Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SPACE EATING HDD VIRUS ( i think )


  • Please log in to reply

#1
SOLOBAGGINS

SOLOBAGGINS

    Member

  • Member
  • PipPip
  • 34 posts
Hi guys

My desktop Pc seems to be fluctuating between losing then gaining HD space. Im pretty regular with the checks I do with the C drive due to the small 74Gb Raptor drive that I have. I usually have approx 13Gb free now its showing about 8. When I use some of the streaming movie / football sites I have noticed a massive redution of free space on the drive. in fact the other night I recieved a warning that I had 0 space left on the c drive. Im pretty sure ive stupidly downloaded a virus via a media player update ( Divx or something ). Ive read some of the other questions related to this topic and followed the cobofix example ie running a scan after switching off my virus software / firewall ect - there was a slight increase in hd space ( currently 8.44 free ) - however when i use the football/movie site the hd space evaporates again!!

Please help!

Im using:

windows vista home 32 bit
intel q6600
raptor 74gb drive
asus pk5c mobo
ati radeon hd5800 video card



OTL logfile created on: 2011-02-07 14:10:29 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Richard\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.25 Gb Total Space | 8.17 Gb Free Space | 11.80% Space Free | Partition Type: NTFS
Drive D: | 2.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 298.09 Gb Total Space | 135.12 Gb Free Space | 45.33% Space Free | Partition Type: NTFS

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-02-07 14:09:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
PRC - [2011-01-20 19:41:52 | 002,548,552 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011-01-20 19:41:51 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2011-01-04 16:33:45 | 002,850,296 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010-10-27 02:51:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-10-27 02:51:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010-09-27 09:49:12 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010-09-15 08:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2010-09-01 06:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010-06-26 18:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010-02-19 16:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO livePCsupport\CLPSLS.exe
PRC - [2009-12-22 02:31:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009-04-11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007-05-09 08:58:56 | 000,603,648 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
PRC - [2006-03-30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011-02-07 14:09:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
MOD - [2011-01-11 18:48:07 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010-08-31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2011-01-20 19:41:51 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011-01-04 16:33:45 | 002,850,296 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010-12-02 15:46:48 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-10-27 02:51:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-09-15 08:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2010-03-29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010-03-18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 16:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2009-12-22 02:31:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009-09-25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008-11-11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-01-19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-10-25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006-03-30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011-01-11 18:48:07 | 000,080,064 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011-01-11 18:48:06 | 000,236,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011-01-11 18:48:06 | 000,034,744 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011-01-11 18:48:06 | 000,017,256 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2010-10-27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-10-27 02:14:04 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-10-15 08:57:10 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010-09-24 12:46:12 | 000,099,856 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010-09-15 08:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009-12-22 02:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-12-21 22:17:33 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-12-21 22:17:33 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-09-19 05:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-09-19 05:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2009-09-19 05:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009-09-19 05:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009-04-27 01:55:42 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008-12-20 00:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008-10-08 05:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-05-23 16:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007-07-29 09:51:10 | 000,048,896 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006-11-02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006-11-02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006-11-02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006-11-02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006-11-02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006-11-02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006-11-02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006-11-02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006-11-02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006-11-02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006-11-02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006-11-02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006-11-02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006-11-02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006-11-02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006-11-02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006-11-02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006-11-02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006-11-02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006-11-02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006-11-02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006-11-02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006-11-02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006-11-02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006-11-02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006-10-19 03:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2006-10-18 21:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-08-12 10:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker


O1 HOSTS File: ([2011-02-07 13:52:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-08-16 12:57:50 | 000,000,154 | R--- | M] () - D:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2010-10-05 14:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006-09-11 13:26:42 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-02-07 14:09:37 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2011-02-07 13:57:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-02-07 13:54:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-02-07 13:45:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-02-07 13:45:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011-02-07 13:41:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\swxcacls.exe
[2011-02-07 13:20:36 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\JAM Software
[2011-02-07 13:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2011-02-07 13:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2011-01-23 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\New Folder
[2011-01-18 01:46:08 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\Freecorder 4
[2011-01-18 01:46:03 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder
[2011-01-18 01:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2011-01-18 01:45:07 | 000,000,000 | ---D | C] -- C:\Windows\FLV Player
[2011-01-18 01:45:07 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
[2011-01-18 01:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-02-07 14:09:38 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2011-02-07 14:07:05 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2011-02-07 14:03:54 | 000,617,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-02-07 14:03:54 | 000,111,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-02-07 13:57:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-07 13:57:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-07 13:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-07 13:52:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-02-07 13:37:46 | 004,264,433 | R--- | M] () -- C:\Users\Richard\Desktop\ComboFix.exe
[2011-02-07 13:28:55 | 000,193,024 | ---- | M] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-07 13:20:35 | 000,001,029 | ---- | M] () -- C:\Users\Richard\Desktop\TreeSize Free.lnk
[2011-02-07 13:17:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3077914039-1746756110-79447021-1000UA.job
[2011-02-06 22:17:00 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3077914039-1746756110-79447021-1000Core.job
[2011-02-04 16:21:23 | 000,014,986 | ---- | M] () -- C:\Users\Richard\Desktop\R Mair 03 02 11 Invoice 10610 Paid rtf.rtf
[2011-02-04 16:21:05 | 006,626,304 | ---- | M] () -- C:\Users\Richard\Desktop\Paintball Route Card.doc
[2011-01-29 10:00:34 | 000,025,088 | ---- | M] () -- C:\Users\Richard\Desktop\Payment holiday letter.doc
[2011-01-27 08:20:50 | 000,024,064 | ---- | M] () -- C:\Users\Richard\Desktop\letter to ewan.doc
[2011-01-27 08:09:23 | 000,129,024 | ---- | M] () -- C:\Users\Richard\Desktop\flexible-working-application[1].doc
[2011-01-27 08:07:16 | 000,097,792 | ---- | M] () -- C:\Users\Richard\Desktop\maternity-leave-statement-of-intention-form[1].doc
[2011-01-27 07:54:11 | 000,004,096 | -H-- | M] () -- C:\Users\Richard\AppData\Local\keyfile3.drm
[2011-01-22 11:38:22 | 000,423,076 | ---- | M] () -- C:\Users\Richard\Desktop\Photo0002.jpg
[2011-01-11 18:48:07 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2011-01-11 18:48:07 | 000,080,064 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2011-01-11 18:48:06 | 000,236,600 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2011-01-11 18:48:06 | 000,034,744 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2011-01-11 18:48:06 | 000,017,256 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-02-07 13:45:17 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011-02-07 13:45:17 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011-02-07 13:37:39 | 004,264,433 | R--- | C] () -- C:\Users\Richard\Desktop\ComboFix.exe
[2011-02-07 13:20:35 | 000,001,029 | ---- | C] () -- C:\Users\Richard\Desktop\TreeSize Free.lnk
[2011-02-04 16:21:22 | 000,014,986 | ---- | C] () -- C:\Users\Richard\Desktop\R Mair 03 02 11 Invoice 10610 Paid rtf.rtf
[2011-02-04 16:21:01 | 006,626,304 | ---- | C] () -- C:\Users\Richard\Desktop\Paintball Route Card.doc
[2011-01-29 10:00:34 | 000,025,088 | ---- | C] () -- C:\Users\Richard\Desktop\Payment holiday letter.doc
[2011-01-27 08:20:50 | 000,024,064 | ---- | C] () -- C:\Users\Richard\Desktop\letter to ewan.doc
[2011-01-27 08:05:28 | 000,097,792 | ---- | C] () -- C:\Users\Richard\Desktop\maternity-leave-statement-of-intention-form[1].doc
[2011-01-27 07:54:11 | 000,004,096 | -H-- | C] () -- C:\Users\Richard\AppData\Local\keyfile3.drm
[2011-01-26 07:43:08 | 000,129,024 | ---- | C] () -- C:\Users\Richard\Desktop\flexible-working-application[1].doc
[2011-01-22 11:36:02 | 000,423,076 | ---- | C] () -- C:\Users\Richard\Desktop\Photo0002.jpg
[2010-10-27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010-10-14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010-10-03 18:48:17 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010-10-03 18:48:17 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010-01-26 21:09:44 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009-12-21 22:17:33 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009-12-21 22:17:33 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009-11-09 02:08:10 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2009-11-09 02:08:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2009-11-09 02:08:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2009-11-09 02:08:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009-09-24 06:38:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-03-18 15:01:21 | 000,000,012 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\ClipExtractor-UpdatePerformed.txt
[2008-11-08 11:58:21 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008-10-21 17:45:56 | 000,022,328 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\PnkBstrK.sys
[2008-10-21 17:45:32 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008-09-28 14:29:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008-09-26 22:00:02 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2008-09-26 22:00:02 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008-09-19 21:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008-08-02 17:15:12 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008-08-02 17:15:11 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008-08-02 17:15:10 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008-08-02 17:15:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008-08-01 18:09:43 | 000,000,691 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\GetValue.vbs
[2008-08-01 18:09:43 | 000,000,035 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\SetValue.bat
[2008-07-06 17:34:45 | 000,193,024 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-07-01 02:07:19 | 000,013,013 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008-07-01 02:06:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008-07-01 02:06:54 | 000,012,760 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008-07-01 02:06:49 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008-07-01 02:00:07 | 000,000,680 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-06-11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-06-11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006-11-02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996-04-03 19:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008-08-01 20:54:53 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Auslogics
[2008-09-26 22:22:53 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Canneverbe_Limited
[2010-03-07 16:38:30 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\CheckPoint
[2009-07-28 16:42:40 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\eBookPro6
[2008-07-01 17:55:02 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\GetRightToGo
[2011-02-07 13:20:36 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\JAM Software
[2008-11-08 15:37:15 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Moyea
[2008-08-01 17:38:28 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\My Games
[2008-09-26 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\NCH Swift Sound
[2010-10-03 18:57:29 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\PC Suite
[2010-10-03 18:45:19 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Samsung
[2011-01-06 12:49:35 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Sports Interactive
[2009-03-04 21:28:31 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\The Creative Assembly
[2009-12-23 23:45:34 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Ubisoft
[2010-03-13 12:53:42 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\uTorrent
[2011-02-07 13:56:22 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP