Last night while surfing the web, I got an Avira security popup (looked legit), followed almost instantly by fake windows security popups, hard drive failure warnings, mouse low battery warning. I immediately went to run a Malwarebytes scan, and found that my startmenu programs list was empty. Opened Mycomputer>C:>Program files, to find it empty also. Checked folder options and found that settings had changed to "do not show hidden folders" and when I changed it back, all of my folders reappeared as if they are now "hidden" folder types.
Could not update malwarebytes. error "Program_Error_Updating" access denied.
Rebooted in safemode and ran malwarebytes with existing virus definitions (40 days old)
first scan found several items - removed
rebooted and scanned again
second scan found two items - removed
rebooted and scanned again
third scan clean
Rebooted into regular mode, Popups seem to be gone, but settings are still mucked up and still cannot update malwarbytes from regular user account or Admin user account.
Current OTL log
OTL logfile created on: 6/15/2011 7:50:32 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: | Country: | Language: | Date Format:
2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.32% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.66 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 293.26 Gb Free Space | 62.98% Space Free | Partition Type: FAT32
Computer Name: JOHNANDLILIES | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/15 19:50:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/12/17 06:22:56 | 000,136,584 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2010/12/17 06:22:50 | 000,390,528 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/12/17 06:22:40 | 000,374,152 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/07/28 18:22:10 | 000,014,808 | -H-- | M] (Mozilla Corporation) -- C:\program files\firefox\plugin-container.exe
PRC - [2010/07/28 18:22:08 | 000,910,296 | -H-- | M] (Mozilla Corporation) -- C:\program files\firefox\firefox.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | -H-- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/11/07 15:20:40 | 000,025,824 | -H-- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/04 19:25:44 | 000,131,072 | -H-- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/01/11 04:02:00 | 000,113,664 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
========== Modules (SafeList) ==========
MOD - [2011/06/15 19:50:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - [2010/12/17 06:22:56 | 000,136,584 | -H-- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/17 06:22:50 | 000,390,528 | -H-- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/17 06:22:40 | 000,374,152 | -H-- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/05/04 13:07:22 | 000,503,080 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/09/29 09:17:50 | 000,013,088 | -H-- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/21 14:34:33 | 000,185,089 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/20 13:28:10 | 000,121,360 | -H-- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/13 16:48:22 | 000,108,289 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/07 15:20:40 | 000,025,824 | -H-- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/07/24 15:22:50 | 000,102,400 | -H-- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/09/04 19:25:44 | 000,131,072 | -H-- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/01/11 04:02:00 | 000,113,664 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
========== Driver Services (SafeList) ==========
DRV - [2010/12/17 06:22:41 | 000,083,360 | -H-- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/25 16:01:20 | 000,041,936 | -H-- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/06/25 16:01:16 | 000,142,992 | -H-- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/06/25 16:01:16 | 000,100,496 | -H-- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/06/01 21:19:24 | 000,013,824 | -H-- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\splitcam.sys -- (SPLITCAM)
DRV - [2010/05/11 16:29:52 | 000,013,192 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/05/11 16:29:50 | 000,008,456 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/24 14:43:35 | 000,056,816 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi)
DRV - [2009/09/01 15:06:02 | 000,024,576 | -H-- | M] (NeoRouter Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\nrtap.sys -- (nrtap)
DRV - [2009/06/23 14:38:26 | 000,189,464 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hap17v2k.sys -- (hap17v2k)
DRV - [2009/06/23 14:38:16 | 000,162,840 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2009/06/23 14:38:06 | 000,798,744 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2009/06/23 14:37:54 | 000,092,696 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/23 14:37:32 | 000,157,208 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/23 14:37:22 | 000,014,360 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/23 14:37:10 | 000,127,512 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/23 14:36:36 | 000,347,080 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/23 14:36:24 | 000,528,408 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/23 14:36:14 | 000,511,000 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/23 14:35:04 | 000,100,888 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2009/06/23 14:35:04 | 000,100,888 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX)
DRV - [2009/06/23 14:34:52 | 000,566,296 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2009/06/23 14:34:52 | 000,566,296 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX)
DRV - [2009/06/23 14:34:40 | 000,555,032 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2009/06/23 14:34:40 | 000,555,032 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX)
DRV - [2009/06/23 14:34:30 | 000,099,352 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2009/06/23 14:34:30 | 000,099,352 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX)
DRV - [2009/06/17 12:56:16 | 000,037,392 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:18 | 000,020,240 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/10 17:49:32 | 000,024,576 | -H-- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/11 10:12:24 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/05 10:59:02 | 000,022,168 | -H-- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2009/05/05 10:58:30 | 000,013,976 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2009/03/30 10:33:07 | 000,096,104 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/15 18:29:12 | 000,030,656 | -H-- | M] (Eutron) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\eusk2par.sys -- (eusk2par)
DRV - [2008/08/11 12:41:00 | 000,047,640 | -H-- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - [2008/06/16 09:02:34 | 000,017,024 | -H-- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2008/04/13 14:46:22 | 000,015,232 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MPE.sys -- (MPE)
DRV - [2008/04/13 14:45:30 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/09/04 19:26:32 | 000,029,696 | -H-- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/08/16 10:09:38 | 000,003,604 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\BIOS\BIOS Flash\BS_Flash.sys -- (BS_Flash)
DRV - [2007/06/22 19:14:40 | 004,432,384 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/12 11:16:06 | 000,022,528 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/09/24 09:28:46 | 000,005,248 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/12/21 10:14:52 | 000,100,957 | -H-- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,005,245 | -H-- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,004,493 | -H-- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/03/16 02:23:54 | 000,013,696 | RH-- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/02/23 14:58:56 | 000,011,776 | -H-- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc)
DRV - [2003/06/26 23:05:38 | 000,472,332 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LVCM.sys -- (QCMerced)
DRV - [2003/05/01 16:23:02 | 000,016,128 | RH-- | M] (Cypress Semiconductor / NAVMAN NZ Limited) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\NvMnUSB.SYS -- (NavManUSB)
DRV - [2002/09/26 06:41:00 | 000,076,288 | -H-- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/08/17 13:19:34 | 000,040,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1996/04/03 15:33:26 | 000,005,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Firefox\components [2010/09/08 00:27:05 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010/09/05 15:42:53 | 000,000,000 | -H-D | M]
[2011/06/15 19:44:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VGPVVYAM.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
[2008/06/22 08:38:55 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRAM FILES\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/09/14 11:51:53 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRAM FILES\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/01/03 00:25:02 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRAM FILES\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/15 20:31:08 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRAM FILES\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/01/03 00:24:44 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O1 HOSTS File: ([2011/03/09 18:18:19 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (SplitCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://supportcente...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1213975415703 (WUWebControl Class)
O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} http://www.quest3d.c...t3dactivex2.cab (Quest3DCtlr2 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008/06/20 10:13:21 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/17 17:34:12 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/12/17 17:34:12 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/15 19:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/06/15 19:26:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/06/23 12:49:14 | 000,010,752 | -H-- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/06/23 12:20:00 | 000,010,240 | -H-- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
========== Files - Modified Within 30 Days ==========
[2011/06/15 19:48:03 | 000,000,902 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/15 19:39:13 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/15 19:39:13 | 000,000,898 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 19:23:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 15:55:02 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2011/06/15 01:59:07 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19128100r
[2011/06/15 01:59:07 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19128100
[2011/06/15 01:59:03 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19128100
[2011/06/09 10:12:35 | 000,162,159 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/08 14:33:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/06/08 14:21:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/05/23 12:13:25 | 000,000,040 | -H-- | M] () -- C:\WINDOWS\nero.INI
========== Files Created - No Company Name ==========
[2011/06/15 15:55:02 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2011/06/15 01:59:07 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19128100r
[2011/06/15 01:59:07 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19128100
[2011/06/15 01:59:03 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19128100
[2011/05/21 14:33:07 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/05/21 14:21:36 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2011/03/08 03:09:28 | 001,228,854 | -H-- | C] () -- \fsqwr.bmp
[2010/11/18 03:07:15 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/13 17:20:27 | 000,044,544 | -H-- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2010/10/13 17:20:25 | 000,484,352 | -H-- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/07/28 21:12:14 | 001,503,232 | -H-- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/07/28 21:12:14 | 001,103,360 | -H-- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/07/28 21:12:12 | 004,369,408 | -H-- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/07/28 21:12:12 | 000,235,008 | -H-- | C] () -- C:\WINDOWS\System32\office.exe
[2010/07/18 17:33:16 | 000,014,848 | -H-- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/07/18 17:33:15 | 001,774,720 | -H-- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/07/18 17:33:15 | 000,086,408 | -H-- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/07/18 17:33:15 | 000,013,192 | -H-- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/07/18 17:33:15 | 000,008,456 | -H-- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/02/23 15:11:55 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/02/22 02:46:15 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/12/19 18:21:03 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/11/12 23:08:52 | 000,000,219 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/27 22:58:17 | 000,001,024 | -H-- | C] () -- \.rnd
[2009/09/26 22:09:55 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2009/08/03 18:41:16 | 000,000,211 | -H-- | C] () -- \Boot.bak
[2009/08/03 18:41:10 | 000,260,272 | -H-- | C] () -- \cmldr
[2009/08/03 14:56:45 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/21 00:47:24 | 000,003,604 | -H-- | C] () -- C:\WINDOWS\System32\drivers\BS_Flash.sys
[2009/06/23 13:29:50 | 000,049,719 | -H-- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 13:29:48 | 000,000,054 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 12:51:00 | 000,043,520 | -H-- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/06/23 12:48:16 | 000,037,888 | -H-- | C] () -- C:\WINDOWS\System32\psconv.exe
[2009/06/23 12:28:48 | 000,386,852 | -H-- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2009/06/23 12:28:48 | 000,051,787 | -H-- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2009/06/23 12:23:20 | 000,013,312 | -H-- | C] () -- C:\WINDOWS\System32\regplib.exe
[2009/06/23 12:22:36 | 000,149,838 | -H-- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2009/06/23 12:20:44 | 000,274,587 | -H-- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2009/06/23 12:20:34 | 000,241,084 | -H-- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2009/06/23 12:20:34 | 000,115,166 | -H-- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2009/06/23 12:20:08 | 000,313,207 | -H-- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2009/06/23 12:20:08 | 000,053,932 | -H-- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2009/06/23 12:20:06 | 000,005,120 | -H-- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/04/16 21:44:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/19 22:43:38 | 000,000,040 | -H-- | C] () -- C:\WINDOWS\nero.INI
[2008/08/16 09:25:34 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\avisynth.dll
[2008/08/06 20:53:01 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2008/07/23 12:50:52 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 12:46:38 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/22 06:30:52 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/06/22 06:26:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2008/06/22 06:17:29 | 000,000,000 | -H-- | C] () -- C:\Program Files\temp01
[2008/06/22 05:27:23 | 000,001,185 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/22 05:21:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/22 04:52:41 | 000,073,220 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/06/22 04:52:41 | 000,031,053 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/06/22 04:52:41 | 000,029,114 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/06/22 04:52:41 | 000,027,417 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/06/22 04:52:41 | 000,021,021 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/06/22 04:52:41 | 000,015,670 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/06/22 04:52:41 | 000,013,280 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/06/22 04:52:41 | 000,010,673 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/06/22 04:52:41 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/06/22 04:52:41 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/06/22 04:52:41 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/06/22 04:52:41 | 000,001,137 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/06/22 04:52:41 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/06/22 04:52:41 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/06/22 04:52:41 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/06/22 04:52:41 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/06/22 04:52:01 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\EPSPR280.ini
[2008/06/22 04:34:07 | 000,014,938 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/20 11:57:48 | 000,056,880 | -H-- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2008/06/20 10:37:11 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/06/20 10:15:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/20 10:13:21 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/06/20 10:13:21 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/06/20 10:13:21 | 000,000,000 | -H-- | C] () -- \CONFIG.SYS
[2008/06/20 10:13:21 | 000,000,000 | -H-- | C] () -- \AUTOEXEC.BAT
[2008/06/20 10:10:05 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/20 07:48:34 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/20 07:47:22 | 000,169,896 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/20 07:45:35 | 000,000,281 | RHS- | C] () -- \boot.ini
[2008/06/20 07:40:22 | 2145,386,496 | -HS- | C] () --
[2007/11/06 21:30:00 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/06 21:30:00 | 001,630,208 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/06 21:30:00 | 001,486,848 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/06 21:30:00 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/06 21:30:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/06 21:30:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/06 21:30:00 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/06 21:30:00 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/11/06 21:30:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 21:45:02 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/04/12 08:10:28 | 000,105,728 | -H-- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/03/12 12:01:30 | 000,217,088 | -H-- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/10/02 18:25:18 | 000,000,307 | -H-- | C] () -- C:\WINDOWS\System32\kill.ini
[2004/08/04 08:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,441,552 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,250,048 | RHS- | C] () -- \ntldr
[2004/08/04 08:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,071,488 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
[2004/08/04 08:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/27 13:39:06 | 000,065,024 | -H-- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | -H-- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996/04/03 15:33:26 | 000,005,248 | -H-- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2011/06/08 14:21:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2011/06/08 14:33:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
< End of report >