Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot boot, in safe mode

Started by Faust666 , May 02 2011 10:50 PM

  • Please log in to reply

#1
Faust666
Posted 02 May 2011 - 10:50 PM

Faust666

    New Member

  • Member
  • Pip
  • 2 posts
my sound driver stopped before computer un useable seen something about a trojan livein in the system memory a few times on scans but ti never came out.
  • 0

Advertisements

#2
Faust666
Posted 02 May 2011 - 11:00 PM

Faust666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OTL logfile created on: 5/2/2011 9:55:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Windows\system32\config\systemprofile\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 704.77 Gb Free Space | 75.67% Space Free | Partition Type: NTFS
Drive X: | 3725.91 Gb Total Space | 1854.24 Gb Free Space | 49.77% Space Free | Partition Type: NTFS

Computer Name: FAUST-PC | User Name: Faust | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 21:55:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Downloads\OTL.exe
PRC - [2011/05/02 21:17:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/20 14:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 21:55:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Downloads\OTL.exe
MOD - [2010/11/20 14:29:06 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/29 07:59:20 | 000,068,104 | -HS- | M] () [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume7\Windows\Temp\srv1030.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume7\Windows\Temp\srv1030.tmp] -- (srv1030)
SRV - [2011/03/08 16:58:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/26 15:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/12/15 13:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/28 10:43:48 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Silicon Image\Silicon Image HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2005/10/05 17:19:00 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Silicon Image\3132-W-R\SATARaid5ConfigService.exe -- (SATARaid5 Config Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/20 00:07:35 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011/03/30 17:17:06 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/26 16:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 15:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/18 04:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 14:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 14:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 14:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/17 05:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2009/07/13 15:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008/10/09 12:40:34 | 000,217,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3132r5.sys -- (Si3132r5)
DRV - [2008/10/09 12:40:34 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/10/09 12:40:34 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008/05/24 21:09:10 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/27 10:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 21:53:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 21:17:02 | 000,000,000 | ---D | M]

[2011/05/02 21:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Extensions
[2011/05/02 21:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\5rsl4zaz.default\extensions
[2011/03/23 10:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/27 10:02:27 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4

O1 HOSTS File: ([2011/04/15 15:40:21 | 000,431,550 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14880 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.154.133.68
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (molqrhgv.dll) - File not found
O29 - HKLM SecurityProviders - (mnmbatcf.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\xna.exe" -a "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\xna.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 21:53:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla
[2011/05/02 21:53:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Mozilla
[2011/05/01 19:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Total War Shogun 2
[2011/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\AVG10
[2011/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\ATI
[2011/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\ATI
[2011/04/22 13:32:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/04/22 13:32:04 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Videos
[2011/04/22 13:32:04 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/22 13:32:04 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Pictures
[2011/04/22 13:32:04 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Music
[2011/04/22 13:32:04 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Downloads
[2011/04/22 13:32:04 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/04/22 13:27:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Identities
[2011/04/22 04:08:54 | 000,000,000 | -H-D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/04/20 00:15:38 | 001,024,000 | -H-- | C] (Defender Software) -- C:\Windows\System32\config\systemprofile\AppData\Roaming\defender.exe
[2011/04/20 00:07:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2011/04/20 00:07:35 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2011/04/20 00:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2011/04/12 06:04:59 | 000,000,000 | -H-D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore
[2011/04/08 15:12:42 | 000,000,000 | -H-D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp
[2011/04/08 15:12:42 | 000,000,000 | -H-D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Adobe
[2011/04/06 04:44:26 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/04/06 04:27:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/06 04:09:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/06 04:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/06 04:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/06 04:08:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/04/06 04:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/06 04:05:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/06 04:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/06 04:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/06 03:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/05 23:42:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/05 21:14:07 | 000,000,000 | -H-D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
[2011/04/03 09:03:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/03 09:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/02 21:53:51 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/02 21:44:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 21:44:17 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 21:31:21 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/02 21:27:49 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\YKDYVTNM.job
[2011/05/02 20:35:31 | 227,865,094 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/02 18:07:11 | 114,002,696 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/02 15:33:07 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 15:33:07 | 000,026,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 21:00:00 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\SunMicro Java Update.job
[2011/05/01 18:12:59 | 000,668,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 18:12:59 | 000,124,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/28 16:42:38 | 000,001,264 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/28 16:42:38 | 000,001,264 | -HS- | M] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/27 10:02:28 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/26 17:19:43 | 000,115,231 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/04/22 04:08:57 | 000,000,160 | ---- | M] () -- C:\ProgramData\~22273800
[2011/04/22 04:08:56 | 000,000,128 | ---- | M] () -- C:\ProgramData\~22273800r
[2011/04/22 04:08:52 | 000,000,336 | ---- | M] () -- C:\ProgramData\22273800
[2011/04/22 02:06:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/22 02:06:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/21 22:01:30 | 000,001,246 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\6pb087442k5ycs4ep8i2mb5i618
[2011/04/21 22:01:30 | 000,001,246 | -HS- | M] () -- C:\ProgramData\6pb087442k5ycs4ep8i2mb5i618
[2011/04/20 00:15:38 | 001,024,000 | -H-- | M] (Defender Software) -- C:\Windows\system32\config\systemprofile\AppData\Roaming\defender.exe
[2011/04/20 00:07:37 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011/04/20 00:07:35 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2011/04/15 15:59:58 | 000,000,020 | ---- | M] () -- C:\Windows\System32\MSADP32O.DLL
[2011/04/15 15:40:21 | 000,431,550 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/12 06:04:59 | 000,000,641 | -H-- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Windows Restore.lnk
[2011/04/07 21:25:44 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/06 04:10:15 | 000,431,550 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110406-193456.backup
[2011/04/03 09:03:38 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/02 21:53:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/02 18:07:11 | 114,002,696 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/28 16:42:38 | 000,001,264 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/28 16:42:38 | 000,001,264 | -HS- | C] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/26 17:19:43 | 000,115,231 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/04/22 13:32:05 | 000,001,425 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/04/22 04:08:56 | 000,000,160 | ---- | C] () -- C:\ProgramData\~22273800
[2011/04/22 04:08:56 | 000,000,128 | ---- | C] () -- C:\ProgramData\~22273800r
[2011/04/22 04:08:52 | 000,000,336 | ---- | C] () -- C:\ProgramData\22273800
[2011/04/22 02:06:58 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/04/22 02:06:58 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/04/21 22:01:23 | 000,001,246 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\6pb087442k5ycs4ep8i2mb5i618
[2011/04/21 22:01:23 | 000,001,246 | -HS- | C] () -- C:\ProgramData\6pb087442k5ycs4ep8i2mb5i618
[2011/04/20 00:07:37 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011/04/15 15:59:58 | 000,000,020 | ---- | C] () -- C:\Windows\System32\MSADP32O.DLL
[2011/04/12 06:04:59 | 000,000,641 | -H-- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Windows Restore.lnk
[2011/04/07 21:25:44 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/06 04:12:29 | 227,865,094 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/06 04:08:49 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/04/05 21:01:06 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/05 21:00:55 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\YKDYVTNM.job
[2011/04/04 18:04:55 | 000,000,248 | ---- | C] () -- C:\Windows\tasks\SunMicro Java Update.job
[2011/04/03 09:03:38 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/03/23 10:12:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/23 10:01:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/03/23 10:01:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/23 10:01:12 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/23 10:01:12 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/23 10:01:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/23 09:58:00 | 000,921,665 | ---- | C] () -- C:\Windows\System32\msvcrt-ruby18.dll
[2011/03/23 09:58:00 | 000,271,264 | ---- | C] () -- C:\Windows\System32\vbrun100.dll
[2011/03/23 09:58:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\msvcrt10.dll
[2011/03/23 09:58:00 | 000,027,136 | ---- | C] () -- C:\Windows\System32\pythonw.exe
[2011/03/23 09:58:00 | 000,026,624 | ---- | C] () -- C:\Windows\System32\python.exe
[2011/03/23 09:58:00 | 000,020,537 | ---- | C] () -- C:\Windows\System32\rubyw.exe
[2011/03/23 09:58:00 | 000,020,536 | ---- | C] () -- C:\Windows\System32\ruby.exe
[2010/12/20 19:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/17 09:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/11/20 14:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 14:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,668,348 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,124,534 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP