Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

sw malware removal needed computer runs as if scanning

Started by steviewonderdad , Aug 08 2011 12:36 AM

  • Please log in to reply

#1
steviewonderdad
Posted 08 August 2011 - 12:36 AM

steviewonderdad

    New Member

  • Member
  • Pip
  • 0 posts
Hello,
I'm sitting at the computer looking at a map and the poor machine starts to do tons of work, as if it's working for someone else. So I figure I'll fix those dudes and log off. Oh no the machine won't shut down as it indicates that a program initialed sw is running. I try to close out the program and no way is that going to happen, so then I know I've got problems. So I go to you guys and ....
OTL logfile created on: 07/08/2011 10:50:32 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Steve\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 56.06% Memory free
8.21 Gb Paging File | 5.70 Gb Available in Paging File | 69.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.86 Gb Total Space | 417.78 Gb Free Space | 71.55% Space Free | Partition Type: NTFS
Drive D: | 12.31 Gb Total Space | 1.67 Gb Free Space | 13.58% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 22:50:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
PRC - [2011/06/23 09:42:00 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/06/22 13:34:50 | 002,408,448 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/03/01 16:00:26 | 001,813,808 | ---- | M] (ParetoLogic) -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
PRC - [2010/10/29 13:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/11 03:51:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/11 03:51:48 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 22:50:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/10 23:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msi.dll
MOD - [2008/01/20 19:49:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\sfc_os.dll
MOD - [2006/11/02 02:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\sfc.dll
MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/11 03:51:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/06/10 19:51:32 | 000,395,800 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/02/14 07:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()



O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - HKCU..\Run: [WROReminder] C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe (WinZip Computing, S.L. (WinZip Computing))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {03A89EFD-E023-B000-A22D-45F77558EB4C} https://content10.il...AXCltInst11.dll (ILINCInstall110 Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Crater.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Crater.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b1f4a8a6-23e9-11e0-b86a-00235402d624}\Shell - "" = AutoRun
O33 - MountPoints2\{b1f4a8a6-23e9-11e0-b86a-00235402d624}\Shell\AutoRun\command - "" = K:\DigitalPhotoKeychain.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 21:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SSScanAppDataDir
[2011/08/06 21:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2011/08/06 21:08:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\ElevatedDiagnostics
[2011/08/05 16:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/05 16:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/08/04 11:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/04 11:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/04 11:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/04 11:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/04 11:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/04 11:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/04 11:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/04 11:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/07/21 13:01:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Brodie History
[2011/07/17 12:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2011/07/17 12:21:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\FinalMediaPlayer
[2011/07/17 12:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalMediaPlayer
[2011/07/17 12:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalMediaPlayer
[2011/07/17 12:20:36 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2011/07/17 12:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2011/07/17 12:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\W3i
[2011/07/17 12:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater
[2011/07/16 16:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/07/16 16:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/07/16 16:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2011/07/16 16:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2011/07/16 16:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2011/07/16 09:55:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SmartDraw
[2011/07/16 09:55:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw VP
[2011/07/16 09:53:08 | 000,000,000 | ---D | C] -- C:\SmartDraw VP
[2011/07/12 20:43:44 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/12 20:37:02 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/12 20:37:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/07/12 11:34:00 | 000,212,840 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/07/12 11:34:00 | 000,096,104 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:34:00 | 000,061,288 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 22:38:16 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2011/08/07 22:35:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 22:35:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 22:35:09 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/07 22:35:09 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2011/08/07 22:35:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/07 22:17:34 | 000,000,183 | ---- | M] () -- C:\Users\Steve\Desktop\Go to Google Maps Home.url
[2011/08/07 22:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 17:59:59 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/08/07 12:08:39 | 000,023,040 | ---- | M] () -- C:\Users\Steve\Documents\Untitled DocumentNew Resume Stephen.wps
[2011/08/07 12:08:39 | 000,000,528 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\wklnhst.dat
[2011/08/07 08:14:21 | 000,416,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/06 21:58:15 | 000,002,154 | ---- | M] () -- C:\Users\Steve\Desktop\Microsoft Office Document Scanning.lnk
[2011/08/06 21:38:37 | 000,002,593 | ---- | M] () -- C:\Users\Steve\Desktop\Microsoft Word 2003.lnk
[2011/08/06 20:26:30 | 000,002,529 | ---- | M] () -- C:\Users\Steve\Desktop\New Office Document.lnk
[2011/08/05 19:39:49 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/05 19:39:49 | 000,610,860 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/05 19:39:49 | 000,109,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/05 14:21:25 | 000,000,125 | ---- | M] () -- C:\Users\Steve\Desktop\Robin Hood.url
[2011/08/05 14:15:58 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/04 12:02:32 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/08/04 12:02:32 | 000,001,866 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/08/04 11:59:26 | 000,001,656 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/04 11:51:01 | 000,001,718 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/21 13:50:37 | 000,008,192 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/20 12:03:21 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_UPDATES.job
[2011/07/18 10:16:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/07/17 12:21:10 | 000,000,928 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2011/07/17 12:21:10 | 000,000,904 | ---- | M] () -- C:\Users\Steve\Desktop\FinalMediaPlayer.lnk
[2011/07/17 11:34:07 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/07/17 11:34:07 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job
[2011/07/16 18:44:08 | 000,338,280 | ---- | M] () -- C:\Users\Steve\Documents\Famil Tree Big.sdr
[2011/07/16 16:24:30 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ParetoLogic FileCure.lnk
[2011/07/16 09:55:22 | 000,000,561 | ---- | M] () -- C:\Users\Steve\Desktop\SmartDraw VP.lnk
[2011/07/12 11:34:00 | 000,212,840 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/07/12 11:34:00 | 000,096,104 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:34:00 | 000,061,288 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/07 10:26:03 | 000,023,040 | ---- | C] () -- C:\Users\Steve\Documents\Untitled DocumentNew Resume Stephen.wps
[2011/08/06 21:58:15 | 000,002,154 | ---- | C] () -- C:\Users\Steve\Desktop\Microsoft Office Document Scanning.lnk
[2011/08/05 14:21:25 | 000,000,125 | ---- | C] () -- C:\Users\Steve\Desktop\Robin Hood.url
[2011/08/05 13:57:14 | 000,000,183 | ---- | C] () -- C:\Users\Steve\Desktop\Go to Google Maps Home.url
[2011/08/04 11:59:26 | 000,001,656 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/04 11:51:01 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/18 10:16:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/07/17 12:21:13 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2011/07/17 12:21:10 | 000,000,928 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2011/07/17 12:21:10 | 000,000,904 | ---- | C] () -- C:\Users\Steve\Desktop\FinalMediaPlayer.lnk
[2011/07/16 16:23:41 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/07/16 16:23:37 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ParetoLogic FileCure.lnk
[2011/07/16 16:23:37 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\FileCure Startup.job
[2011/07/16 16:23:37 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\FileCure Default.job
[2011/07/16 16:23:36 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/07/16 12:11:24 | 000,338,280 | ---- | C] () -- C:\Users\Steve\Documents\Famil Tree Big.sdr
[2011/07/16 09:55:22 | 000,000,561 | ---- | C] () -- C:\Users\Steve\Desktop\SmartDraw VP.lnk
[2011/02/26 14:56:21 | 000,000,680 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2011/01/03 12:34:24 | 000,008,192 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/03 01:19:16 | 000,000,528 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\wklnhst.dat
[2010/12/29 12:06:27 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/12/29 12:05:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/12/29 12:05:32 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/12/29 11:24:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/29 10:50:50 | 001,514,466 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/28 17:48:36 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/20 18:45:23 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/20 18:24:51 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/20 18:24:51 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 847 bytes -> C:\Users\Steve\Documents\Greg's Harley.eml:OECustomProperty

< End of report >

and I hope this is the information that is needed to help me out because I'm a bit of a dumbass as far as these things go.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP