[jdparham]

This is my friends computer, the things in the title are just a few of the problems I've noticed so far. I haven't gotten to spend a whole lot of time on it to find all the symptoms, but it definitely does have a virus. It was running microsoft security essentials, but now it won't update because it says windows failed to pass genuine validation. I know this copy of windows is valid, as the computer was the old one I built and I paid for it myself. Anyways, heres the otl log.

OTL logfile created on: 1/13/2012 1:33:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 77.87% Memory free
4.69 Gb Paging File | 4.23 Gb Available in Paging File | 90.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 1397.25 Gb Total Space | 1084.71 Gb Free Space | 77.63% Space Free | Partition Type: NTFS
Drive F: | 57.26 Gb Total Space | 14.58 Gb Free Space | 25.47% Space Free | Partition Type: NTFS

Computer Name: DREW | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/13 13:24:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/01/09 13:59:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/17 20:40:04 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/22 06:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 06:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/25 00:26:02 | 000,884,736 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/08 12:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009/09/16 22:14:47 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/03/11 12:59:18 | 000,035,328 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 13:59:22 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/16 14:35:26 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/07/25 00:26:02 | 000,884,736 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2010/07/12 22:06:08 | 000,729,088 | ---- | M] () -- C:\Program Files\TVersity\Media Server\X11.dll
MOD - [2010/07/12 22:06:06 | 000,505,835 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2010/07/12 22:06:06 | 000,344,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2010/07/12 22:06:04 | 000,712,704 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2010/07/12 22:06:04 | 000,327,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libcurl.dll
MOD - [2010/07/12 22:06:04 | 000,163,840 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2010/07/11 20:47:18 | 004,530,190 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-52.dll
MOD - [2010/07/11 20:47:18 | 000,791,566 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-52.dll
MOD - [2010/07/11 20:47:18 | 000,309,755 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MOD - [2010/07/11 20:47:18 | 000,199,182 | ---- | M] () -- C:\Program Files\TVersity\Media Server\swscale-0.dll
MOD - [2010/07/11 20:47:18 | 000,079,886 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-50.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2006/09/15 23:03:02 | 000,007,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_gray_.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update Service (gupdatem)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/22 06:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/25 00:26:02 | 000,884,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/08 12:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/03/11 12:59:18 | 000,035,328 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)


========== Driver Services (SafeList) ==========

DRV - [2010/12/30 23:08:14 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/01/19 19:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/01 12:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 12:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 18:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/05/21 16:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/04/25 04:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/06/04 19:25:14 | 000,016,048 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2005/03/10 01:18:44 | 000,020,480 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://search.condui...d=CT1098640&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/09/18 20:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/24 14:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/24 14:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/17 20:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 13:59:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 17:11:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/09/18 20:12:51 | 000,000,000 | ---D | M]

[2010/12/26 18:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/12/26 18:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\[email protected]
[2012/01/12 20:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xn7ecbt9.default\extensions
[2010/09/04 19:05:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xn7ecbt9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 18:20:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xn7ecbt9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/09 14:04:44 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xn7ecbt9.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/01/09 14:04:43 | 000,000,000 | ---D | M] (free-downloads.net Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xn7ecbt9.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2011/05/05 21:54:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xn7ecbt9.default\extensions\[email protected]
[2010/01/20 13:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xn7ecbt9.default\searchplugins\conduit.xml
[2011/04/29 22:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/09 13:59:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/30 13:26:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 13:38:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RebateRobot BHO) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.weath...91&n=2011012321 File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1283549285421 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08A85A71-9CD8-42C7-A9CE-436CABD667B4}: DhcpNameServer = 74.128.17.114 74.128.19.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/03 13:07:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/13 13:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/01/13 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/01/13 13:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/13 13:24:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/13 12:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp64F1931E-0DE8-324C-DCD8-2F28E5075D45-Signatures
[2012/01/13 12:05:07 | 000,000,000 | ---D | C] -- C:\eeecd8585e59c912cf32d889ddc928
[2012/01/13 11:51:26 | 000,000,000 | ---D | C] -- C:\011dc0c88b90f3da8fb4
[2012/01/13 11:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp37001996-7E34-383F-F185-BA05327CDD56-Signatures
[2012/01/13 11:32:20 | 000,000,000 | ---D | C] -- C:\ee119fa1e9ec840281f863365cdc29
[2012/01/13 10:34:17 | 000,000,000 | ---D | C] -- C:\69442491d98a28b2af4e
[2012/01/13 09:07:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp6993FEFC-A539-E099-6F19-8E91082FF550-Signatures
[2012/01/13 09:07:35 | 000,000,000 | ---D | C] -- C:\c284e28f2d9af98ae443a6
[2012/01/13 08:52:31 | 000,000,000 | ---D | C] -- C:\8d4391dcf1624c7109ffb0a013a1
[2012/01/13 08:30:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempFC1E36CD-DAAE-B4AD-E0A6-64BF043515F0-Signatures
[2012/01/13 08:30:02 | 000,000,000 | ---D | C] -- C:\3252c746f17eeae24f0c51
[2012/01/13 08:08:47 | 000,000,000 | ---D | C] -- C:\dd09857cb15d99de85bc1e2de07b
[2012/01/12 23:25:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp13A9A844-BB80-AD45-87A2-4A0551154284-Signatures
[2012/01/12 23:25:48 | 000,000,000 | ---D | C] -- C:\9df78b65a7bc9a1df87897adf817
[2012/01/11 13:38:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp6FBAA4D0-0CB9-B0F2-4081-27B9C6BAB033-Signatures
[2012/01/11 13:38:39 | 000,000,000 | ---D | C] -- C:\334c4e8ed5e678540fb87a95
[2012/01/09 14:01:27 | 000,000,000 | ---D | C] -- C:\088c87b0e5b022b8e1
[2012/01/08 16:04:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempD0357E03-AD1A-3582-09AB-31ED2D8E8AEF-Signatures
[2012/01/08 16:04:17 | 000,000,000 | ---D | C] -- C:\13140644b6f9bd1d7d9b92e1
[2012/01/08 11:23:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp1453453D-F779-D206-0DFA-959E09D0D940-Signatures
[2012/01/08 11:23:03 | 000,000,000 | ---D | C] -- C:\52f23f559292748c91e2a0
[2012/01/07 20:54:00 | 000,000,000 | ---D | C] -- C:\d17a56ccffb0f64f23f2
[2012/01/06 03:02:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp78FEB4A1-ACE7-8493-38D2-BB88D207E6F6-Signatures
[2012/01/06 03:02:25 | 000,000,000 | ---D | C] -- C:\bef73cab4b127680db1f01ef6e1cb4
[2012/01/04 14:47:12 | 000,000,000 | ---D | C] -- C:\a7f422281d687ee5a7ecfe4005c67cb0
[2012/01/04 13:12:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp10A2D615-9816-E5DB-8A35-A374E238FD8F-Signatures
[2012/01/04 13:12:06 | 000,000,000 | ---D | C] -- C:\3f7c8686fdd95f06ad664e3eac8dcbb1
[2012/01/04 08:28:46 | 000,000,000 | ---D | C] -- C:\11e371bd51d62bac4695
[2012/01/04 03:02:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp90E79835-81B9-858E-4862-87FE0957A14B-Signatures
[2012/01/04 03:02:20 | 000,000,000 | ---D | C] -- C:\876c28b1b12770f946d106c3a22e4a7d
[2012/01/02 16:18:50 | 000,000,000 | ---D | C] -- C:\de36b43d8464cf7dcbac156c1d24e7
[2012/01/02 12:47:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp6359C1E6-7D8D-60C7-F933-F3D932DC60D9-Signatures
[2012/01/02 12:47:19 | 000,000,000 | ---D | C] -- C:\911ebbd5e0bc38d4662d
[2012/01/02 11:33:44 | 000,000,000 | ---D | C] -- C:\8ea8c615a997f28f8fee27cb2e65a1
[2011/12/31 13:04:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempED33B319-3569-8DB0-F9AB-2A4F8201FEFB-Signatures
[2011/12/31 13:04:38 | 000,000,000 | ---D | C] -- C:\da2a6068b1150158b353c9
[2011/12/29 12:59:29 | 000,000,000 | ---D | C] -- C:\877527dd29d75d298e0632da4eccc8ab
[2011/12/27 15:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempB129272F-C2F4-88E3-96A4-A116F9CAC26D-Signatures
[2011/12/27 15:24:11 | 000,000,000 | ---D | C] -- C:\0b2a4553f189928a51298ec2
[2011/12/27 11:12:17 | 000,000,000 | ---D | C] -- C:\6c53a9233d7ef41262327934c1
[2011/12/26 02:25:13 | 000,000,000 | ---D | C] -- F:\pics
[2011/12/26 02:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\pics
[2011/12/25 22:04:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempD4039CD1-BB6E-CB73-38D2-5B2CD9AE1E68-Signatures
[2011/12/25 22:04:50 | 000,000,000 | ---D | C] -- C:\0217f67e32b668599e8966
[2011/12/23 10:21:13 | 000,000,000 | ---D | C] -- C:\b0aa91ac2d6c3fe4d6
[2011/12/21 12:11:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp8F808EE5-FA63-F839-23A3-BF2CDEE8F726-Signatures
[2011/12/21 12:11:36 | 000,000,000 | ---D | C] -- C:\9efaa25d778d20547ccbaa656aabc8
[2011/12/19 13:52:14 | 000,000,000 | ---D | C] -- C:\53b29c99287e99ba9ef6c853
[2011/12/18 23:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp70EB09FE-C75C-78ED-4699-59AD7DC78187-Signatures
[2011/12/18 23:12:47 | 000,000,000 | ---D | C] -- C:\a36af7f762c7d8cd4fb27756
[2011/12/17 09:48:17 | 000,000,000 | ---D | C] -- C:\d6520f01b90af6c2dcb15cebbfc3e9
[2011/12/17 08:50:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp4D8D94E2-8E44-3E10-F85D-578186BA5F31-Signatures
[2011/12/17 08:50:08 | 000,000,000 | ---D | C] -- C:\c67b6b508f4da57664a34eab027b5e
[2011/12/14 13:46:33 | 000,000,000 | ---D | C] -- C:\2cdff4cc20fe797b560b418142
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/13 13:25:09 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/13 13:25:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/13 13:25:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/01/13 13:25:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/13 13:24:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/13 13:22:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1935655697-725345543-1004.job
[2012/01/13 13:22:34 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/13 13:22:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/13 13:22:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/13 12:47:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/13 12:04:58 | 000,467,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 12:04:58 | 000,082,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/13 11:30:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/12 20:55:11 | 000,154,624 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/12 20:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1935655697-725345543-1004.job
[2012/01/12 16:44:33 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\User\Application Data\mcs.rma
[2012/01/12 16:44:33 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\User\Application Data\610B5D
[2012/01/11 13:36:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/09 20:26:19 | 000,024,079 | ---- | M] () -- F:\63491_720067322562_41108845_39970463_532237_n.jpg
[2012/01/09 20:26:15 | 000,038,270 | ---- | M] () -- F:\68725_735303998142_41108845_40343793_6534153_n.jpg
[2012/01/09 20:26:09 | 000,031,885 | ---- | M] () -- F:\30682_688902127862_41108845_38924176_2509085_n.jpg
[2012/01/09 16:53:45 | 000,041,348 | ---- | M] () -- F:\6409_1085262941602_1527242313_30191100_5937906_n.jpg
[2012/01/09 16:53:34 | 000,043,575 | ---- | M] () -- F:\6409_1085261061555_1527242313_30191087_2376611_n.jpg
[2012/01/02 00:23:16 | 000,007,366 | ---- | M] () -- F:\lrg_Tennessee_Titans143.gif
[2012/01/02 00:21:08 | 000,094,893 | ---- | M] () -- F:\w2picfxy7.jpg
[2011/12/30 00:10:22 | 000,022,074 | ---- | M] () -- F:\23292123042395058_0c8oSHjk_c.jpg
[2011/12/30 00:10:04 | 000,039,008 | ---- | M] () -- F:\tupac-shakur-stencil-392-p.jpg
[2011/12/28 18:15:34 | 000,079,588 | ---- | M] () -- F:\270212_948803029372_41109311_42331011_8363712_n.jpg
[2011/12/28 17:54:12 | 000,058,824 | ---- | M] () -- F:\n41109312_31301246_2813.jpg
[2011/12/28 17:50:44 | 000,040,741 | ---- | M] () -- F:\n41109312_33882722_3599.jpg
[2011/12/26 18:35:05 | 000,031,113 | ---- | M] () -- F:\n671710614_3416839_4118.jpg
[2011/12/26 18:30:25 | 000,047,839 | ---- | M] () -- F:\6015_233842430614_671710614_7813188_7121609_n.jpg
[2011/12/26 12:18:50 | 000,061,486 | ---- | M] () -- F:\226516_509487268377_210608071_30595460_9879_n.jpg
[2011/12/24 10:29:50 | 000,065,630 | ---- | M] () -- F:\n41108379_34359740_4276.jpg
[2011/12/23 22:43:49 | 000,065,575 | ---- | M] () -- F:\224302_10002198751_782333751_436822_7642_n.jpg
[2011/12/23 22:25:41 | 000,062,694 | ---- | M] () -- F:\n41108995_34646777_8058.jpg
[2011/12/23 22:20:58 | 000,027,173 | ---- | M] () -- F:\315690_10150514131904762_621389761_11586313_1826158986_n.jpg
[2011/12/23 10:39:20 | 000,056,859 | ---- | M] () -- F:\12315_390001968787_118996188787_3858013_7892458_n.jpg
[2011/12/23 10:35:46 | 000,036,456 | ---- | M] () -- F:\14649_641928962462_41116261_37507959_3239262_n.jpg
[2011/12/23 10:35:27 | 000,068,901 | ---- | M] () -- F:\6829_638698012312_41116261_37377456_2010714_n.jpg
[2011/12/23 10:35:04 | 000,067,627 | ---- | M] () -- F:\24386_678868305722_41116261_38614126_2019955_n.jpg
[2011/12/19 16:16:12 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/12/19 16:16:12 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2011/12/16 18:19:21 | 000,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/13 13:25:09 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/13 13:25:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/13 13:25:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/01/13 13:25:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/13 12:05:14 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/12 17:11:14 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/12 16:48:34 | 000,094,893 | ---- | C] () -- F:\w2picfxy7.jpg
[2012/01/12 16:48:34 | 000,039,008 | ---- | C] () -- F:\tupac-shakur-stencil-392-p.jpg
[2012/01/12 16:48:34 | 000,022,074 | ---- | C] () -- F:\23292123042395058_0c8oSHjk_c.jpg
[2012/01/12 16:48:34 | 000,007,366 | ---- | C] () -- F:\lrg_Tennessee_Titans143.gif
[2012/01/09 20:26:19 | 000,024,079 | ---- | C] () -- F:\63491_720067322562_41108845_39970463_532237_n.jpg
[2012/01/09 20:26:15 | 000,038,270 | ---- | C] () -- F:\68725_735303998142_41108845_40343793_6534153_n.jpg
[2012/01/09 20:26:09 | 000,031,885 | ---- | C] () -- F:\30682_688902127862_41108845_38924176_2509085_n.jpg
[2012/01/09 16:53:45 | 000,041,348 | ---- | C] () -- F:\6409_1085262941602_1527242313_30191100_5937906_n.jpg
[2012/01/09 16:53:33 | 000,043,575 | ---- | C] () -- F:\6409_1085261061555_1527242313_30191087_2376611_n.jpg
[2011/12/28 20:39:49 | 000,079,588 | ---- | C] () -- F:\270212_948803029372_41109311_42331011_8363712_n.jpg
[2011/12/28 18:03:02 | 000,058,824 | ---- | C] () -- F:\n41109312_31301246_2813.jpg
[2011/12/28 17:50:44 | 000,040,741 | ---- | C] () -- F:\n41109312_33882722_3599.jpg
[2011/12/26 18:38:34 | 000,031,113 | ---- | C] () -- F:\n671710614_3416839_4118.jpg
[2011/12/26 18:38:24 | 000,047,839 | ---- | C] () -- F:\6015_233842430614_671710614_7813188_7121609_n.jpg
[2011/12/26 12:18:49 | 000,061,486 | ---- | C] () -- F:\226516_509487268377_210608071_30595460_9879_n.jpg
[2011/12/25 22:19:34 | 000,065,630 | ---- | C] () -- F:\n41108379_34359740_4276.jpg
[2011/12/23 22:43:49 | 000,065,575 | ---- | C] () -- F:\224302_10002198751_782333751_436822_7642_n.jpg
[2011/12/23 22:25:41 | 000,062,694 | ---- | C] () -- F:\n41108995_34646777_8058.jpg
[2011/12/23 22:20:58 | 000,027,173 | ---- | C] () -- F:\315690_10150514131904762_621389761_11586313_1826158986_n.jpg
[2011/12/23 11:13:08 | 000,068,901 | ---- | C] () -- F:\6829_638698012312_41116261_37377456_2010714_n.jpg
[2011/12/23 11:13:08 | 000,067,627 | ---- | C] () -- F:\24386_678868305722_41116261_38614126_2019955_n.jpg
[2011/12/23 11:13:08 | 000,056,859 | ---- | C] () -- F:\12315_390001968787_118996188787_3858013_7892458_n.jpg
[2011/12/23 11:13:08 | 000,036,456 | ---- | C] () -- F:\14649_641928962462_41116261_37507959_3239262_n.jpg
[2011/07/10 18:01:16 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\sutil32.dll
[2011/05/23 19:32:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/05/21 06:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/03/01 19:57:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Application Data\610B5D
[2011/03/01 19:57:53 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\User\Application Data\mcs.rma
[2010/12/31 13:28:22 | 000,478,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/30 01:51:09 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2010/10/07 12:09:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 12:09:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/09/20 11:21:24 | 000,077,373 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/09/18 20:45:22 | 000,000,504 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat.temp
[2010/09/18 20:04:12 | 000,147,971 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/09/18 20:04:12 | 000,000,504 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/09/18 11:46:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/09/16 21:31:06 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/16 21:31:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/05 15:23:46 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 03:07:44 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\ssitid.dat
[2010/09/04 23:05:32 | 000,154,624 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/04 22:27:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/09/04 22:27:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/09/04 22:27:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/09/04 01:28:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/03 20:39:03 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/09/03 20:39:03 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\69CA0EA71D.sys
[2010/09/03 13:31:34 | 000,005,876 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/09/03 13:08:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/03 13:04:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/03 05:58:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/03 05:57:24 | 000,321,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,467,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,082,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/12/31 01:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/12/31 00:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/12/31 00:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/09/18 11:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/10/25 18:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/11/09 21:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/04/04 20:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2012/01/12 20:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/11/25 12:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/12/26 18:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/10/25 18:41:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{12C9D0C8-20A9-478B-A1E2-4A2B318DEF2E}
[2010/10/25 18:40:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1E073424-A3F8-474B-A503-A99428594527}
[2010/10/25 18:41:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1E8C7AE2-4367-4069-9771-8176841822C4}
[2010/10/25 18:42:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}
[2010/10/25 18:43:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}
[2010/10/25 18:42:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B4EC8631-3359-4312-83DE-2903C693758B}
[2010/10/12 23:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
[2010/10/12 23:28:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2011/03/05 15:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2012/01/07 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2010/12/31 01:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite
[2011/06/27 09:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2010/09/05 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hardcore
[2010/09/12 00:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Juce VST Host
[2010/09/05 17:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2010/11/26 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MixVibes
[2010/11/09 21:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PACE Anti-Piracy
[2010/10/13 02:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Raptr
[2011/04/04 21:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2010/09/05 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sakura
[2010/09/05 18:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sawer
[2010/12/26 18:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TomTom
[2011/07/14 16:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Xtranormal

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:05EE1EEF
@Alternate Data Stream - 1358 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:odeEi8cSnw6WjjLew2ZpUy
@Alternate Data Stream - 1307 bytes -> C:\Program Files\Common Files\Microsoft Shared:kFry4qKuSrCEllF6z32Axg
@Alternate Data Stream - 1228 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:pUVRgvDvN3HXT3XJ5HyD5w

< End of report >

[Advertisements]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the button.
• A report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Gammo]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the button.
• A report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Gammo]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.