Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Threat:Win32/Olmarik.AJL trojan


  • Please log in to reply

#1
Dan26TN

Dan26TN

    New Member

  • Member
  • Pip
  • 3 posts
Nod32 notified me of this error upon booting into my windows today

Threat found MBR sector of the 0. physical disk. Threat:Win32/Olmarik.AJL trojan

Nod32 could NOT fix this issue.

I searched google and found another guy with this same problem a few days ago posted in the forums

I ran TDSSKiller.exe (from this site), and it found a rootkit RootKit.Win32.TDSS.tdll4

Clicked cure and rebooted as was instructed.

Upon rebooting Nod32 NO longer finds any problems , re ran TDSSKiller.exe and no root kits are found now.

Do you guy's think I am ok? I am currently running a Full Malware Bytes Scan .... and I will also run a full nod32 scan but this will take a while

Any help will be appreciated , please forgive my sentence to sentence posting style lol.
  • 0

Advertisements


#2
Dan26TN

Dan26TN

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Also to note, I tried to run combofix (downloaded from link posted in Dave's topic on same trojan variant), but it just sat there with a blue screen forever and did not work. I disabled Nod32 completely as far as I know. Combofix DID detect AVG free edition running but I have had AVG uninstalled for months, so I am not sure how to make that go away ... I presume this could be stopping combofix from running properly.

Here is my OTL log also


OTL logfile created on: 4/13/2011 12:46:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Daniel Riggs\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 313.33 Gb Free Space | 33.64% Space Free | Partition Type: NTFS

Computer Name: DRIGG103063 | User Name: Daniel Riggs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/13 12:46:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Riggs\Desktop\OTL.exe
PRC - [2011/04/07 16:33:55 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/26 03:35:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/26 01:27:34 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/10/05 10:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2010/08/31 23:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/13 12:46:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Riggs\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/04 18:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/07 16:33:55 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/26 03:35:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/26 01:27:34 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/14 17:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/11/19 23:27:31 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/01 16:51:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/04/01 16:46:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/04 19:48:07 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/04/04 19:48:07 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/03/03 10:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/09 21:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 600(UVC)
DRV:64bit: - [2010/11/09 21:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/09/29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/03 07:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/08/26 20:07:20 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/07/29 13:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 13:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 13:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/06/21 20:57:10 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/21 20:57:09 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/22 15:40:36 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/20 06:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 06:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 16 F0 87 98 64 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/news
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/01/03 00:15:44 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HKLM] C:\Users\Daniel Riggs\AppData\Roaming\install\server.exe (Microsoft)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKCU..\Run: [HKCU] C:\Users\Daniel Riggs\AppData\Roaming\install\server.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Daniel Riggs\AppData\Roaming\install\server.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Daniel Riggs\AppData\Roaming\install\server.exe (Microsoft)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 12:46:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel Riggs\Desktop\OTL.exe
[2011/04/13 12:29:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/13 12:29:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/13 12:28:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/13 12:22:47 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Daniel Riggs\Desktop\TDSSKiller.exe
[2011/04/12 12:20:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{AAE849AD-80B5-4899-AB0C-CAB4D6D82811}
[2011/04/11 21:32:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/11 21:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/11 21:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/04/11 21:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/04/11 21:03:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\Documents\Anomaly Warzone Earth
[2011/04/11 21:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anomaly Warzone Earth
[2011/04/11 21:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anomaly Warzone Earth
[2011/04/11 11:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/04/11 11:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/04/11 11:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/04/11 11:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/04/11 11:24:36 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/04/11 11:24:36 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/04/11 11:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/04/11 11:24:00 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/04/10 22:03:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{3386C2D0-B477-4256-8DED-CA2B45F752DF}
[2011/04/10 18:48:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\Documents\Shadow Harvest
[2011/04/10 02:50:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{D9EEECC5-5854-4B91-BB06-6581C3B12C02}
[2011/04/08 21:03:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\Desktop\Scrublife Mixtape - Hosted by DJ SKEE & Dale Firebird
[2011/04/08 16:05:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{980841F8-65E5-4606-8871-DDF3515B6B80}
[2011/04/07 23:10:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\Documents\Max Payne 2 Savegames
[2011/04/07 15:48:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\AliensVsPredator
[2011/04/07 14:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/04/06 22:34:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{694C606E-92BE-488E-AE33-0C06A4570E41}
[2011/04/05 21:41:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{9B1B415D-D6EA-4CFF-8461-F22793D5F850}
[2011/04/04 19:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2011/04/04 19:45:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\EA Games
[2011/04/04 19:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011/04/04 16:22:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{692D4F21-ACEB-4A78-BD33-8D2883C82BA0}
[2011/04/03 17:43:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{782781D4-6B74-4F17-863D-444EDEA8D3D5}
[2011/04/01 22:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Siege 2
[2011/04/01 22:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/04/01 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{6DC0625B-0CF8-4873-B67C-6C7AB323144E}
[2011/04/01 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/04/01 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Roaming\PunkBuster
[2011/03/31 16:44:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\Documents\Darkspore
[2011/03/31 16:44:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Roaming\DarksporeData
[2011/03/30 22:39:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{D960A7E3-BE28-4A80-981A-8000540F0CF2}
[2011/03/30 18:07:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\Chromium
[2011/03/30 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\Documents\SHIFT 2 UNLEASHED
[2011/03/30 15:43:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{95AA595E-66A7-42D3-8B0A-29E17128B3B2}
[2011/03/29 23:35:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{F3DDE0C3-464E-420D-8446-08568CE179C3}
[2011/03/29 18:57:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{6AB8346C-79FA-4F4E-B194-D3C4568C7C64}
[2011/03/28 17:19:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{186BEE9B-FAA1-41E9-A98E-4F38E8A11C94}
[2011/03/27 23:58:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011/03/27 14:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2011/03/27 14:19:03 | 000,016,384 | ---- | C] (Sikandar's Lab) -- C:\Users\Daniel Riggs\AppData\Roaming\ctfmon.exe
[2011/03/27 13:17:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/27 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\Google
[2011/03/27 13:16:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\Deployment
[2011/03/26 18:03:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{FB1E7AE1-CAE8-4907-9C8F-997DD6B5A7C2}
[2011/03/25 22:11:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{1B8B5C12-3469-4E7A-8290-5565955831CC}
[2011/03/25 09:34:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{D2CB4DBE-8BE8-44E3-8381-6B7A731444FF}
[2011/03/24 15:27:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{6B142364-BFDB-4068-B25D-C47734983EF1}
[2011/03/23 14:53:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{FE8513C9-2D2B-4F2E-BC1E-408DEDE05422}
[2011/03/22 14:41:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/03/22 13:01:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{A1003A4B-DB1F-4CE7-89B1-FC32B7AD77DE}
[2011/03/21 14:17:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{0EB531BD-5B2E-4F1B-B864-69E676AA7786}
[2011/03/20 17:48:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{EFCF98C9-85E9-4A4D-B14C-8B7E4A34A428}
[2011/03/20 17:48:04 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{9CB889B1-6098-431A-B1D3-A4834C67BF93}
[2011/03/19 20:57:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\Documents\Video Mask Projects
[2011/03/19 15:38:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\3DMGAME
[2011/03/19 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{750C97DD-5796-4D85-B5EC-A7B3DB7AB7C9}
[2011/03/19 01:47:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{57CA6D2D-E3D5-496C-AB3A-D1C7FC5A223A}
[2011/03/17 17:19:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Roaming\Windows Live Writer
[2011/03/17 17:19:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\Windows Live Writer
[2011/03/17 17:07:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\Documents\Remote Assistance Logs
[2011/03/17 17:03:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\{DA5C1733-CE6F-49A8-82FD-286F5D6FDB76}
[2011/03/17 16:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/03/17 16:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/17 16:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/03/17 16:55:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Local\Windows Live
[2011/03/17 16:14:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel Riggs\AppData\Roaming\Logitech
[2010/08/26 20:07:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Daniel Riggs\AppData\Roaming\pcouffin.sys
[2010/07/07 12:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 12:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/13 12:48:42 | 004,522,387 | -H-- | M] () -- C:\Users\Daniel Riggs\AppData\Roaming\Daniel Riggslog.dat
[2011/04/13 12:46:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Riggs\Desktop\OTL.exe
[2011/04/13 12:46:23 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 12:46:23 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 12:38:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/04/13 12:38:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/13 12:38:30 | 535,678,975 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 12:37:53 | 000,060,796 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011/04/13 12:37:53 | 000,060,796 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011/04/13 12:37:53 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011/04/13 12:24:33 | 004,320,019 | R--- | M] () -- C:\Users\Daniel Riggs\Desktop\ComboFix.exe
[2011/04/13 12:22:16 | 001,263,721 | ---- | M] () -- C:\Users\Daniel Riggs\Desktop\tdsskiller.zip
[2011/04/13 12:22:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1752462722-1544348545-2360852887-1000UA.job
[2011/04/12 20:55:52 | 000,279,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/12 20:44:16 | 000,753,380 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/12 20:44:16 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/12 20:44:16 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/12 13:22:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1752462722-1544348545-2360852887-1000Core.job
[2011/04/10 20:53:05 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/04/07 17:39:39 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/04/07 17:39:39 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/07 17:23:53 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/04/07 16:33:55 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/05 22:42:43 | 000,001,433 | ---- | M] () -- C:\Users\Daniel Riggs\Desktop\Fraps.lnk
[2011/04/05 17:28:10 | 000,001,682 | ---- | M] () -- C:\Users\Daniel Riggs\Desktop\deadspace2.exe - Shortcut.lnk
[2011/04/04 19:48:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2011/04/04 19:48:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2011/04/02 19:33:39 | 000,001,282 | ---- | M] () -- C:\Users\Daniel Riggs\Desktop\Download - Shortcut.lnk
[2011/04/01 22:57:47 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Siege 2.lnk
[2011/04/01 21:33:42 | 000,001,403 | ---- | M] () -- C:\Users\Daniel Riggs\Desktop\AssassinsCreedBrotherhood.exe - Shortcut.lnk
[2011/03/27 14:39:16 | 000,001,359 | ---- | M] () -- C:\Users\Daniel Riggs\Desktop\invision.lnk
[2011/03/27 14:23:44 | 000,016,384 | ---- | M] (Sikandar's Lab) -- C:\Users\Daniel Riggs\AppData\Roaming\ctfmon.exe
[2011/03/27 13:17:43 | 000,002,324 | ---- | M] () -- C:\Users\Daniel Riggs\Desktop\Google Chrome.lnk
[2011/03/26 21:22:08 | 1026,349,539 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/26 03:35:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/03/26 03:35:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/03/26 03:35:00 | 000,007,771 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011/03/22 14:38:27 | 000,001,450 | ---- | M] () -- C:\Users\Daniel Riggs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/22 14:34:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/03/22 14:34:33 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/03/20 00:39:41 | 000,002,314 | ---- | M] () -- C:\Users\Daniel Riggs\Desktop\GridGameLauncherc.exe - Shortcut.lnk
[2011/03/20 00:15:05 | 000,007,657 | ---- | M] () -- C:\Users\Daniel Riggs\AppData\Local\Resmon.ResmonCfg
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/13 12:24:29 | 004,320,019 | R--- | C] () -- C:\Users\Daniel Riggs\Desktop\ComboFix.exe
[2011/04/13 12:22:12 | 001,263,721 | ---- | C] () -- C:\Users\Daniel Riggs\Desktop\tdsskiller.zip
[2011/04/11 11:24:36 | 000,007,771 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/04/10 20:53:05 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/04/05 22:42:43 | 000,001,433 | ---- | C] () -- C:\Users\Daniel Riggs\Desktop\Fraps.lnk
[2011/04/05 17:28:10 | 000,001,682 | ---- | C] () -- C:\Users\Daniel Riggs\Desktop\deadspace2.exe - Shortcut.lnk
[2011/04/04 19:48:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2011/04/04 19:48:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2011/04/02 19:33:39 | 000,001,282 | ---- | C] () -- C:\Users\Daniel Riggs\Desktop\Download - Shortcut.lnk
[2011/04/01 22:57:47 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Siege 2.lnk
[2011/04/01 21:33:42 | 000,001,403 | ---- | C] () -- C:\Users\Daniel Riggs\Desktop\AssassinsCreedBrotherhood.exe - Shortcut.lnk
[2011/03/27 14:39:16 | 000,001,359 | ---- | C] () -- C:\Users\Daniel Riggs\Desktop\invision.lnk
[2011/03/27 13:17:43 | 000,002,324 | ---- | C] () -- C:\Users\Daniel Riggs\Desktop\Google Chrome.lnk
[2011/03/27 13:17:02 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1752462722-1544348545-2360852887-1000UA.job
[2011/03/27 13:17:01 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1752462722-1544348545-2360852887-1000Core.job
[2011/03/22 14:34:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/03/22 14:34:33 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/03/20 00:39:41 | 000,002,314 | ---- | C] () -- C:\Users\Daniel Riggs\Desktop\GridGameLauncherc.exe - Shortcut.lnk
[2011/03/17 16:59:26 | 000,001,467 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/03/17 16:58:37 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/02/28 17:37:14 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2011/01/23 02:35:38 | 000,000,112 | ---- | C] () -- C:\ProgramData\khT45sk.dat
[2010/11/20 13:11:03 | 000,001,001 | ---- | C] () -- C:\ProgramData\.wtav
[2010/11/09 21:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/13 23:12:18 | 000,000,160 | ---- | C] () -- C:\ProgramData\nbinst.ini
[2010/10/02 19:28:26 | 000,082,432 | -H-- | C] () -- C:\Users\Daniel Riggs\AppData\Roaming\bw9CqKEXJMKi.exe
[2010/08/26 20:08:10 | 000,001,057 | ---- | C] () -- C:\Users\Daniel Riggs\AppData\Roaming\vso_ts_preview.xml
[2010/08/26 20:07:20 | 000,099,384 | ---- | C] () -- C:\Users\Daniel Riggs\AppData\Roaming\inst.exe
[2010/08/26 20:07:20 | 000,007,859 | ---- | C] () -- C:\Users\Daniel Riggs\AppData\Roaming\pcouffin.cat
[2010/08/26 20:07:20 | 000,001,167 | ---- | C] () -- C:\Users\Daniel Riggs\AppData\Roaming\pcouffin.inf
[2010/08/24 19:24:47 | 000,007,657 | ---- | C] () -- C:\Users\Daniel Riggs\AppData\Local\Resmon.ResmonCfg
[2010/08/19 19:08:55 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/19 19:08:39 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/08/06 20:56:30 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/20 21:26:44 | 000,115,928 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/07 13:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 12:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 12:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 12:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 12:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/06/22 01:14:05 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/06/21 17:17:55 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/06/14 00:00:40 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/04/30 20:11:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/25 23:41:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/25 02:34:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/24 00:43:24 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/04/22 18:36:31 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/22 17:02:12 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/22 15:56:58 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/04/01 16:46:24 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/04/01 16:46:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/04/01 16:11:14 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/11/12 12:22:44 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/09/29 16:16:26 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/07/14 03:14:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/07 09:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/06/07 09:16:12 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/05/26 14:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/01/28 13:50:44 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005/04/07 14:21:32 | 004,522,168 | -H-- | C] () -- C:\Users\Daniel Riggs\AppData\Roaming\Daniel Riggslog.dat

========== LOP Check ==========

[2010/04/22 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\acccore
[2010/11/20 02:53:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\AVG10
[2011/01/06 22:02:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\AVI ReComp
[2010/05/14 13:48:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\Beat Hazard
[2010/08/09 18:45:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\Bioshock2
[2010/04/22 15:45:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\DAEMON Tools Lite
[2011/03/31 16:45:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\DarksporeData
[2010/09/14 19:58:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\dream-mkv-converter
[2011/01/03 00:16:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\ESET
[2010/06/22 01:14:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\FreeAudioPack
[2010/06/22 14:29:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\FreeCDRipper
[2010/05/21 01:35:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\HandBrake
[2010/08/26 20:12:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\ImTOO Software Studio
[2006/01/19 19:11:06 | 000,000,000 | RHSD | M] -- C:\Users\Daniel Riggs\AppData\Roaming\install
[2010/04/22 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\Leadertech
[2010/11/19 23:36:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\Panda Security
[2011/04/01 21:26:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\PunkBuster
[2010/09/05 15:43:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\runic games
[2010/12/23 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\Spore
[2011/03/24 18:34:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\The Creative Assembly
[2010/04/30 19:51:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\TS3Client
[2011/03/06 02:30:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\uTorrent
[2010/09/14 20:45:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\Vso
[2011/04/05 23:41:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\Windows Live Writer
[2010/09/14 20:45:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\Xilisoft
[2010/09/22 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel Riggs\AppData\Roaming\Yamb
[2011/02/24 06:05:50 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Dan26TN, 13 April 2011 - 12:16 PM.

  • 0

#3
Dan26TN

Dan26TN

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Sorry I know it hasn't been 3 days but is anyone able to help? If bumping like this is a no no I apologize in advance.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP