[Sharpen]

My friends` laptop is most likely infected, and his external drive creates shortcuts with his folder names.

Could you please help out?



Below are OTL and Extras logs.


OTL logfile created on: 17/9/2012 2:05:16 πμ - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\DjNick\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

1,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,98% Memory free
4,19 Gb Paging File | 3,55 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 83,39 Gb Free Space | 74,60% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 73,87 Gb Free Space | 49,56% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 0,15 Gb Free Space | 1,96% Space Free | Partition Type: FAT32

Computer Name: DJNICK-PC | User Name: DjNick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/17 02:01:11 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\DjNick\Desktop\OTL.exe
PRC - [2012/07/16 14:02:46 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\DjNick\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/07/05 15:41:19 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/11/02 12:45:59 | 000,116,736 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/09/10 16:58:17 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/11/16 12:59:48 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EMSC.sys -- (EMSC)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008/09/04 01:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/02/25 06:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/01/23 19:18:32 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/04/12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 19:21:32 | 000,017,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2005/04/12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-709794287-1029103720-769151006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DjNick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DjNick\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DjNick\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[2012/06/24 14:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DjNick\AppData\Roaming\mozilla\Firefox\extensions
[2012/06/24 14:05:06 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\DjNick\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

========== Chrome ==========

CHR - homepage: http://blekko.com/ws...F6&tbp=homepage
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://blekko.com/ws...F6&tbp=homepage
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DjNick\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DjNick\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DjNick\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DjNick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\DjNick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: \u0391\u03BD\u03B1\u03B6\u03AE\u03C4\u03B7\u03C3\u03B7 Google = C:\Users\DjNick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Vid-Saver = C:\Users\DjNick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.46_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\DjNick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.46_0\
CHR - Extension: Gmail = C:\Users\DjNick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/19 00:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-709794287-1029103720-769151006-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-709794287-1029103720-769151006-1000..\Run: [Facebook Update] C:\Users\DjNick\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-709794287-1029103720-769151006-1000..\Run: [sauozaw] C:\Users\DjNick\sauozaw.exe File not found
F3 - HKU\S-1-5-21-709794287-1029103720-769151006-1000 WinNT: Load - (C:\Users\DjNick\LOCALS~1\Temp\msakcukpm.exe) - C:\Users\DjNick\LOCALS~1\Temp\msakcukpm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{241FA9E1-715F-4FEC-8D9B-B1BD69828195}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC848617-6823-4F91-BD69-EBC13C04B37F}: DhcpNameServer = 10.0.0.140
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\DjNick\AppData\Roaming\Microsoft\Windows Photo Gallery\Ταπετσαρία της Συλλογής φωτογραφιών των Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\DjNick\AppData\Roaming\Microsoft\Windows Photo Gallery\Ταπετσαρία της Συλλογής φωτογραφιών των Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/09/17 01:50:44 | 000,000,000 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/09/17 01:54:48 | 000,000,000 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8b9746b7-cb59-11e1-874b-00197ef075c1}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/17 02:01:08 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\DjNick\Desktop\OTL.exe
[2012/09/17 00:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/17 00:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/11 21:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2012/09/11 14:47:32 | 000,000,000 | ---D | C] -- C:\Users\DjNick\Downloads
[2012/09/10 16:56:34 | 000,000,000 | RHSD | C] -- C:\Users\DjNick\M-50-8964-7854-4678
[2012/09/07 10:02:26 | 000,000,000 | R--D | C] -- C:\Users\DjNick\Documents\Notes
[2012/08/22 19:01:37 | 000,000,000 | ---D | C] -- C:\Users\DjNick\Documents\FL 9.1
[2012/08/22 19:00:49 | 000,000,000 | ---D | C] -- C:\Users\DjNick\Documents\Image-Line
[2012/08/22 19:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/08/22 19:00:16 | 000,000,000 | ---D | C] -- C:\Users\DjNick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/08/22 19:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2012/08/19 20:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collab
[2012/08/19 20:25:46 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2012/08/19 20:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2012/08/19 20:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

========== Files - Modified Within 30 Days ==========

[2012/09/17 02:07:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-709794287-1029103720-769151006-1000UA.job
[2012/09/17 02:05:45 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/17 02:05:45 | 000,579,684 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2012/09/17 02:05:45 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/17 02:05:45 | 000,091,728 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2012/09/17 02:01:11 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\DjNick\Desktop\OTL.exe
[2012/09/17 01:59:35 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 01:59:35 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 01:59:27 | 000,231,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/17 01:59:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/17 01:59:06 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/17 01:58:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/09/17 01:57:03 | 000,069,147 | ---- | M] () -- C:\Users\DjNick\Desktop\folders_to_shortcuts.jpg
[2012/09/17 01:33:00 | 000,001,198 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-709794287-1029103720-769151006-1000UA.job
[2012/09/17 01:32:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/16 23:44:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 14:07:40 | 000,000,000 | -H-- | M] () -- C:\Users\DjNick\AppData\Roaming\79g7gg.sys
[2012/09/13 20:33:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-709794287-1029103720-769151006-1000Core.job
[2012/09/11 21:12:50 | 000,000,836 | ---- | M] () -- C:\Users\DjNick\Desktop\Virtual DJ Pro.lnk
[2012/09/11 14:07:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-709794287-1029103720-769151006-1000Core.job
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/27 18:10:16 | 000,001,648 | ---- | M] () -- C:\Windows\System32\license.reg
[2012/08/27 18:10:16 | 000,000,022 | ---- | M] () -- C:\Windows\System32\apply.bat
[2012/08/26 12:20:15 | 000,024,064 | ---- | M] () -- C:\Users\DjNick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/09/17 01:57:02 | 000,069,147 | ---- | C] () -- C:\Users\DjNick\Desktop\folders_to_shortcuts.jpg
[2012/09/14 00:37:24 | 000,000,000 | -H-- | C] () -- C:\Users\DjNick\AppData\Roaming\79g7gg.sys
[2012/09/11 21:12:50 | 000,000,836 | ---- | C] () -- C:\Users\DjNick\Desktop\Virtual DJ Pro.lnk
[2012/08/27 18:10:16 | 000,001,648 | ---- | C] () -- C:\Windows\System32\license.reg
[2012/08/27 18:10:16 | 000,000,022 | ---- | C] () -- C:\Windows\System32\apply.bat
[2012/07/11 16:18:21 | 000,024,064 | ---- | C] () -- C:\Users\DjNick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/24 23:17:21 | 000,000,552 | ---- | C] () -- C:\Users\DjNick\AppData\Local\d3d8caps.dat
[2012/06/23 10:47:15 | 000,000,680 | ---- | C] () -- C:\Users\DjNick\AppData\Local\d3d9caps.dat
[2012/06/23 10:41:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== LOP Check ==========

[2012/08/03 16:36:10 | 000,000,000 | -H-D | M] -- C:\Users\DjNick\AppData\Roaming\RPPrivate
[2012/06/23 12:02:38 | 000,000,000 | ---D | M] -- C:\Users\DjNick\AppData\Roaming\SystemRequirementsLab
[2012/09/11 14:07:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-709794287-1029103720-769151006-1000Core.job
[2012/09/17 02:07:00 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-709794287-1029103720-769151006-1000UA.job
[2012/09/17 01:58:00 | 000,032,462 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 17/9/2012 2:05:16 πμ - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\DjNick\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

1,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,98% Memory free
4,19 Gb Paging File | 3,55 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 83,39 Gb Free Space | 74,60% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 73,87 Gb Free Space | 49,56% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 0,15 Gb Free Space | 1,96% Space Free | Partition Type: FAT32

Computer Name: DJNICK-PC | User Name: DjNick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-709794287-1029103720-769151006-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Πακέτο προγραμμάτων οδήγησης των Windows - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Drumaxx" = Drumaxx
"Hardcore" = Hardcore
"HDMI" = Intel® Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware έκδοση 1.65.0.1400
"PoiZone" = PoiZone
"Sakura" = Sakura
"Sawer" = Sawer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Toxic Biohazard" = Toxic Biohazard
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-709794287-1029103720-769151006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16/9/2012 4:31:58 μμ | Computer Name = DjNick-PC | Source = SideBySide | ID = 16842785
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe"
απέτυχε. Δεν ήταν δυνατή η εύρεση της εξαρτημένης συγκρότησης Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Για
την αναλυτική διάγνωση χρησιμοποιήστε το sxstrace.exe.

Error - 16/9/2012 4:32:08 μμ | Computer Name = DjNick-PC | Source = Google Update | ID = 20
Description =

Error - 16/9/2012 4:39:38 μμ | Computer Name = DjNick-PC | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή ieuser.exe, έκδοση 6.0.6000.16386, χρονική σήμανση
0x4549b131, ελαττωματική λειτουργική μονάδα ieframe.dll, έκδοση 7.0.6000.16386,
χρονική σήμανση 0x4549bcf8, κωδικός εξαίρεσης 0xc0000005, μετατόπιση σφάλματος
0x0015f9a4, αναγνωριστικό διεργασίας 0xbdc, χρόνος έναρξης εφαρμογής 0x01cd944ad06c31c4.

Error - 16/9/2012 4:41:48 μμ | Computer Name = DjNick-PC | Source = Application Hang | ID = 1002
Description = Το πρόγραμμα iexplore.exe έκδοση 7.0.6000.16386 σταμάτησε να αλληλεπιδρά
με τα Windows και έκλεισε. Για να δείτε αν υπάρχουν διαθέσιμες περισσότερες πληροφορίες
για το πρόβλημα, ελέγξτε το ιστορικό του προβλήματος στο στοιχείο "Αναφορές προβλημάτων
και λύσεις" του Πίνακα Ελέγχου. Αναγνωριστικό διεργασίας: bf4 Ώρα έναρξης: 01cd944ad06c31c4
Ώρα
τερματισμού: 16

Error - 16/9/2012 5:48:19 μμ | Computer Name = DjNick-PC | Source = SideBySide | ID = 16842785
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe"
απέτυχε. Δεν ήταν δυνατή η εύρεση της εξαρτημένης συγκρότησης Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Για
την αναλυτική διάγνωση χρησιμοποιήστε το sxstrace.exe.

Error - 16/9/2012 6:16:32 μμ | Computer Name = DjNick-PC | Source = SideBySide | ID = 16842785
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe"
απέτυχε. Δεν ήταν δυνατή η εύρεση της εξαρτημένης συγκρότησης Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Για
την αναλυτική διάγνωση χρησιμοποιήστε το sxstrace.exe.

Error - 16/9/2012 6:29:38 μμ | Computer Name = DjNick-PC | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή taskmgr.exe, έκδοση 6.0.6000.16386, χρονική
σήμανση 0x4549b0b0, ελαττωματική λειτουργική μονάδα ntdll.dll, έκδοση 6.0.6000.16386,
χρονική σήμανση 0x4549bdc9, κωδικός εξαίρεσης 0xc0000374, μετατόπιση σφάλματος
0x000af1c9, αναγνωριστικό διεργασίας 0xc2c, χρόνος έναρξης εφαρμογής 0x01cd945ab9fee18f.

Error - 16/9/2012 6:44:12 μμ | Computer Name = DjNick-PC | Source = Application Error | ID = 1000
Description = Ελαττωματική εφαρμογή taskmgr.exe, έκδοση 6.0.6000.16386, χρονική
σήμανση 0x4549b0b0, ελαττωματική λειτουργική μονάδα ntdll.dll, έκδοση 6.0.6000.16386,
χρονική σήμανση 0x4549bdc9, κωδικός εξαίρεσης 0xc0000374, μετατόπιση σφάλματος
0x000af1c9, αναγνωριστικό διεργασίας 0xd2c, χρόνος έναρξης εφαρμογής 0x01cd945cc472ce4f.

Error - 16/9/2012 6:46:54 μμ | Computer Name = DjNick-PC | Source = SideBySide | ID = 16842785
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe"
απέτυχε. Δεν ήταν δυνατή η εύρεση της εξαρτημένης συγκρότησης Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Για
την αναλυτική διάγνωση χρησιμοποιήστε το sxstrace.exe.

Error - 16/9/2012 6:59:27 μμ | Computer Name = DjNick-PC | Source = SideBySide | ID = 16842785
Description = Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe"
απέτυχε. Δεν ήταν δυνατή η εύρεση της εξαρτημένης συγκρότησης Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Για
την αναλυτική διάγνωση χρησιμοποιήστε το sxstrace.exe.

[ System Events ]
Error - 16/9/2012 6:18:12 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 16/9/2012 6:18:12 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 16/9/2012 6:48:34 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 16/9/2012 6:48:34 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/9/2012 6:48:34 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 16/9/2012 6:48:34 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 16/9/2012 7:00:49 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 16/9/2012 7:00:49 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/9/2012 7:00:49 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 16/9/2012 7:00:49 μμ | Computer Name = DjNick-PC | Source = Service Control Manager | ID = 7003
Description =


< End of report >

[Advertisements]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
• Note: the Extras.txt file only gets created on OTL's first run.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Gammo]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
• Note: the Extras.txt file only gets created on OTL's first run.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.