Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus eating hdd space - OTL Log

Started by SwaggerB , Feb 10 2011 07:25 PM

  • Please log in to reply

#1
SwaggerB
Posted 10 February 2011 - 07:25 PM

SwaggerB

    New Member

  • Member
  • Pip
  • 1 posts
Below is OTL Log - something is eating away at my hdd space - space is just dissapearing without any normal reason - definitely infected with something - using windows 7 64bit. Help greatly appreciated. Cheers!

OTL logfile created on: 2/11/2011 11:18:48 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\rodney\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 8.09 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 596.17 Gb Total Space | 113.31 Gb Free Space | 19.01% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 22.96 Gb Free Space | 1.64% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 6.19 Gb Free Space | 1.33% Space Free | Partition Type: NTFS

Computer Name: RODNEY-PC | User Name: rodney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/11 11:10:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\rodney\Desktop\OTL.com
PRC - [2011/01/18 06:07:06 | 000,150,632 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
PRC - [2011/01/18 06:07:04 | 000,355,432 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/24 12:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/11/08 09:11:06 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/09/01 14:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/07/02 02:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/04/23 23:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe


========== Modules (SafeList) ==========

MOD - [2011/02/11 11:10:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\rodney\Desktop\OTL.com
MOD - [2010/11/05 09:57:12 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
MOD - [2010/08/21 15:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/24 12:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe -- (NAV)
SRV - [2010/11/08 09:11:06 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/18 21:42:27 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/17 00:34:51 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/12/01 15:24:00 | 000,382,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/27 19:11:51 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/23 14:08:32 | 000,735,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/23 14:08:32 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/18 12:59:55 | 000,802,864 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/11/16 11:45:33 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/23 19:21:02 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/10/23 19:21:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/10/23 19:09:08 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/10/21 12:28:36 | 000,450,608 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/05/04 20:07:43 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 12:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/02/03 15:51:40 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110209.021\EX64.SYS -- (NAVEX15)
DRV - [2011/02/03 15:51:40 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110209.021\ENG64.SYS -- (NAVENG)
DRV - [2011/01/18 06:07:02 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2010/11/27 19:15:32 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/11/27 19:15:32 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/23 12:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/09 10:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110210.001\IDSviA64.sys -- (IDSVia64)
DRV - [2008/09/05 00:00:00 | 000,021,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 -- (EverestDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B B7 98 5D D5 7F CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/02/09 18:15:33 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 19:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{28d66b43-ec57-11de-8048-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28d66b43-ec57-11de-8048-806e6f6e6963}\Shell\AutoRun\command - "" = E:\BlueBirds.exe -- [2009/04/29 19:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O33 - MountPoints2\{2ac9b71b-37db-11df-a92e-00248c4e341f}\Shell - "" = AutoRun
O33 - MountPoints2\{2ac9b71b-37db-11df-a92e-00248c4e341f}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6febb8e8-de85-11df-9cb4-00248c4e341f}\Shell - "" = AutoRun
O33 - MountPoints2\{6febb8e8-de85-11df-9cb4-00248c4e341f}\Shell\AutoRun\command - "" = H:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/11 11:10:04 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\rodney\Desktop\OTL.com
[2011/02/01 09:55:00 | 000,000,000 | ---D | C] -- C:\Users\rodney\Documents\LucasArts
[2011/02/01 09:55:00 | 000,000,000 | ---D | C] -- C:\Users\rodney\AppData\Local\LucasArts
[2011/01/23 14:09:37 | 000,000,000 | ---D | C] -- C:\Users\rodney\AppData\Roaming\NVIDIA
[2011/01/23 12:07:55 | 000,000,000 | ---D | C] -- C:\Users\rodney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision
[2011/01/23 12:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2011/01/23 11:51:17 | 000,000,000 | ---D | C] -- C:\Users\rodney\AppData\Roaming\FTWeak
[2011/01/23 11:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/01/23 11:48:29 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/01/23 11:48:29 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/01/23 11:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/01/23 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\rodney\Documents\ASUS
[2011/01/23 10:27:33 | 001,354,240 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atklumdispx.dll
[2011/01/23 10:27:32 | 002,212,864 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKDispCPL.dll
[2011/01/23 10:27:32 | 000,039,424 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys
[2011/01/23 10:27:32 | 000,017,792 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\asusgsb.sys
[2011/01/15 17:04:34 | 000,000,000 | ---D | C] -- C:\Users\rodney\AppData\Roaming\Winamp
[2010/05/04 20:07:43 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\rodney\AppData\Roaming\pcouffin.sys
[2009/07/12 03:54:28 | 000,668,992 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\Spooge.dll
[2009/07/12 03:54:28 | 000,566,592 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\SimEngine.dll
[2009/07/12 03:54:28 | 000,521,536 | ---- | C] (Relic Entertainment Inc.) -- C:\Program Files (x86)\STLPort.dll
[2009/07/12 03:54:28 | 000,476,480 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\Shark.dll
[2009/07/12 03:54:28 | 000,329,024 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\Util.dll
[2009/07/12 03:54:28 | 000,087,288 | ---- | C] (Valve Corporation) -- C:\Program Files (x86)\steam_api.dll
[2009/07/12 03:54:28 | 000,032,576 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\XThread.dll
[2009/07/12 03:54:27 | 000,165,184 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\MathBox.dll
[2009/07/12 03:54:27 | 000,165,184 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\LuaConfig.dll
[2009/07/12 03:54:27 | 000,099,648 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\Platform.dll
[2009/07/12 03:54:27 | 000,070,976 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\Memory.dll
[2009/07/12 03:54:27 | 000,058,688 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\Localizer.dll
[2009/07/12 03:54:27 | 000,020,800 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\Profiler.dll
[2009/07/12 03:54:26 | 002,801,756 | ---- | C] (Intel Corporation) -- C:\Program Files (x86)\libmmd.dll
[2009/07/12 03:54:26 | 000,655,360 | ---- | C] (Intel Corporation) -- C:\Program Files (x86)\libifcoremd.dll
[2009/07/12 03:54:26 | 000,200,704 | ---- | C] (Intel Corporation) -- C:\Program Files (x86)\libguide40.dll
[2009/07/12 03:54:24 | 007,475,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\libacml_mp_dll.dll
[2009/07/12 03:54:24 | 000,352,256 | ---- | C] (Intel Corporation) -- C:\Program Files (x86)\ijl15.dll
[2009/07/12 03:54:23 | 001,054,016 | ---- | C] (Firelight Technologies) -- C:\Program Files (x86)\fmodex.dll
[2009/07/12 03:54:23 | 000,267,584 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\Filesystem.dll
[2009/07/12 03:54:18 | 000,234,576 | ---- | C] (BugSplat, LLC) -- C:\Program Files (x86)\BsSndRpt.exe
[2009/07/12 03:54:18 | 000,227,408 | ---- | C] (BugSplat, LLC) -- C:\Program Files (x86)\BugSplat.dll
[2009/07/12 03:54:18 | 000,186,448 | ---- | C] (BugSplat, LLC) -- C:\Program Files (x86)\BugSplatHD.exe
[2009/07/12 03:54:18 | 000,136,512 | ---- | C] (BugSplat, LLC) -- C:\Program Files (x86)\BugSplatRC.dll
[2009/07/12 03:54:18 | 000,054,592 | ---- | C] (THQ Canada Inc.) -- C:\Program Files (x86)\Debug.dll
[2009/07/03 05:18:49 | 003,203,072 | ---- | C] (by Legolas) -- C:\Program Files (x86)\LDCPlusPlus.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/11 11:12:56 | 000,024,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/11 11:12:56 | 000,024,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/11 11:10:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\rodney\Desktop\OTL.com
[2011/02/11 11:03:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/11 11:03:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/11 11:02:38 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/11 10:20:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/11 06:45:53 | 000,000,069 | ---- | M] () -- C:\Windows\SysWow64\everest_cpl.ini
[2011/02/11 03:19:39 | 000,416,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/10 15:22:31 | 001,264,558 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Cat.DB
[2011/02/09 18:15:06 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/02/04 08:32:24 | 000,743,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/04 08:32:24 | 000,635,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/04 08:32:24 | 000,111,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/01 09:54:55 | 000,001,054 | ---- | M] () -- C:\Users\rodney\Desktop\SWTFU2 - Shortcut.lnk
[2011/01/30 08:19:14 | 000,017,669 | ---- | M] () -- C:\Users\rodney\Documents\FBT April 2010 March end 2011.xlsx
[2011/01/29 20:51:39 | 000,000,229 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/01/23 12:07:57 | 000,001,084 | ---- | M] () -- C:\Users\rodney\Desktop\EVGA Precision.lnk
[2011/01/21 11:36:44 | 000,007,664 | ---- | M] () -- C:\Users\rodney\AppData\Local\Resmon.ResmonCfg
[2011/01/20 12:02:21 | 000,001,118 | ---- | M] () -- C:\Users\rodney\Desktop\EVEREST Ultimate Edition.lnk
[2011/01/19 15:48:48 | 000,011,174 | ---- | M] () -- C:\Users\rodney\Documents\Shaolin Nan Quan Training Guide 2011.docx
[2011/01/19 15:48:35 | 000,010,479 | ---- | M] () -- C:\Users\rodney\Documents\Shaolin Nan Quan Training Guide 2011 JONGS.docx
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/01 09:54:55 | 000,001,054 | ---- | C] () -- C:\Users\rodney\Desktop\SWTFU2 - Shortcut.lnk
[2011/01/23 12:07:57 | 000,001,084 | ---- | C] () -- C:\Users\rodney\Desktop\EVGA Precision.lnk
[2011/01/23 11:48:29 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/01/20 12:02:21 | 000,001,118 | ---- | C] () -- C:\Users\rodney\Desktop\EVEREST Ultimate Edition.lnk
[2011/01/20 08:26:24 | 000,007,664 | ---- | C] () -- C:\Users\rodney\AppData\Local\Resmon.ResmonCfg
[2011/01/19 14:02:43 | 000,010,479 | ---- | C] () -- C:\Users\rodney\Documents\Shaolin Nan Quan Training Guide 2011 JONGS.docx
[2011/01/19 13:57:06 | 000,011,174 | ---- | C] () -- C:\Users\rodney\Documents\Shaolin Nan Quan Training Guide 2011.docx
[2010/11/27 20:03:58 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini
[2010/11/27 11:27:32 | 001,103,360 | ---- | C] () -- C:\Windows\SysWow64\cidfont.dll
[2010/05/04 20:08:54 | 000,001,189 | ---- | C] () -- C:\Users\rodney\AppData\Roaming\vso_ts_preview.xml
[2010/05/04 20:08:29 | 000,000,034 | ---- | C] () -- C:\Users\rodney\AppData\Roaming\pcouffin.log
[2010/05/04 20:07:43 | 000,099,384 | ---- | C] () -- C:\Users\rodney\AppData\Roaming\inst.exe
[2010/05/04 20:07:43 | 000,007,859 | ---- | C] () -- C:\Users\rodney\AppData\Roaming\pcouffin.cat
[2010/05/04 20:07:43 | 000,001,167 | ---- | C] () -- C:\Users\rodney\AppData\Roaming\pcouffin.inf
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/13 11:30:56 | 000,014,336 | ---- | C] () -- C:\Users\rodney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/28 17:25:47 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/26 08:00:59 | 000,000,229 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/01/22 11:33:06 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/12/23 07:57:58 | 000,000,260 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/12/19 15:04:38 | 000,000,047 | ---- | C] () -- C:\Windows\MediaGUI.INI
[2009/12/19 11:55:59 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/12 03:54:27 | 000,056,813 | ---- | C] () -- C:\Program Files (x86)\readme_english.txt
[2009/07/12 03:54:24 | 000,001,071 | ---- | C] () -- C:\Program Files (x86)\installscript.vdf
[2009/07/12 03:54:23 | 000,101,626 | ---- | C] () -- C:\Program Files (x86)\DOW2.exe.cat
[2009/07/12 03:54:23 | 000,086,016 | ---- | C] () -- C:\Program Files (x86)\FileParser.dll
[2009/07/12 03:54:23 | 000,000,456 | ---- | C] () -- C:\Program Files (x86)\Essence.ini
[2009/07/12 03:54:23 | 000,000,281 | ---- | C] () -- C:\Program Files (x86)\DOW2.exe.cfg
[2009/07/12 03:54:18 | 000,413,696 | ---- | C] () -- C:\Program Files (x86)\DivxDecoder.dll
[2009/07/12 03:54:18 | 000,086,016 | ---- | C] () -- C:\Program Files (x86)\DivxMediaLib.dll
[2009/07/03 05:18:49 | 015,576,064 | ---- | C] () -- C:\Program Files (x86)\LDCPlusPlus.pdb
[2009/07/03 05:18:49 | 000,068,223 | ---- | C] () -- C:\Program Files (x86)\IT_v2.xml
[2009/07/03 05:18:49 | 000,018,581 | ---- | C] () -- C:\Program Files (x86)\License.txt
[2009/07/03 05:18:49 | 000,010,802 | ---- | C] () -- C:\Program Files (x86)\LICENSE-iTunesSDK.txt
[2009/07/03 05:18:49 | 000,003,608 | ---- | C] () -- C:\Program Files (x86)\LICENSE-GeoIP.txt
[2009/07/03 05:18:49 | 000,003,139 | ---- | C] () -- C:\Program Files (x86)\changelog-ldc.txt

========== LOP Check ==========

[2010/02/28 17:37:17 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\Ashampoo
[2010/11/04 13:34:25 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\Audacity
[2010/11/12 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\AVG10
[2011/02/11 11:00:47 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\BitTorrent
[2010/12/19 04:51:25 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\bizarre creations
[2010/08/26 14:11:38 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\CD-LabelPrint
[2010/09/22 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\Codemasters
[2010/08/28 14:50:48 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/21 12:00:00 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\D-Link Media Server
[2010/10/23 19:15:30 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\DAEMON Tools Lite
[2011/01/23 15:48:47 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\FTWeak
[2010/11/28 18:34:35 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\ImgBurn
[2010/02/28 17:37:20 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\MediaServerDump
[2010/11/12 13:37:58 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\NCH Swift Sound
[2010/11/12 13:37:59 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\Recordpad
[2010/12/20 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\Tific
[2010/12/02 20:26:55 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\Uniblue
[2010/12/05 20:47:34 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\Vso
[2010/08/05 15:55:28 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\WinBatch
[2010/05/31 21:54:53 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\WindSolutions
[2010/05/09 12:24:00 | 000,000,000 | ---D | M] -- C:\Users\rodney\AppData\Roaming\Yamb
[2009/07/14 15:08:49 | 000,023,426 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP