 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/10/07 18:56:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/10/07 18:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/10/07 18:55:47 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/10/07 18:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/10/07 18:55:41 | 000,000,000 | ---D | C] -- C:\Intel
[2010/10/07 18:55:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DeviceVM
[2010/10/07 18:55:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/07 10:34:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/10/07 01:41:34 | 000,000,000 | R--D | C] -- C:\Users\Jim\Searches
[2010/10/07 01:41:34 | 000,000,000 | -H-D | C] -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/07 01:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Identities
[2010/10/07 01:41:23 | 000,000,000 | R--D | C] -- C:\Users\Jim\Contacts
[2010/10/07 01:41:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\VirtualStore
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\AppData\Local\Temporary Internet Files
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Templates
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Start Menu
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\SendTo
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Recent
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\PrintHood
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\NetHood
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Documents\My Videos
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Documents\My Pictures
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Documents\My Music
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\My Documents
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Local Settings
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\AppData\Local\History
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Cookies
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\Application Data
[2010/10/07 01:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Jim\AppData\Local\Application Data
[2010/10/07 01:41:09 | 000,000,000 | --SD | C] -- C:\Users\Jim\AppData\Roaming\Microsoft
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Videos
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Saved Games
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Pictures
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Music
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Links
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Favorites
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Downloads
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\My Documents
[2010/10/07 01:41:09 | 000,000,000 | R--D | C] -- C:\Users\Jim\Desktop
[2010/10/07 01:41:09 | 000,000,000 | -H-D | C] -- C:\Users\Jim\AppData
[2010/10/07 01:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Temp
[2010/10/07 01:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Microsoft
[2010/10/07 01:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Media Center Programs
[2010/10/07 01:40:54 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/10/07 01:40:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/07 01:35:19 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/10/07 01:34:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/27 11:10:06 | 001,185,956 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Cat.DB
[2010/10/27 11:05:10 | 000,018,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 11:05:10 | 000,018,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 11:02:12 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/27 11:02:12 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/27 11:02:12 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/27 11:01:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2010/10/27 10:58:03 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2010/10/27 10:57:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/27 10:57:36 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 10:04:19 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 09:41:18 | 000,009,728 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/10/26 22:31:51 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/26 16:13:32 | 000,001,107 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/26 16:13:30 | 000,001,083 | ---- | M] () -- C:\Users\Jim\Desktop\FreeFileViewer.lnk
[2010/10/26 16:11:46 | 002,057,848 | ---- | M] (W3i, LLC) -- C:\Users\Jim\Desktop\FreeFileViewer2010Setup.exe
[2010/10/25 20:33:14 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\JBidwatcher 2.1.lnk
[2010/10/25 11:10:04 | 000,001,052 | ---- | M] () -- C:\Users\Jim\Desktop\AVI MPEG RM WMV Splitter.lnk
[2010/10/25 09:52:25 | 000,000,031 | ---- | M] () -- C:\Windows\SysWow64\Days5.ini
[2010/10/23 14:30:28 | 000,001,071 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Video Snapshots Genius.lnk
[2010/10/23 14:30:28 | 000,001,047 | ---- | M] () -- C:\Users\Jim\Desktop\Video Snapshots.lnk
[2010/10/23 14:04:32 | 000,001,084 | ---- | M] () -- C:\Users\Jim\Desktop\Video Cleaner Pro.lnk
[2010/10/22 17:41:30 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/21 09:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/10/19 10:21:01 | 000,007,680 | ---- | M] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 15:31:25 | 000,165,363 | ---- | M] () -- C:\Windows\Video Cleaner Pro Uninstaller.exe
[2010/10/15 10:49:33 | 004,435,892 | ---- | M] () -- C:\Users\Jim\Desktop\JBidwatcher-2.1.2.exe
[2010/10/14 21:58:48 | 000,225,672 | ---- | M] () -- C:\Users\Jim\Desktop\CrucialUKScan.exe
[2010/10/14 19:43:22 | 000,001,297 | ---- | M] () -- C:\Users\Jim\Desktop\AVS4YOU Software Navigator.lnk
[2010/10/14 19:42:48 | 000,001,248 | ---- | M] () -- C:\Users\Jim\Desktop\AVS Video Converter 6.lnk
[2010/10/13 12:58:23 | 000,001,118 | ---- | M] () -- C:\Users\Jim\Desktop\DriverMax.lnk
[2010/10/11 15:35:24 | 000,001,034 | ---- | M] () -- C:\Users\Jim\Desktop\VidCrop.lnk
[2010/10/11 10:26:43 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/11 10:11:42 | 000,001,031 | ---- | M] () -- C:\Users\Jim\Desktop\Internet Download Manager.lnk
[2010/10/11 10:07:54 | 000,001,025 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk
[2010/10/11 10:07:54 | 000,000,981 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\GigaTribe.lnk
[2010/10/11 10:07:54 | 000,000,957 | ---- | M] () -- C:\Users\Jim\Desktop\GigaTribe.lnk
[2010/10/10 19:45:07 | 000,001,071 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberScrub Privacy Suite.lnk
[2010/10/10 19:45:07 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\CyberScrub Privacy Suite.lnk
[2010/10/10 19:28:32 | 000,002,480 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/10/10 18:56:48 | 000,001,537 | ---- | M] () -- C:\Users\Jim\Desktop\iexplore - Shortcut.lnk
[2010/10/09 13:59:16 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/10/09 13:59:16 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/09 13:59:16 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/08 22:57:34 | 000,001,441 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/08 22:28:14 | 000,015,562 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2010/10/07 18:54:08 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2010/10/07 01:43:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/07 01:38:05 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/10/07 01:38:05 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 10:04:19 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 09:34:42 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/10/26 16:13:50 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2010/10/26 16:13:32 | 000,001,107 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/26 16:13:30 | 000,001,083 | ---- | C] () -- C:\Users\Jim\Desktop\FreeFileViewer.lnk
[2010/10/26 09:34:17 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/10/25 20:33:14 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\JBidwatcher 2.1.lnk
[2010/10/25 10:57:05 | 000,001,052 | ---- | C] () -- C:\Users\Jim\Desktop\AVI MPEG RM WMV Splitter.lnk
[2010/10/25 09:52:25 | 000,000,031 | ---- | C] () -- C:\Windows\SysWow64\Days5.ini
[2010/10/23 14:30:28 | 000,001,071 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Video Snapshots Genius.lnk
[2010/10/23 14:30:28 | 000,001,047 | ---- | C] () -- C:\Users\Jim\Desktop\Video Snapshots.lnk
[2010/10/22 17:47:04 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\RDAccess.dll
[2010/10/22 17:47:02 | 000,025,864 | ---- | C] () -- C:\Windows\SysWow64\EEInstMngr.exe
[2010/10/22 17:47:02 | 000,024,620 | ---- | C] () -- C:\Windows\SysWow64\alert2093.wav
[2010/10/22 17:46:52 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\MSGHOO32.OCX
[2010/10/21 09:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/10/20 14:35:34 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/18 09:25:59 | 000,006,144 | ---- | C] () -- C:\Windows\SysNative\HdmiCoin.dll
[2010/10/15 15:37:04 | 000,001,084 | ---- | C] () -- C:\Users\Jim\Desktop\Video Cleaner Pro.lnk
[2010/10/15 15:31:22 | 000,165,363 | ---- | C] () -- C:\Windows\Video Cleaner Pro Uninstaller.exe
[2010/10/15 10:49:33 | 004,435,892 | ---- | C] () -- C:\Users\Jim\Desktop\JBidwatcher-2.1.2.exe
[2010/10/15 10:20:56 | 000,005,396 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2010/10/15 10:20:55 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/10/15 10:20:55 | 000,982,240 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2010/10/15 10:20:51 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/10/15 10:20:51 | 000,092,356 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2010/10/15 10:20:47 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/10/15 10:20:47 | 000,439,308 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2010/10/15 10:20:44 | 000,189,408 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2010/10/15 10:20:44 | 000,121,121 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2010/10/15 10:20:44 | 000,103,997 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2010/10/15 10:20:44 | 000,102,843 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2010/10/15 10:20:43 | 000,165,251 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2010/10/15 10:20:43 | 000,136,327 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2010/10/15 10:20:43 | 000,133,680 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2010/10/15 10:20:43 | 000,125,477 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2010/10/15 10:20:43 | 000,123,164 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2010/10/15 10:20:43 | 000,120,695 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2010/10/15 10:20:43 | 000,120,287 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2010/10/15 10:20:43 | 000,119,533 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2010/10/15 10:20:43 | 000,119,513 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2010/10/15 10:20:43 | 000,119,286 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2010/10/15 10:20:43 | 000,118,997 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2010/10/15 10:20:43 | 000,118,631 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2010/10/15 10:20:43 | 000,118,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2010/10/15 10:20:43 | 000,117,984 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2010/10/15 10:20:43 | 000,114,779 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2010/10/15 10:20:43 | 000,114,308 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2010/10/15 10:20:42 | 000,178,288 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2010/10/15 10:20:42 | 000,152,600 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2010/10/15 10:20:42 | 000,139,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2010/10/15 10:20:42 | 000,122,858 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2010/10/15 10:20:42 | 000,122,638 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2010/10/15 10:20:42 | 000,118,684 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2010/10/15 10:20:42 | 000,114,179 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2010/10/15 10:20:42 | 000,110,156 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2010/10/14 21:58:56 | 000,225,672 | ---- | C] () -- C:\Users\Jim\Desktop\CrucialUKScan.exe
[2010/10/14 19:43:22 | 000,001,297 | ---- | C] () -- C:\Users\Jim\Desktop\AVS4YOU Software Navigator.lnk
[2010/10/14 19:42:48 | 000,001,248 | ---- | C] () -- C:\Users\Jim\Desktop\AVS Video Converter 6.lnk
[2010/10/13 13:17:15 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010/10/13 12:58:23 | 000,001,118 | ---- | C] () -- C:\Users\Jim\Desktop\DriverMax.lnk
[2010/10/11 15:37:36 | 000,007,680 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 15:35:24 | 000,001,034 | ---- | C] () -- C:\Users\Jim\Desktop\VidCrop.lnk
[2010/10/11 15:35:22 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/11 15:35:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/11 15:35:22 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/10/11 10:26:43 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/11 10:11:42 | 000,001,031 | ---- | C] () -- C:\Users\Jim\Desktop\Internet Download Manager.lnk
[2010/10/11 10:07:54 | 000,001,025 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk
[2010/10/11 10:07:54 | 000,000,981 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\GigaTribe.lnk
[2010/10/11 10:07:54 | 000,000,957 | ---- | C] () -- C:\Users\Jim\Desktop\GigaTribe.lnk
[2010/10/10 19:45:07 | 000,001,071 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberScrub Privacy Suite.lnk
[2010/10/10 19:45:06 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\CyberScrub Privacy Suite.lnk
[2010/10/10 19:44:59 | 000,000,084 | ---- | C] () -- C:\Windows\csact.ini
[2010/10/10 19:28:00 | 001,185,956 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Cat.DB
[2010/10/10 19:05:59 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.cat
[2010/10/10 19:05:59 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symnetv64.cat
[2010/10/10 19:05:59 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symnet64.cat
[2010/10/10 19:05:59 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa.inf
[2010/10/10 19:05:59 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symnetv.inf
[2010/10/10 19:05:59 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symnet.inf
[2010/10/10 19:05:58 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.cat
[2010/10/10 19:05:58 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.cat
[2010/10/10 19:05:58 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.cat
[2010/10/10 19:05:58 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\iron.cat
[2010/10/10 19:05:58 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds.inf
[2010/10/10 19:05:58 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.inf
[2010/10/10 19:05:58 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.inf
[2010/10/10 19:05:58 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\iron.inf
[2010/10/10 19:05:57 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.cat
[2010/10/10 19:05:57 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.inf
[2010/10/10 19:05:34 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1108000.005\isolate.ini
[2010/10/10 18:56:48 | 000,001,537 | ---- | C] () -- C:\Users\Jim\Desktop\iexplore - Shortcut.lnk
[2010/10/09 13:59:22 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/10/09 13:59:22 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/10/09 13:59:08 | 000,002,480 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/10/08 22:57:34 | 000,001,441 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/08 22:28:14 | 000,015,562 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2010/10/07 18:57:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/10/07 18:57:15 | 000,205,824 | ---- | C] () -- C:\Windows\SysNative\iglhsip64.dll
[2010/10/07 18:57:14 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2010/10/07 18:57:14 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\iglhcp64.dll
[2010/10/07 18:57:14 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/10/07 18:57:14 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2010/10/07 18:57:14 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2010/10/07 18:57:14 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2010/10/07 18:57:14 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2010/10/07 18:54:08 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/10/07 18:46:37 | 028,135,936 | ---- | C] () -- C:\Users\Jim\Desktop\w7lxe.exe
[2010/10/07 01:43:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/07 01:41:10 | 000,000,290 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/07 01:41:10 | 000,000,272 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/07 01:34:42 | 1582,686,208 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/23 14:00:47 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Bitsoft
[2010/10/20 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\BSplayer
[2010/10/20 14:18:04 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\BSplayer Pro
[2010/10/07 20:12:59 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\CyberScrub
[2010/10/27 10:58:13 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DMCache
[2010/10/26 22:35:27 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FreeFileViewer
[2010/10/14 15:36:35 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GeoVid
[2010/10/13 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\IDM
[2010/10/15 15:31:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\River Past G5
[2010/10/11 15:27:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\URSoft
[2010/10/23 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\VSO
[2010/10/27 10:58:03 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2009/07/14 06:08:49 | 000,013,014 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/27 10:57:36 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/10/27 10:57:44 | 2110,251,008 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B4AF47A7

< End of report >

OTL Extras logfile created on: 27/10/2010 11:08:46 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Jim\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 207.33 Gb Free Space | 89.06% Space Free | Partition Type: NTFS
Drive F: | 15.08 Gb Total Space | 3.86 Gb Free Space | 25.56% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 87.17 Gb Free Space | 58.48% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe:*:Enabled:River Past Video Cleaner Pro -- (River Past Corporation)
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleaner.exe:*:Enabled:River Past Video Cleaner Pro -- (River Past Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Video Cleaner Pro" = River Past Video Cleaner Pro

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVI MPEG RM WMV Splitter_is1" = AVI/MPEG/RM/WMV Splitter 4.28
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"CyberScrub® Privacy Suite™ 5.1_is1" = CyberScrub® Privacy Suite™ 5.1
"DivX Setup.divx.com" = DivX Setup
"DMX5_is1" = DriverMax 5
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"FreeFileViewer_is1" = Free File Viewer 2010
"Internet Download Manager" = Internet Download Manager
"JBidwatcher_0" = JBidwatcher 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NIS" = Norton Internet Security
"ShalSoft.GigaTribe_is1" = GigaTribe 3.01.006
"VidCrop_is1" = VidCrop
"Video Snapshots Genius_is1" = Video Snapshots Genius 2.0
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/10/2010 04:36:39 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PC Tools Privacy Guardian v4.1.0.37 Patch.exe,
version: 0.0.0.0, time stamp: 0x46c9b047 Faulting module name: unknown, version:
0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000
Faulting
process id: 0x3cc Faulting application start time: 0x01cb75b1ef2209a3 Faulting application
path: C:\Users\Jim\AppData\Local\Temp\PC Tools Privacy Guardian v4.1.0.37 Patch.exe
Faulting
module path: unknown Report Id: 50a9c8f1-e1a5-11df-b673-6cf049dc5530

Error - 27/10/2010 04:40:53 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PC Tools Privacy Guardian v4.1.0.37 Patch.exe,
version: 0.0.0.0, time stamp: 0x46c9b047 Faulting module name: unknown, version:
0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000
Faulting
process id: 0x132c Faulting application start time: 0x01cb75b29fa7d5a9 Faulting application
path: C:\Users\Jim\AppData\Local\Temp\PC Tools Privacy Guardian v4.1.0.37 Patch.exe
Faulting
module path: unknown Report Id: e8652aa5-e1a5-11df-b5bc-6cf049dc5530

Error - 27/10/2010 04:41:34 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PC Tools Privacy Guardian v4.1.0.37 Patch.exe,
version: 0.0.0.0, time stamp: 0x46c9b047 Faulting module name: unknown, version:
0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000
Faulting
process id: 0x4ec Faulting application start time: 0x01cb75b2b943e7cf Faulting application
path: C:\Users\Jim\AppData\Local\Temp\PC Tools Privacy Guardian v4.1.0.37 Patch.exe
Faulting
module path: unknown Report Id: 0090dcb7-e1a6-11df-b5bc-6cf049dc5530

[ System Events ]
Error - 25/10/2010 18:05:24 | Computer Name = Jim-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 25/10/2010 18:05:26 | Computer Name = Jim-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 25/10/2010 18:05:26 | Computer Name = Jim-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 25/10/2010 19:02:16 | Computer Name = Jim-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 26/10/2010 03:57:05 | Computer Name = Jim-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 26/10/2010 06:22:58 | Computer Name = Jim-PC | Source = bowser | ID = 8003
Description =

Error - 26/10/2010 13:58:18 | Computer Name = Jim-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 26/10/2010 15:08:58 | Computer Name = Jim-PC | Source = bowser | ID = 8003
Description =

Error - 27/10/2010 04:39:10 | Computer Name = Jim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:37:05 on ?27/?10/?2010 was unexpected.

Error - 27/10/2010 04:52:40 | Computer Name = Jim-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.


< End of report >


Thats better :D
  • 0

#6
jimfdowning

jimfdowning

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Hello Ali

Are you going to help me out, it's been awhile since you asked for my logs :D

Cheers

Jim
  • 0

#7
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please download JavaRa to your desktop and unzip it to it's own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Next

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Kaspersky WebScanner Report
  • Update on how your computer is running

  • 0

#8
jimfdowning

jimfdowning

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4974

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/10/2010 14:45:49
mbam-log-2010-10-28 (14-45-49).txt

Scan type: Quick scan
Objects scanned: 137100
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-3916413018-4108604516-2788540214-1001\$RWNN1YJ.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 28, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 28, 2010 00:52:10
Records in database: 4183975
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 94529
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:14:46


File name / Threat / Threats count
C:\Program Files (x86)\GeoVid\VidCrop\MediaEngine.dll Infected: Backdoor.Win32.IRCNite.bmk 1

Selected area has been scanned.

Machine seems to be running ok havent had an alert about the info stealer.
  • 0

#9
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :D

Reset and Re-enable your System Restore

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
    [createrestorepoint]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Thank you ;)
  • 0

#10
jimfdowning

jimfdowning

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Im assuming this:

C:\Program Files (x86)\GeoVid\VidCrop\MediaEngine.dll Infected: Backdoor.Win32.IRCNite.bmk 1

is nothing to worry about? :D
  • 0

#11
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
it's part of GeoVid

if you don't use that you can simply uninstall it from the add/remove programs.
  • 0

#12
jimfdowning

jimfdowning

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Ok

Thanks for your help :D
  • 0

#13
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP