[LukeMcD]

OK new virus on the machine I am typing on right now. I managed to find an image of it:



(here's a more elaborate review of the virus: http://reimagerepair...nder-exe-virus/

The way I stopped it was QUICKLY opening task manager after logging on and ending defender.exe (I HAD to be quick because when I try and load things it would close them instantly and say "...exe" is infected with worm blah blah same old bs).

My Microsoft Security Essentials scan found nothing, my Malwarebytes scan found nothing either.

Here's my OTL log in the second post. defender.exe is not seen there because I managed to close it because I couldn't open OTL without doing so. Please help because I have an ISP engineer coming tomorrow morning and they'll assume the problem with my internet is the virus (which I know it's not)!

I managed to locate the defender.exe and DELETE it after this otl scan but how can I be sure everything is gone?

Edited by LukeMcD, 22 May 2011 - 01:45 PM.

[Advertisements]

OTL logfile created on: 22/05/2011 20:26:31 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Luke\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.00% Memory free
4.84 Gb Paging File | 4.21 Gb Available in Paging File | 86.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 300.64 Gb Free Space | 64.55% Space Free | Partition Type: NTFS

Computer Name: LUKE-PC | User Name: Luke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 20:22:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
PRC - [2011/04/29 16:53:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\avtools\mbam.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 20:22:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 18:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/02 15:06:16 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/22 20:16:27 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FCD0E57-E1C9-4515-9791-213C545EEBA0}\MpKsl6c9a8c49.sys -- (MpKsl6c9a8c49)
DRV - [2011/04/18 12:10:56 | 000,812,448 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2011/04/18 12:10:56 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2010/11/21 21:10:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/22 13:39:54 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/02 14:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/06/17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 17:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/03/27 07:33:42 | 000,130,816 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/20 11:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/09/04 20:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/03/16 11:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 11:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/01/19 13:07:03 | 000,013,184 | ---- | M] (Xponaut) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpntwbd.sys -- (Xponaut_WBD) Xponaut WaveBridge Device (WDM)
DRV - [1999/04/09 16:17:32 | 000,021,840 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cxlpt.sys -- (CxLPT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53414

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "iUserbar new Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53414
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 16:53:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/26 17:55:07 | 000,000,000 | ---D | M]

[2010/02/15 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Extensions
[2010/02/15 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Extensions\[email protected]
[2011/05/15 08:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\extensions
[2011/03/24 08:14:33 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/10 15:56:55 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\extensions\[email protected]
[2011/02/26 12:11:05 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\searchplugins\torrentz-search.xml
[2011/03/27 09:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/05 20:55:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LUKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UFEH6P3V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LUKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UFEH6P3V.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2010/06/05 20:55:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/12/01 16:49:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/29 16:53:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/06/05 20:55:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/22 19:09:23 | 000,609,192 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[dialer.aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[tracking.cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[tracking.cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16078 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Malware Protection] C:\Documents and Settings\All Users\Application Data\defender.exe (TrendMicro)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Luke\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Luke\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/28 16:24:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e24826ed-0b92-11e0-9695-00241d544d3c}\Shell - "" = AutoRun
O33 - MountPoints2\{e24826ed-0b92-11e0-9695-00241d544d3c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e24826ed-0b92-11e0-9695-00241d544d3c}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 20:22:18 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
[2011/05/22 20:04:31 | 000,882,176 | ---- | C] (TrendMicro) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/05/22 18:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\bodybuilding ebooks etc
[2011/05/22 15:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\FitDay v2
[2011/05/21 17:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2011/05/21 17:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\KLUTCH
[2011/05/20 19:26:26 | 002,122,504 | ---- | C] (EasyAntiCheat Solutions) -- C:\Documents and Settings\Luke\My Documents\EasyAntiCheat.exe
[2011/05/14 15:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\coupons
[2011/05/11 06:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\Starting Strength
[2011/05/07 13:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/04/28 12:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Futuremark Shared
[2011/04/26 19:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\ESL Match Media
[2011/04/26 19:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\logs
[2011/04/26 19:42:35 | 000,812,448 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011/04/26 19:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESL Wire
[2011/04/26 19:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2011/04/26 19:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESL Wire
[2011/04/24 11:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/24 11:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/24 11:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/24 11:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/05 21:36:54 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 20:22:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
[2011/05/22 20:16:07 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/22 20:16:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 20:15:58 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 20:11:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 20:04:31 | 000,882,176 | ---- | M] (TrendMicro) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/05/22 19:16:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 19:26:43 | 002,122,504 | ---- | M] (EasyAntiCheat Solutions) -- C:\Documents and Settings\Luke\My Documents\EasyAntiCheat.exe
[2011/05/18 18:17:31 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Luke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/17 07:25:15 | 000,000,290 | RHS- | M] () -- C:\boot.ini
[2011/05/14 11:40:56 | 000,248,135 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\ss2.jpg
[2011/05/06 21:42:48 | 000,591,751 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\ss.jpg
[2011/05/01 15:35:27 | 000,006,028 | ---- | M] () -- C:\Documents and Settings\Luke\Application Data\764E.BAE
[2011/04/24 20:17:32 | 003,593,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/14 11:40:55 | 000,248,135 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\ss2.jpg
[2011/05/06 21:42:48 | 000,591,751 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\ss.jpg
[2011/05/01 15:05:51 | 000,006,028 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\764E.BAE
[2011/02/21 10:41:34 | 000,110,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/18 22:37:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/25 16:15:12 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/19 13:24:08 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/19 13:24:05 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/19 13:24:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/15 20:53:30 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\Adobe PNG Format CS5 Prefs
[2010/10/20 20:05:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/02 14:11:59 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/08/26 14:25:27 | 000,063,392 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/24 13:19:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/02 18:18:19 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\mtkjpeg.dll
[2010/06/29 12:27:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/05 15:21:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/05 15:21:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/03 18:25:23 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/06/02 21:54:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/06 16:46:52 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/04/13 09:57:01 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Uharc.exe
[2010/04/13 09:57:01 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2010/03/11 09:19:46 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/11 09:17:53 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/03/11 09:17:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/02/07 15:09:38 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
[2010/01/06 17:48:46 | 000,000,152 | ---- | C] () -- C:\WINDOWS\INpact_CSS_Hud_tweaker_1.19.INI
[2009/12/21 21:18:36 | 001,519,429 | ---- | C] () -- C:\WINDOWS\Registry Fix for CAL GUI Uninstaller.exe
[2009/12/21 16:44:04 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Luke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 12:25:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/29 22:30:48 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/29 22:30:48 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\PnkBstrK.sys
[2009/11/29 22:30:26 | 000,214,720 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/11/29 22:30:25 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/11/29 22:30:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/11/29 00:07:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/29 00:04:59 | 003,593,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/28 18:56:57 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/11/28 18:23:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/28 16:38:19 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/11/28 16:25:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 16:21:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/03 04:11:18 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/03 04:11:18 | 000,007,274 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2007/03/12 13:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 08:00:00 | 000,435,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 08:00:00 | 000,068,350 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/21 17:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2009/12/17 20:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/25 19:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/04/26 19:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESL Wire
[2011/02/26 22:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2010/08/29 11:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/03/23 23:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/12/11 22:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/04/07 17:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/25 17:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/04/26 18:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/03/31 20:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/12/25 16:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/31 16:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/07/24 13:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2009/12/11 22:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonoma Wire Works
[2010/10/10 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/19 14:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/05/21 16:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/07 13:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\.minecraft
[2010/07/25 17:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\AnvSoft
[2010/10/27 19:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Avnex
[2011/03/31 20:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/14 15:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\coupons
[2010/10/02 14:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\DonationCoder
[2010/05/15 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\eBookPro6
[2010/06/23 12:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Facebook
[2009/12/20 21:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\FileZilla
[2011/04/01 15:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\FrostWire
[2010/03/24 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\GetRightToGo
[2010/10/02 16:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\GrabPro
[2011/02/26 22:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Guitar Pro 6
[2010/06/11 17:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\GZero
[2010/01/30 17:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\id Software
[2011/05/21 17:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\KLUTCH
[2010/04/30 16:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Leadertech
[2011/03/20 09:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\ManyCam
[2011/05/22 19:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Mumble
[2011/02/09 22:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Notepad++
[2009/11/28 18:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\OpenOffice.org
[2010/10/02 16:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Orbit
[2010/02/25 17:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\PACE Anti-Piracy
[2010/03/11 09:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\pdf995
[2010/10/02 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\ProgSense
[2011/01/02 17:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Rainmeter
[2010/08/26 14:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Regensoft
[2011/02/18 12:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Research In Motion
[2010/05/28 15:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Screaming Bee
[2010/08/25 13:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\shockvoice
[2010/01/03 13:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Sytexis Software
[2011/05/07 13:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\TeamViewer
[2010/06/20 21:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\TS3Client
[2011/05/22 15:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\uTorrent
[2010/04/13 10:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\ViGlance
[2010/09/04 14:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\VOIPlay
[2010/12/26 13:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\WeGame
[2011/03/18 16:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Xilisoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

[LukeMcD]

OTL logfile created on: 22/05/2011 20:26:31 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Luke\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.00% Memory free
4.84 Gb Paging File | 4.21 Gb Available in Paging File | 86.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 300.64 Gb Free Space | 64.55% Space Free | Partition Type: NTFS

Computer Name: LUKE-PC | User Name: Luke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 20:22:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
PRC - [2011/04/29 16:53:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\avtools\mbam.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 20:22:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 18:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/02 15:06:16 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/22 20:16:27 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FCD0E57-E1C9-4515-9791-213C545EEBA0}\MpKsl6c9a8c49.sys -- (MpKsl6c9a8c49)
DRV - [2011/04/18 12:10:56 | 000,812,448 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2011/04/18 12:10:56 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2010/11/21 21:10:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/22 13:39:54 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/02 14:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/06/17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 17:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/03/27 07:33:42 | 000,130,816 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/20 11:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/09/04 20:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/03/16 11:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 11:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/01/19 13:07:03 | 000,013,184 | ---- | M] (Xponaut) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpntwbd.sys -- (Xponaut_WBD) Xponaut WaveBridge Device (WDM)
DRV - [1999/04/09 16:17:32 | 000,021,840 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cxlpt.sys -- (CxLPT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53414

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "iUserbar new Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53414
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 16:53:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/26 17:55:07 | 000,000,000 | ---D | M]

[2010/02/15 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Extensions
[2010/02/15 16:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Extensions\[email protected]
[2011/05/15 08:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\extensions
[2011/03/24 08:14:33 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/10 15:56:55 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\extensions\[email protected]
[2011/02/26 12:11:05 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\ufeh6p3v.default\searchplugins\torrentz-search.xml
[2011/03/27 09:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/05 20:55:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LUKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UFEH6P3V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LUKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UFEH6P3V.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2010/06/05 20:55:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/12/01 16:49:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/29 16:53:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/06/05 20:55:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/22 19:09:23 | 000,609,192 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[dialer.aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[tracking.cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[tracking.cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16078 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Malware Protection] C:\Documents and Settings\All Users\Application Data\defender.exe (TrendMicro)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Luke\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Luke\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/28 16:24:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e24826ed-0b92-11e0-9695-00241d544d3c}\Shell - "" = AutoRun
O33 - MountPoints2\{e24826ed-0b92-11e0-9695-00241d544d3c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e24826ed-0b92-11e0-9695-00241d544d3c}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 20:22:18 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
[2011/05/22 20:04:31 | 000,882,176 | ---- | C] (TrendMicro) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/05/22 18:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\bodybuilding ebooks etc
[2011/05/22 15:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\FitDay v2
[2011/05/21 17:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2011/05/21 17:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\KLUTCH
[2011/05/20 19:26:26 | 002,122,504 | ---- | C] (EasyAntiCheat Solutions) -- C:\Documents and Settings\Luke\My Documents\EasyAntiCheat.exe
[2011/05/14 15:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\Application Data\coupons
[2011/05/11 06:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\Starting Strength
[2011/05/07 13:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/04/28 12:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Futuremark Shared
[2011/04/26 19:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\ESL Match Media
[2011/04/26 19:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luke\My Documents\logs
[2011/04/26 19:42:35 | 000,812,448 | ---- | C] (<Turtle Entertainment>) -- C:\WINDOWS\System32\drivers\ESLWireACD.sys
[2011/04/26 19:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESL Wire
[2011/04/26 19:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2011/04/26 19:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESL Wire
[2011/04/24 11:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/24 11:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/24 11:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/24 11:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/05 21:36:54 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 20:22:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luke\Desktop\OTL.exe
[2011/05/22 20:16:07 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/22 20:16:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 20:15:58 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 20:11:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 20:04:31 | 000,882,176 | ---- | M] (TrendMicro) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/05/22 19:16:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 19:26:43 | 002,122,504 | ---- | M] (EasyAntiCheat Solutions) -- C:\Documents and Settings\Luke\My Documents\EasyAntiCheat.exe
[2011/05/18 18:17:31 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Luke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/17 07:25:15 | 000,000,290 | RHS- | M] () -- C:\boot.ini
[2011/05/14 11:40:56 | 000,248,135 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\ss2.jpg
[2011/05/06 21:42:48 | 000,591,751 | ---- | M] () -- C:\Documents and Settings\Luke\Desktop\ss.jpg
[2011/05/01 15:35:27 | 000,006,028 | ---- | M] () -- C:\Documents and Settings\Luke\Application Data\764E.BAE
[2011/04/24 20:17:32 | 003,593,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/14 11:40:55 | 000,248,135 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\ss2.jpg
[2011/05/06 21:42:48 | 000,591,751 | ---- | C] () -- C:\Documents and Settings\Luke\Desktop\ss.jpg
[2011/05/01 15:05:51 | 000,006,028 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\764E.BAE
[2011/02/21 10:41:34 | 000,110,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/18 22:37:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/25 16:15:12 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/19 13:24:08 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/19 13:24:05 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/19 13:24:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/15 20:53:30 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\Adobe PNG Format CS5 Prefs
[2010/10/20 20:05:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/02 14:11:59 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/08/26 14:25:27 | 000,063,392 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/24 13:19:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/02 18:18:19 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\mtkjpeg.dll
[2010/06/29 12:27:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/05 15:21:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/05 15:21:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/03 18:25:23 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/06/02 21:54:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/06 16:46:52 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/04/13 09:57:01 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Uharc.exe
[2010/04/13 09:57:01 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2010/03/11 09:19:46 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/11 09:17:53 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/03/11 09:17:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/02/07 15:09:38 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
[2010/01/06 17:48:46 | 000,000,152 | ---- | C] () -- C:\WINDOWS\INpact_CSS_Hud_tweaker_1.19.INI
[2009/12/21 21:18:36 | 001,519,429 | ---- | C] () -- C:\WINDOWS\Registry Fix for CAL GUI Uninstaller.exe
[2009/12/21 16:44:04 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Luke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 12:25:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/29 22:30:48 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/29 22:30:48 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Luke\Application Data\PnkBstrK.sys
[2009/11/29 22:30:26 | 000,214,720 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/11/29 22:30:25 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009/11/29 22:30:25 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/11/29 00:07:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/29 00:04:59 | 003,593,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/28 18:56:57 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/11/28 18:23:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/28 16:38:19 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/11/28 16:25:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 16:21:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/03 04:11:18 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/03 04:11:18 | 000,007,274 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2007/03/12 13:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 08:00:00 | 000,435,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 08:00:00 | 000,068,350 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/05/21 17:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caphyon
[2009/12/17 20:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/25 19:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/04/26 19:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESL Wire
[2011/02/26 22:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2010/08/29 11:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/03/23 23:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/12/11 22:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/04/07 17:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/25 17:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/04/26 18:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/03/31 20:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/12/25 16:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/31 16:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/07/24 13:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2009/12/11 22:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonoma Wire Works
[2010/10/10 22:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/19 14:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/05/21 16:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/07 13:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\.minecraft
[2010/07/25 17:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\AnvSoft
[2010/10/27 19:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Avnex
[2011/03/31 20:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/14 15:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\coupons
[2010/10/02 14:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\DonationCoder
[2010/05/15 17:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\eBookPro6
[2010/06/23 12:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Facebook
[2009/12/20 21:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\FileZilla
[2011/04/01 15:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\FrostWire
[2010/03/24 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\GetRightToGo
[2010/10/02 16:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\GrabPro
[2011/02/26 22:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Guitar Pro 6
[2010/06/11 17:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\GZero
[2010/01/30 17:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\id Software
[2011/05/21 17:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\KLUTCH
[2010/04/30 16:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Leadertech
[2011/03/20 09:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\ManyCam
[2011/05/22 19:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Mumble
[2011/02/09 22:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Notepad++
[2009/11/28 18:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\OpenOffice.org
[2010/10/02 16:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Orbit
[2010/02/25 17:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\PACE Anti-Piracy
[2010/03/11 09:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\pdf995
[2010/10/02 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\ProgSense
[2011/01/02 17:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Rainmeter
[2010/08/26 14:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Regensoft
[2011/02/18 12:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Research In Motion
[2010/05/28 15:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Screaming Bee
[2010/08/25 13:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\shockvoice
[2010/01/03 13:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Sytexis Software
[2011/05/07 13:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\TeamViewer
[2010/06/20 21:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\TS3Client
[2011/05/22 15:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\uTorrent
[2010/04/13 10:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\ViGlance
[2010/09/04 14:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\VOIPlay
[2010/12/26 13:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\WeGame
[2011/03/18 16:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luke\Application Data\Xilisoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >