Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random pop-ups (cannot delete CVQ.exe)

Started by dannylittledude , Jun 09 2010 03:14 PM

  • Please log in to reply

#1
dannylittledude
Posted 09 June 2010 - 03:14 PM

dannylittledude

    New Member

  • Member
  • Pip
  • 3 posts
Hey guys, I've been getting random pop-ups on my computer for some reason. So, I decided to scan my computer with MBAM, Avast, F-secure. With each of these, whenever I found infections I told it to delete them and all that good stuff. But when I scanned with F-secure today, it was a bit weird. I deleted all the infections but I noticed there were a BUNCH of CVQ.exe files that were not able to be deleted. So I was wondering if this is the culprit to my problems. ALSO, I read the helpful guide to cleaning Malware and Spyware but the only part I cannot do is the gmer.exe thing because I get a gmer.exe C:\windows\system32\config\system: The file cannot be found error. I goolged it and it seems that gmer doesn't support 64bit OSes. Any idea on what I should do about that?

And now for the logs:

MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/9/2010 4:02:50 PM
mbam-log-2010-06-09 (16-02-50).txt

Scan type: Quick scan
Objects scanned: 120769
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER: cannot do it

OTL:

OTL logfile created on: 6/9/2010 4:06:40 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Daniel\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 335.14 Gb Free Space | 71.97% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 86.24 Mb Free Space | 86.25% Space Free | Partition Type: NTFS
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MUDAFUKKAAA
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/09 16:01:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2010/04/02 06:27:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/28 19:00:32 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/01/06 23:13:04 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/12/01 12:38:47 | 003,951,976 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/06/24 23:24:08 | 005,782,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe


========== Modules (SafeList) ==========

MOD - [2010/06/09 16:01:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
MOD - [2009/07/13 20:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/12 03:00:30 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/11/24 22:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)
SRV:64bit: - [2009/07/13 20:41:08 | 000,451,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)
SRV:64bit: - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:40:01 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/05/13 16:06:32 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/06 23:13:04 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 15:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/14 19:39:07 | 000,077,352 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:64bit: - [2009/12/11 05:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/11/24 22:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/24 18:50:25 | 000,089,680 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2009/11/24 18:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/24 18:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/11/24 18:49:10 | 000,053,840 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2009/11/24 18:49:00 | 000,027,216 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2009/09/30 09:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/26 01:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/08/09 16:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 20:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 20:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 20:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 20:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 20:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 20:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 20:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 20:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 19:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 19:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 19:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 19:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 19:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 19:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 19:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 19:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 19:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 19:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 19:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 19:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 19:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 19:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 19:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 18:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 18:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 18:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 18:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 18:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 18:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 18:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 18:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 18:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 18:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 03:55:20 | 001,207,808 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/05/22 09:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/13 20:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/11 17:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2010/01/01 13:32:31 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 16:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 16:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2007/12/17 04:14:14 | 000,014,392 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\AsIO.sys -- (AsIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 73 37 10 04 8B CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "clangfaq.net"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/02 06:27:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/21 06:54:11 | 000,000,000 | ---D | M]

[2010/01/01 12:03:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2010/01/10 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\39fqy6xn.default\extensions
[2010/01/01 12:47:51 | 000,004,554 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\39fqy6xn.default\searchplugins\aim-search.xml
[2010/05/21 06:54:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/21 06:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/21 06:54:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/28 18:59:58 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1998/12/13 02:43:32 | 000,000,040 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ec4fab23-f703-11de-8a5a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ec4fab23-f703-11de-8a5a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998/12/01 00:04:40 | 000,025,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - C:\Windows\SysNative\frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/09 16:03:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\gmer
[2010/06/09 16:01:09 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2010/06/09 15:59:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/09 15:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/06/09 15:53:11 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Daniel\Desktop\erunt_setup.exe
[2010/06/09 15:52:33 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\TFC.exe
[2010/06/09 15:52:32 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\TFC.exe.part
[2010/06/09 11:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/06/09 10:08:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/06/09 10:08:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/07 12:34:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2010/06/07 12:34:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/07 12:34:07 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/07 12:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/07 12:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/07 12:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/06/07 10:36:37 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup.exe
[2010/06/07 10:35:34 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Users\Daniel\Desktop\ccsetup232.exe
[2010/06/07 09:23:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Breaking Bad S03E12 Half Measures HDTV XviD FQM
[2010/06/06 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\WVS_124
[2010/06/06 18:05:02 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Liquid Stranger - The Intergalactic Slapstick (2009)
[2010/06/06 13:13:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\USB BACKUOP
[2010/05/31 16:46:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Breaking.Bad.S03E11.Abiquiu.HDTV.XviD-FQM
[2010/05/26 06:15:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\UDP BLOCKER
[2010/05/24 14:14:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Breaking.Bad.S03E10.Fly.HDTV.XviD-FQM
[2010/05/22 16:34:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\sc2 reps
[2010/05/21 06:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/05/20 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Windows Server
[2010/05/17 07:50:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Breaking.Bad.S03E09.Kafkaesque.HDTV.XviD-FQM
[2010/05/13 05:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/05/13 05:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010/05/13 04:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/05/12 21:22:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Downloads
[2010/04/28 21:23:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\SC2RARu5
[2010/04/28 21:19:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\RenamerU5
[2010/04/19 20:14:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2010/04/19 20:07:43 | 000,000,000 | ---D | C] -- C:\Publisher
[2010/04/17 11:25:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Braid
[2010/04/12 03:00:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/12 03:00:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/03/28 22:41:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Diagnostics
[2010/03/28 19:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2010/03/28 19:00:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PMB Files
[2010/03/28 19:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/03/28 18:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010/03/22 22:01:08 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/03/20 11:33:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\makaron
[2010/03/14 19:39:07 | 000,077,352 | ---- | C] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
[2010/03/14 19:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2010/03/14 11:23:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Procaster

========== Files - Modified Within 90 Days ==========

[2010/06/09 16:08:07 | 004,718,592 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat
[2010/06/09 16:05:01 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/09 16:05:01 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/09 16:03:45 | 000,835,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/09 16:03:45 | 000,702,454 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/09 16:03:45 | 000,134,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/09 16:01:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2010/06/09 16:01:05 | 000,284,915 | ---- | M] () -- C:\Users\Daniel\Desktop\gmer.zip
[2010/06/09 15:59:02 | 000,000,905 | ---- | M] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2010/06/09 15:57:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/09 15:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/09 15:57:36 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/09 15:56:19 | 002,868,229 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2010/06/09 15:53:17 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Daniel\Desktop\erunt_setup.exe
[2010/06/09 15:52:49 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\TFC.exe
[2010/06/09 15:52:35 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\TFC.exe.part
[2010/06/07 13:02:19 | 000,006,792 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20100607_130213.reg
[2010/06/07 13:01:59 | 000,043,138 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20100607_130144.reg
[2010/06/07 12:34:11 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/07 12:33:25 | 000,001,885 | ---- | M] () -- C:\Users\Daniel\Desktop\CCleaner.lnk
[2010/06/07 10:37:51 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\mbam-setup.exe
[2010/06/07 10:36:15 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Users\Daniel\Desktop\ccsetup232.exe
[2010/06/06 20:51:41 | 064,844,927 | ---- | M] () -- C:\Users\Daniel\Desktop\WVS_124.zip
[2010/06/06 19:49:54 | 000,099,593 | ---- | M] () -- C:\Users\Daniel\Desktop\0606001938.jpg
[2010/06/05 16:40:33 | 001,589,286 | ---- | M] () -- C:\Users\Daniel\Desktop\whitera.rar
[2010/06/03 15:42:29 | 001,025,752 | ---- | M] () -- C:\Users\Daniel\Desktop\machine(2).rar
[2010/05/31 04:36:55 | 000,332,885 | ---- | M] () -- C:\Users\Daniel\Desktop\machine.rar
[2010/05/30 20:58:06 | 007,120,438 | ---- | M] () -- C:\Users\Daniel\Desktop\DotA Allstars v6.67c.w3x
[2010/05/30 17:43:05 | 001,047,822 | ---- | M] () -- C:\Users\Daniel\Desktop\TankwaiiRice.mp3
[2010/05/30 17:43:04 | 000,310,960 | ---- | M] () -- C:\Users\Daniel\Desktop\mOnionrift.mp3
[2010/05/30 17:42:00 | 000,347,741 | ---- | M] () -- C:\Users\Daniel\Desktop\Tankrift.mp3
[2010/05/30 17:37:40 | 001,463,692 | ---- | M] () -- C:\Users\Daniel\Desktop\DROPZONE.mp3
[2010/05/28 16:45:11 | 000,938,780 | ---- | M] () -- C:\Users\Daniel\Desktop\brian.rar
[2010/05/28 16:38:14 | 001,392,389 | ---- | M] () -- C:\Users\Daniel\Desktop\lol.wma
[2010/05/27 16:40:04 | 000,013,037 | ---- | M] () -- C:\Users\Daniel\Documents\Interview for history.docx
[2010/05/27 07:18:10 | 000,013,485 | ---- | M] () -- C:\Users\Daniel\Documents\le petit prince paper lol.docx
[2010/05/27 00:12:17 | 000,033,779 | ---- | M] () -- C:\Users\Daniel\Desktop\pik.jpg
[2010/05/27 00:12:10 | 003,083,753 | ---- | M] () -- C:\Users\Daniel\Desktop\123.jpg
[2010/05/27 00:11:20 | 000,174,702 | ---- | M] () -- C:\Users\Daniel\Desktop\flower.JPG
[2010/05/27 00:10:39 | 000,270,598 | ---- | M] () -- C:\Users\Daniel\Desktop\sun.jpg
[2010/05/26 23:56:43 | 000,025,880 | ---- | M] () -- C:\Users\Daniel\Desktop\easel.jpg
[2010/05/26 23:56:16 | 000,005,073 | ---- | M] () -- C:\Users\Daniel\Desktop\sun.gif
[2010/05/26 23:55:42 | 000,045,428 | ---- | M] () -- C:\Users\Daniel\Desktop\movie-theater.jpg
[2010/05/26 23:55:17 | 000,031,805 | ---- | M] () -- C:\Users\Daniel\Desktop\cardboard-box.jpg
[2010/05/26 23:54:46 | 000,178,307 | ---- | M] () -- C:\Users\Daniel\Desktop\children_heart.jpg
[2010/05/26 23:54:02 | 000,027,810 | ---- | M] () -- C:\Users\Daniel\Desktop\well.jpg
[2010/05/26 23:53:21 | 000,061,812 | ---- | M] () -- C:\Users\Daniel\Desktop\petit-prince-baobabs.jpg
[2010/05/26 23:51:35 | 000,041,551 | ---- | M] () -- C:\Users\Daniel\Desktop\crayons.jpg
[2010/05/26 23:51:15 | 000,071,934 | ---- | M] () -- C:\Users\Daniel\Desktop\sunset.jpg
[2010/05/26 23:50:55 | 000,024,866 | ---- | M] () -- C:\Users\Daniel\Desktop\stars.jpg
[2010/05/26 23:50:41 | 000,032,746 | ---- | M] () -- C:\Users\Daniel\Desktop\pikachu21.gif
[2010/05/26 23:50:26 | 000,012,754 | ---- | M] () -- C:\Users\Daniel\Desktop\20071227182957-le-petit-prince.jpg
[2010/05/26 23:49:59 | 000,018,856 | ---- | M] () -- C:\Users\Daniel\Desktop\Flower9.jpg
[2010/05/26 23:49:39 | 000,032,892 | ---- | M] () -- C:\Users\Daniel\Desktop\flower-clipart-01.gif
[2010/05/26 23:49:19 | 000,010,897 | ---- | M] () -- C:\Users\Daniel\Desktop\red-flower-clip-art.gif
[2010/05/26 23:48:45 | 000,024,364 | ---- | M] () -- C:\Users\Daniel\Desktop\sheep cliipart.jpg
[2010/05/26 06:10:58 | 000,007,268 | ---- | M] () -- C:\Users\Daniel\Desktop\Sc2UDPBlocker.7z
[2010/05/25 17:39:35 | 000,013,335 | ---- | M] () -- C:\Users\Daniel\Desktop\styrofoam ball.jpg
[2010/05/23 17:51:51 | 351,787,256 | ---- | M] () -- C:\Users\Daniel\Desktop\[TL Subs] After Talk - Betting Scandal.avi
[2010/05/21 13:42:09 | 240,817,926 | ---- | M] () -- C:\Users\Daniel\Desktop\[TL Subs] NalrA Oldboy Ep 9.mp4
[2010/05/20 21:29:00 | 000,010,986 | ---- | M] () -- C:\Users\Daniel\Documents\math final problems.docx
[2010/05/20 20:13:57 | 126,477,032 | ---- | M] () -- C:\Users\Daniel\Desktop\`eeK rep pack.zip
[2010/05/20 06:42:55 | 038,499,434 | ---- | M] () -- C:\Users\Daniel\Desktop\SotG - 5.20.10.mp3
[2010/05/19 07:39:40 | 000,012,671 | ---- | M] () -- C:\Users\Daniel\Documents\Work Progress Log.docx
[2010/05/19 07:30:06 | 000,014,750 | ---- | M] () -- C:\Users\Daniel\Documents\physics thing.docx
[2010/05/17 00:18:21 | 000,031,744 | ---- | M] () -- C:\Users\Daniel\Documents\Physics Report.doc
[2010/05/17 00:14:21 | 000,013,764 | ---- | M] () -- C:\Users\Daniel\Documents\Physics Report.docx
[2010/05/16 23:09:50 | 367,071,842 | ---- | M] () -- C:\Users\Daniel\Desktop\breaking.bad.s03e09.hdtv.xvid-fqm.avi
[2010/05/16 19:36:17 | 000,010,339 | ---- | M] () -- C:\Users\Daniel\Documents\boat report.docx
[2010/05/16 02:11:45 | 000,732,368 | ---- | M] () -- C:\Users\Daniel\Desktop\slush-vs-demuslim.zip
[2010/05/15 21:53:04 | 022,576,315 | ---- | M] () -- C:\Users\Daniel\Desktop\GC_Weekly_4.rar
[2010/05/15 17:37:22 | 274,200,570 | ---- | M] () -- C:\Users\Daniel\Desktop\[TL Subs] NalrA Oldboy Ep 7.avi
[2010/05/15 11:24:18 | 048,098,694 | ---- | M] () -- C:\Users\Daniel\Desktop\SotG - 5.11.10.mp3
[2010/05/14 03:01:17 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/05/13 16:06:14 | 000,416,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/13 07:02:50 | 000,017,946 | ---- | M] () -- C:\Users\Daniel\Documents\fashion in the 1970s.docx
[2010/05/13 04:59:54 | 000,108,840 | ---- | M] () -- C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/12 05:42:51 | 000,010,701 | ---- | M] () -- C:\Users\Daniel\Desktop\70.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/27 07:36:41 | 000,011,369 | ---- | M] () -- C:\Users\Daniel\Documents\preliminary.docx
[2010/04/26 17:36:56 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/04/21 20:17:03 | 000,011,334 | ---- | M] () -- C:\Users\Daniel\Documents\works cited.docx
[2010/04/19 21:09:38 | 000,017,835 | ---- | M] () -- C:\Users\Daniel\Documents\outline 35.docx
[2010/04/19 18:18:26 | 000,018,998 | ---- | M] () -- C:\Users\Daniel\Documents\Chapter 34 Outline.docx
[2010/04/08 07:42:03 | 000,019,628 | ---- | M] () -- C:\Users\Daniel\Documents\chapter 33 outline.docx
[2010/04/02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/01 06:54:56 | 000,019,339 | ---- | M] () -- C:\Users\Daniel\Documents\chapter 32 outline.docx
[2010/03/29 19:59:17 | 000,019,313 | ---- | M] () -- C:\Users\Daniel\Documents\chapter 31 outline.docx
[2010/03/25 20:02:30 | 000,000,355 | ---- | M] () -- C:\Users\Daniel\Computer - Shortcut.lnk
[2010/03/23 15:37:38 | 000,033,084 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2010/03/23 02:49:25 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/03/23 02:49:25 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/03/23 02:49:25 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/03/22 22:01:08 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/03/22 22:01:08 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2010/03/21 13:18:31 | 000,000,338 | ---- | M] () -- C:\Users\Daniel\Desktop\scfix.bat
[2010/03/19 00:07:06 | 000,078,990 | ---- | M] () -- C:\Windows\War3Unin.dat
[2010/03/16 07:41:08 | 000,020,582 | ---- | M] () -- C:\Users\Daniel\Documents\Chapter 30 DJ.docx
[2010/03/14 19:39:07 | 000,077,352 | ---- | M] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys

========== Files Created - No Company Name ==========

[2010/06/09 15:59:02 | 000,000,905 | ---- | C] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2010/06/09 15:38:48 | 000,284,915 | ---- | C] () -- C:\Users\Daniel\Desktop\gmer.zip
[2010/06/07 13:02:14 | 000,006,792 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20100607_130213.reg
[2010/06/07 13:01:49 | 000,043,138 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20100607_130144.reg
[2010/06/07 12:34:11 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/07 12:33:25 | 000,001,885 | ---- | C] () -- C:\Users\Daniel\Desktop\CCleaner.lnk
[2010/06/06 20:44:11 | 064,844,927 | ---- | C] () -- C:\Users\Daniel\Desktop\WVS_124.zip
[2010/06/06 19:49:54 | 000,099,593 | ---- | C] () -- C:\Users\Daniel\Desktop\0606001938.jpg
[2010/06/05 16:40:22 | 001,589,286 | ---- | C] () -- C:\Users\Daniel\Desktop\whitera.rar
[2010/06/03 15:42:25 | 001,025,752 | ---- | C] () -- C:\Users\Daniel\Desktop\machine(2).rar
[2010/05/31 04:36:53 | 000,332,885 | ---- | C] () -- C:\Users\Daniel\Desktop\machine.rar
[2010/05/30 20:57:06 | 007,120,438 | ---- | C] () -- C:\Users\Daniel\Desktop\DotA Allstars v6.67c.w3x
[2010/05/30 17:43:03 | 000,310,960 | ---- | C] () -- C:\Users\Daniel\Desktop\mOnionrift.mp3
[2010/05/30 17:42:58 | 001,047,822 | ---- | C] () -- C:\Users\Daniel\Desktop\TankwaiiRice.mp3
[2010/05/30 17:42:00 | 000,347,741 | ---- | C] () -- C:\Users\Daniel\Desktop\Tankrift.mp3
[2010/05/30 17:37:33 | 001,463,692 | ---- | C] () -- C:\Users\Daniel\Desktop\DROPZONE.mp3
[2010/05/28 16:45:07 | 000,938,780 | ---- | C] () -- C:\Users\Daniel\Desktop\brian.rar
[2010/05/28 16:38:14 | 001,392,389 | ---- | C] () -- C:\Users\Daniel\Desktop\lol.wma
[2010/05/27 16:07:22 | 000,013,037 | ---- | C] () -- C:\Users\Daniel\Documents\Interview for history.docx
[2010/05/27 00:12:17 | 000,033,779 | ---- | C] () -- C:\Users\Daniel\Desktop\pik.jpg
[2010/05/27 00:11:45 | 003,083,753 | ---- | C] () -- C:\Users\Daniel\Desktop\123.jpg
[2010/05/27 00:11:17 | 000,174,702 | ---- | C] () -- C:\Users\Daniel\Desktop\flower.JPG
[2010/05/27 00:10:38 | 000,270,598 | ---- | C] () -- C:\Users\Daniel\Desktop\sun.jpg
[2010/05/26 23:56:42 | 000,025,880 | ---- | C] () -- C:\Users\Daniel\Desktop\easel.jpg
[2010/05/26 23:56:16 | 000,005,073 | ---- | C] () -- C:\Users\Daniel\Desktop\sun.gif
[2010/05/26 23:55:41 | 000,045,428 | ---- | C] () -- C:\Users\Daniel\Desktop\movie-theater.jpg
[2010/05/26 23:55:17 | 000,031,805 | ---- | C] () -- C:\Users\Daniel\Desktop\cardboard-box.jpg
[2010/05/26 23:54:45 | 000,178,307 | ---- | C] () -- C:\Users\Daniel\Desktop\children_heart.jpg
[2010/05/26 23:54:02 | 000,027,810 | ---- | C] () -- C:\Users\Daniel\Desktop\well.jpg
[2010/05/26 23:53:21 | 000,061,812 | ---- | C] () -- C:\Users\Daniel\Desktop\petit-prince-baobabs.jpg
[2010/05/26 23:51:35 | 000,041,551 | ---- | C] () -- C:\Users\Daniel\Desktop\crayons.jpg
[2010/05/26 23:51:15 | 000,071,934 | ---- | C] () -- C:\Users\Daniel\Desktop\sunset.jpg
[2010/05/26 23:50:54 | 000,024,866 | ---- | C] () -- C:\Users\Daniel\Desktop\stars.jpg
[2010/05/26 23:50:41 | 000,032,746 | ---- | C] () -- C:\Users\Daniel\Desktop\pikachu21.gif
[2010/05/26 23:50:25 | 000,012,754 | ---- | C] () -- C:\Users\Daniel\Desktop\20071227182957-le-petit-prince.jpg
[2010/05/26 23:49:59 | 000,018,856 | ---- | C] () -- C:\Users\Daniel\Desktop\Flower9.jpg
[2010/05/26 23:49:39 | 000,032,892 | ---- | C] () -- C:\Users\Daniel\Desktop\flower-clipart-01.gif
[2010/05/26 23:49:19 | 000,010,897 | ---- | C] () -- C:\Users\Daniel\Desktop\red-flower-clip-art.gif
[2010/05/26 23:48:42 | 000,024,364 | ---- | C] () -- C:\Users\Daniel\Desktop\sheep cliipart.jpg
[2010/05/26 19:14:40 | 000,013,485 | ---- | C] () -- C:\Users\Daniel\Documents\le petit prince paper lol.docx
[2010/05/26 06:10:57 | 000,007,268 | ---- | C] () -- C:\Users\Daniel\Desktop\Sc2UDPBlocker.7z
[2010/05/25 17:39:34 | 000,013,335 | ---- | C] () -- C:\Users\Daniel\Desktop\styrofoam ball.jpg
[2010/05/23 17:02:00 | 351,787,256 | ---- | C] () -- C:\Users\Daniel\Desktop\[TL Subs] After Talk - Betting Scandal.avi
[2010/05/21 13:13:50 | 240,817,926 | ---- | C] () -- C:\Users\Daniel\Desktop\[TL Subs] NalrA Oldboy Ep 9.mp4
[2010/05/20 21:29:00 | 000,010,986 | ---- | C] () -- C:\Users\Daniel\Documents\math final problems.docx
[2010/05/20 19:57:43 | 126,477,032 | ---- | C] () -- C:\Users\Daniel\Desktop\`eeK rep pack.zip
[2010/05/20 06:37:33 | 038,499,434 | ---- | C] () -- C:\Users\Daniel\Desktop\SotG - 5.20.10.mp3
[2010/05/19 07:39:40 | 000,012,671 | ---- | C] () -- C:\Users\Daniel\Documents\Work Progress Log.docx
[2010/05/19 07:30:05 | 000,014,750 | ---- | C] () -- C:\Users\Daniel\Documents\physics thing.docx
[2010/05/17 15:52:47 | 367,071,842 | ---- | C] () -- C:\Users\Daniel\Desktop\breaking.bad.s03e09.hdtv.xvid-fqm.avi
[2010/05/17 00:18:21 | 000,031,744 | ---- | C] () -- C:\Users\Daniel\Documents\Physics Report.doc
[2010/05/16 21:36:50 | 000,013,764 | ---- | C] () -- C:\Users\Daniel\Documents\Physics Report.docx
[2010/05/16 19:36:17 | 000,010,339 | ---- | C] () -- C:\Users\Daniel\Documents\boat report.docx
[2010/05/16 02:11:41 | 000,732,368 | ---- | C] () -- C:\Users\Daniel\Desktop\slush-vs-demuslim.zip
[2010/05/15 21:50:20 | 022,576,315 | ---- | C] () -- C:\Users\Daniel\Desktop\GC_Weekly_4.rar
[2010/05/15 17:02:13 | 274,200,570 | ---- | C] () -- C:\Users\Daniel\Desktop\[TL Subs] NalrA Oldboy Ep 7.avi
[2010/05/15 11:17:26 | 048,098,694 | ---- | C] () -- C:\Users\Daniel\Desktop\SotG - 5.11.10.mp3
[2010/05/12 06:27:58 | 000,017,946 | ---- | C] () -- C:\Users\Daniel\Documents\fashion in the 1970s.docx
[2010/05/12 05:42:50 | 000,010,701 | ---- | C] () -- C:\Users\Daniel\Desktop\70.docx
[2010/04/27 07:36:41 | 000,011,369 | ---- | C] () -- C:\Users\Daniel\Documents\preliminary.docx
[2010/04/21 20:15:24 | 000,011,334 | ---- | C] () -- C:\Users\Daniel\Documents\works cited.docx
[2010/04/19 21:02:07 | 000,017,835 | ---- | C] () -- C:\Users\Daniel\Documents\outline 35.docx
[2010/04/19 18:17:38 | 000,018,998 | ---- | C] () -- C:\Users\Daniel\Documents\Chapter 34 Outline.docx
[2010/04/04 19:47:03 | 000,019,628 | ---- | C] () -- C:\Users\Daniel\Documents\chapter 33 outline.docx
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/29 20:10:01 | 000,019,339 | ---- | C] () -- C:\Users\Daniel\Documents\chapter 32 outline.docx
[2010/03/29 00:18:55 | 000,019,313 | ---- | C] () -- C:\Users\Daniel\Documents\chapter 31 outline.docx
[2010/03/25 20:02:30 | 000,000,355 | ---- | C] () -- C:\Users\Daniel\Computer - Shortcut.lnk
[2010/03/22 22:02:50 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/03/22 22:02:49 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/03/22 22:02:49 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/03/22 22:01:11 | 000,033,084 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/03/22 22:01:08 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2010/03/15 05:13:36 | 000,020,582 | ---- | C] () -- C:\Users\Daniel\Documents\Chapter 30 DJ.docx
[2010/01/01 15:59:46 | 000,788,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/01 12:27:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/01/01 12:27:46 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/01/01 12:27:43 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/01/01 12:27:43 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/01/01 12:21:56 | 000,035,339 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/01/01 12:21:06 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/01/01 12:21:03 | 000,029,234 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/01/01 12:04:15 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/01/01 12:45:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\acccore
[2010/01/16 13:41:46 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bioshock
[2010/05/28 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bioshock2
[2010/04/17 11:26:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Braid
[2010/01/16 01:59:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2010/02/15 18:19:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Downloaded Installations
[2010/05/13 05:00:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2010/03/02 06:11:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\IrfanView
[2010/01/03 13:44:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\runic games
[2010/06/09 15:32:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent
[2010/05/24 22:02:19 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/01 13:30:41 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2008/04/11 11:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
[2008/04/11 11:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
[2008/04/11 11:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
[2008/04/11 11:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
[2008/04/11 11:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
[2008/04/11 11:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
[2008/04/11 11:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 11:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2008/04/11 11:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
[2008/04/11 11:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
[2008/04/11 11:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/01/01 11:44:48 | 000,203,316 | RHS- | M] () -- C:\grldr
[2010/06/09 15:57:36 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2008/04/11 11:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 09:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 09:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 09:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 09:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 09:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 09:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 11:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 09:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/01/01 12:45:23 | 000,000,698 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/06/09 15:57:39 | 4294,103,040 | -HS- | M] () -- C:\pagefile.sys
[2008/04/11 11:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2008/04/11 11:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
[2008/04/11 11:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI
[2010/01/01 11:45:02 | 000,000,003 | RHS- | M] () -- C:\win7ldr

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 20:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
< End of report >

OTL EXTRAS:

OTL Extras logfile created on: 6/9/2010 4:06:40 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Daniel\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 335.14 Gb Free Space | 71.97% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 86.24 Mb Free Space | 86.25% Space Free | Partition Type: NTFS
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MUDAFUKKAAA
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6245BC35-F4BE-1995-BB2E-7847D758504E}" = ATI Problem Report Wizard
"{6344718C-AE30-4C86-B5CD-459077A83623}" = Microsoft SQL Server Native Client
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps
"Garena" = Garena
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IrfanView" = IrfanView (remove only)
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"mv61xxDriver" = marvell 61xx
"PopTag" = PopTag!
"PROR" = Microsoft Office Professional 2007
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10" = Counter-Strike
"Steam App 18820" = Zero Gear
"Steam App 220" = Half-Life 2
"Steam App 26800" = Braid
"Steam App 34200" = Aliens vs Predator Demo
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/31/2010 9:18:17 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

Error - 1/31/2010 9:18:52 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

Error - 1/31/2010 9:18:52 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

Error - 1/31/2010 9:18:52 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

Error - 1/31/2010 9:18:52 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

Error - 1/31/2010 9:18:52 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

Error - 1/31/2010 9:18:52 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

Error - 1/31/2010 9:18:52 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

Error - 1/31/2010 9:18:53 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

Error - 1/31/2010 9:18:53 PM | Computer Name = MUDAFUKKAAA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.inf failed, 00000001.

[ Application Events ]
Error - 6/6/2010 1:30:16 AM | Computer Name = MUDAFUKKAAA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/7/2010 11:25:22 AM | Computer Name = MUDAFUKKAAA | Source = Application Error | ID = 1000
Description = Faulting application name: Cvp.exe, version: 0.0.0.0, time stamp:
0x422eef1b Faulting module name: Cvp.exe, version: 0.0.0.0, time stamp: 0x422eef1b
Exception
code: 0xc0000005 Fault offset: 0x00002bbc Faulting process id: 0x2f0 Faulting application
start time: 0x01cb0655a47b736c Faulting application path: C:\Users\Daniel\AppData\Local\Temp\Cvp.exe
Faulting
module path: C:\Users\Daniel\AppData\Local\Temp\Cvp.exe Report Id: e2c1a2f0-7248-11df-88d0-90e6bacdf737

Error - 6/8/2010 2:19:12 AM | Computer Name = MUDAFUKKAAA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/8/2010 2:36:45 AM | Computer Name = MUDAFUKKAAA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/9/2010 2:51:51 AM | Computer Name = MUDAFUKKAAA | Source = Application Error | ID = 1000
Description = Faulting application name: StarCraft.exe, version: 1.16.1.1, time
stamp: 0x496589ca Faulting module name: StarCraft.exe, version: 1.16.1.1, time stamp:
0x496589ca Exception code: 0xc0000005 Fault offset: 0x000ce1c4 Faulting process id:
0x1608 Faulting application start time: 0x01cb079f9ede931b Faulting application path:
C:\GAMES\Starcraft\Starcraft\StarCraft.exe Faulting module path: C:\GAMES\Starcraft\Starcraft\StarCraft.exe
Report
Id: 7ad0a1ea-7393-11df-a41b-90e6bacdf737

Error - 6/9/2010 11:06:49 AM | Computer Name = MUDAFUKKAAA | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Pando Media Booster' could not be shut down.

Error - 6/9/2010 11:06:49 AM | Computer Name = MUDAFUKKAAA | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'avast! service GUI component' could not be
shut down.

Error - 6/9/2010 2:07:07 PM | Computer Name = MUDAFUKKAAA | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/9/2010 4:55:52 PM | Computer Name = MUDAFUKKAAA | Source = Application Error | ID = 1000
Description = Faulting application name: lsm.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bce9c Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5be02b Exception code: 0xc0000005 Fault offset: 0x000000000001adaa Faulting
process id: 0x24c Faulting application start time: 0x01cb07ecdf39857e Faulting application
path: C:\Windows\system32\lsm.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 6330c692-7409-11df-abfb-90e6bacdf737

Error - 6/9/2010 4:55:52 PM | Computer Name = MUDAFUKKAAA | Source = Wininit | ID = 1015
Description = A critical system process, C:\Windows\system32\lsm.exe, failed with
status code 255. The machine must now be restarted.

[ System Events ]
Error - 6/5/2010 8:36:32 PM | Computer Name = MUDAFUKKAAA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/6/2010 9:34:35 PM | Computer Name = MUDAFUKKAAA | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Daniel\AppData\Local\Temp\UVJEADE.tmp has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 6/6/2010 9:34:35 PM | Computer Name = MUDAFUKKAAA | Source = Service Control Manager | ID = 7000
Description = The GarenaPEngine service failed to start due to the following error:
%%1275

Error - 6/7/2010 5:18:10 PM | Computer Name = MUDAFUKKAAA | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Daniel\AppData\Local\Temp\OPJDD84.tmp has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 6/7/2010 5:18:10 PM | Computer Name = MUDAFUKKAAA | Source = Service Control Manager | ID = 7000
Description = The GarenaPEngine service failed to start due to the following error:
%%1275

Error - 6/8/2010 1:15:55 PM | Computer Name = MUDAFUKKAAA | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Daniel\AppData\Local\Temp\CHAC0B3.tmp has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 6/8/2010 1:15:55 PM | Computer Name = MUDAFUKKAAA | Source = Service Control Manager | ID = 7000
Description = The GarenaPEngine service failed to start due to the following error:
%%1275

Error - 6/9/2010 12:56:29 PM | Computer Name = MUDAFUKKAAA | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Daniel\AppData\Local\Temp\OnlineScanner\Anti-Virus has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 6/9/2010 2:24:31 PM | Computer Name = MUDAFUKKAAA | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/9/2010 4:57:40 PM | Computer Name = MUDAFUKKAAA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:56:19 PM on ?6/?9/?2010 was unexpected.


< End of report >


That is all I think.. Thanks a million for any help!
  • 0

Advertisements

#2
RKinner
Posted 11 June 2010 - 05:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,732 posts
  • MVP
Our tools are limited when working with 64bit systems. I don't see any sign of the cvq.exe files tho. I can tell you that your Avast is out of date and needs to be updated ASAP.

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html

Ron
  • 0

#3
dannylittledude
Posted 17 June 2010 - 03:18 PM

dannylittledude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hmm I did both scans and both resulted in no malware found. I guess malwarebytes found it and deleted it at one point. I guess this one is solved then!

Thanks for the help!
  • 0

#4
RKinner
Posted 18 June 2010 - 10:35 AM

RKinner

    Malware Expert

  • Expert
  • 24,732 posts
  • MVP
We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...=...p;sk=t&sd=a
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

You can uninstall or delete any tools we had you download and their logs.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox



If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0

#5
dannylittledude
Posted 18 June 2010 - 12:31 PM

dannylittledude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Alright, I did all the things that you posted. I'll make sure to scan any files if I DL them now. Thanks for all the help
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP