Ahk7373

Hi Elise, I downloaded and installed Avast! It found 13 "infected files" 7 of which were mp3's on my external, one was mirc, and the other 5 are as follows. 3 of them were C:/System volume information\restore{1B141DC9-293A-48B1-A657-9A... specifically an exe, a sys, and a upx. 2 were Qoobox\Quarantine\CWINDOWS\SYSTEM32... exe.vir and sys.vir. I moved those to the avast! "chest". What should I do now? As always your help and advice is always appreciated. On a side question, I've been considering upgrading to a licensed version of MBAM, this does the same job Avast! does in terms of anti-spyware protection right?

Hello Elise, Sorry I've been m i a these past few days, but I've done the things you've asked. My external holds a hodgepodge of games, pictures, and video data, along with music. The computer has been running wonderfully. I haven't had that blue screen error ever since I ran combofix, and all my program functionality has been restored, along with no browser redirects. Here is the full scan you requested, I ran it on both my computer, and the external. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4281 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 7/5/2010 3:16:21 PM mbam-log-2010-07-05 (15-16-21).txt Scan type: Full scan (C:\|D:\|F:\|) Objects scanned: 195701 Time elapsed: 30 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\Documents and Settings\Salade Tossiez\Application Data\Ciusm\reyd.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1B141DC9-293A-48B1-A657-9A7098B34777}\RP2\A0002226.exe (Trojan.Zbot) -> Quarantined and deleted successfully. Here is the combofix log you've requested with the cfscript. ComboFix 10-07-01.02 - Salade Tossiez 07/05/2010 13:43:27.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.702 [GMT -7:00] Running from: c:\documents and settings\Salade Tossiez\Desktop\Hello2.exe Command switches used :: c:\documents and settings\Salade Tossiez\Desktop\CFScript.txt FILE :: "c:\windows\system32\drivers\wiiq.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\stu2.exe D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_dnni ((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 ))))))))))))))))))))))))))))))) . 2010-07-01 20:49 . 2010-07-01 20:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-06-27 01:30 . 2010-06-27 01:38 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\mIRC 2010-06-27 01:30 . 2010-06-27 01:30 -------- d-----w- c:\program files\mIRC 2010-06-22 06:10 . 2010-06-22 06:10 -------- d-----w- c:\documents and settings\Salade Tossiez\Incomplete 2010-06-22 06:09 . 2010-06-23 02:38 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\LimeWire 2010-06-22 06:09 . 2010-06-22 06:09 -------- d-----w- c:\program files\LimeWire 2010-06-20 23:32 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-06-20 23:32 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-06-20 23:31 . 2010-06-20 23:31 -------- d-----w- c:\program files\iPod 2010-06-20 23:31 . 2010-06-20 23:32 -------- d-----w- c:\program files\iTunes 2010-06-20 23:31 . 2010-06-20 23:31 -------- d-----w- c:\program files\QuickTime 2010-06-20 00:03 . 2010-06-20 23:33 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\Apple Computer 2010-06-20 00:02 . 2010-06-20 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-06-20 00:01 . 2010-06-20 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-06-20 00:01 . 2010-06-20 00:01 -------- d-----w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Apple 2010-06-20 00:01 . 2010-06-20 00:01 -------- d-----w- c:\program files\Apple Software Update 2010-06-20 00:01 . 2010-06-20 23:32 -------- dc----w- c:\windows\system32\DRVSTORE 2010-06-20 00:00 . 2010-06-20 00:00 -------- d-----w- c:\program files\Bonjour 2010-06-20 00:00 . 2010-06-20 23:31 -------- d-----w- c:\program files\Common Files\Apple 2010-06-20 00:00 . 2010-06-20 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-06-19 23:59 . 2010-06-20 00:03 -------- d-----w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Apple Computer 2010-06-16 03:01 . 2010-06-16 03:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-15 03:19 . 2010-06-15 03:19 -------- d-----w- c:\documents and settings\Salade Tossiez\NVDATA 2010-06-11 19:45 . 2010-06-11 19:45 2238 ----a-r- c:\documents and settings\Salade Tossiez\Application Data\Microsoft\Installer\{C6866249-495A-4ED7-AD69-99336B5E86E4}\_4ae13d6c.exe 2010-06-11 19:45 . 2010-06-11 19:45 2238 ----a-r- c:\documents and settings\Salade Tossiez\Application Data\Microsoft\Installer\{C6866249-495A-4ED7-AD69-99336B5E86E4}\_2cd672ae.exe 2010-06-11 19:43 . 2010-06-11 21:34 -------- d-----w- c:\program files\GUILTY GEAR XX ?RELOAD 2010-06-11 07:49 . 2010-06-11 07:49 -------- d-----w- c:\program files\Activision 2010-06-11 07:47 . 2010-06-11 07:47 -------- d-sh--w- c:\windows\ftpcache 2010-06-11 05:07 . 2010-06-11 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-06-08 01:11 . 2010-06-08 01:11 -------- d-----w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Criterion Games 2010-06-08 01:08 . 2010-06-08 01:08 -------- d-----w- C:\ProgramData 2010-06-08 01:08 . 2010-06-08 01:08 2752 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2010-06-08 01:07 . 2010-06-08 01:07 -------- d-----w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Downloaded Installations 2010-06-08 00:53 . 2010-06-08 00:53 -------- d-----w- c:\windows\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-01 23:30 . 2010-05-09 15:18 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\Detiuv 2010-07-01 22:49 . 2008-08-23 03:49 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-01 21:58 . 2008-08-23 03:49 1100 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-23 06:42 . 2008-08-23 03:49 2605008 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-06-20 00:42 . 2008-08-23 04:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-08 01:08 . 2010-06-08 00:54 -------- d-----w- c:\program files\Electronic Arts 2010-06-02 02:58 . 2010-06-02 02:58 -------- d-----w- c:\program files\Common Files\Java 2010-06-02 02:58 . 2010-06-02 02:58 503808 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77855811-n\msvcp71.dll 2010-06-02 02:58 . 2010-06-02 02:58 499712 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77855811-n\jmc.dll 2010-06-02 02:58 . 2010-06-02 02:58 348160 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77855811-n\msvcr71.dll 2010-06-02 02:57 . 2010-06-02 02:57 61440 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e64fb4c-n\decora-sse.dll 2010-06-02 02:57 . 2010-06-02 02:57 12800 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e64fb4c-n\decora-d3d.dll 2010-06-02 02:57 . 2010-06-02 02:57 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-02 02:57 . 2010-06-02 02:57 -------- d-----w- c:\program files\Java 2010-05-29 16:39 . 2010-05-29 16:39 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\.BitTornado 2010-05-29 16:37 . 2010-05-29 16:37 -------- d-----w- c:\program files\BitTornado 2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 23:35 . 2010-05-18 23:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-13 17:17 . 2010-05-13 17:17 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-11 23:45 . 2010-05-11 23:45 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-29 22:39 . 2008-10-25 19:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2008-10-25 19:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-25 04:23 . 2008-08-23 11:02 12328 ----a-w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-25 04:17 . 2010-04-25 04:17 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-04-16 18:00 . 2010-04-25 06:10 85504 ----a-w- c:\windows\system32\ff_vfw.dll . ((((((((((((((((((((((((((((( SnapShot@2010-07-01_23.42.33 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-05 20:48 . 2010-07-05 20:48 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat + 2001-08-23 12:00 . 2010-07-05 19:27 67560 c:\windows\system32\perfc009.dat - 2001-08-23 12:00 . 2010-07-01 23:39 67560 c:\windows\system32\perfc009.dat + 2001-08-23 12:00 . 2010-07-05 19:27 432856 c:\windows\system32\perfh009.dat - 2001-08-23 12:00 . 2010-07-01 23:39 432856 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-06 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "SkyTel"="SkyTel.EXE" [2007-06-15 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "VC5Player"="c:\program files\HHVcdV5Sys\VC5Play.exe" [2003-11-07 176128] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "Airlink101 Airlink101 WLAN Monitor"="c:\program files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe" [2007-12-01 1949696] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Salade Tossiez\\Desktop\\Rise of Nations\\rise.exe"= "c:\\Documents and Settings\\Salade Tossiez\\Desktop\\Rise of Nations\\nations.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"= "c:\\Program Files\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"= "c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"= "c:\\Program Files\\Activision\\Prototype\\prototypef.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [11/12/2003 8:26 AM 56064] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 1:07 PM 25832] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}] \Shell\AutoRun\command - F:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003Core.job - c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 19:08] 2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003UA.job - c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 19:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ FF - ProfilePath - c:\documents and settings\Salade Tossiez\Application Data\Mozilla\Firefox\Profiles\geuvnmnh.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-05 13:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vbev5mp] "ImagePath"="system32\DRIVERS\vbev5mp.sys" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\HHVcdV5Sys\VC5SecS.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe c:\program files\Virtual CD v5\System\VC5Tray.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-07-05 13:51:49 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-05 20:51 ComboFix2.txt 2010-07-01 23:45 Pre-Run: 374,634,893,312 bytes free Post-Run: 374,578,733,056 bytes free - - End Of File - - FA2AF3303E4E0219DFCADAD60D43924B Thank you for your time and effort, what comes next?

I read the link you attatched, and feel that my machine can still be used, since it's primarily a gaming and recreational machine. I downloaded combofix, and ran it, although a strange thing occurred. I was asked if I wished to update, and assuming that would be for the best, clicked yes. After, combofix would repeatedly error, and trying a reinstall, nothing changed. I redownloaded it, changing the save name to something random, and then everything worked fine. I have a quick question about my external hard drive, whenever I try to start the computer with the external attatched into the usb, I get the blue screen error I've mentioned before, is this a symptom of the virus on my machine, or does my external also have something on it? Here is the comobfix log. ComboFix 10-07-01.02 - Salade Tossiez 07/01/2010 16:35:48.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.784 [GMT -7:00] Running from: c:\documents and settings\Salade Tossiez\Desktop\Hello2.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\SALADE~1\LOCALS~1\Temp\install_flash_player.exe c:\documents and settings\Salade Tossiez\Application Data\Ciusm c:\documents and settings\Salade Tossiez\Application Data\Ciusm\reyd.exe c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Windows Server Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected Restored copy from - Kitty had a snack Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 ))))))))))))))))))))))))))))))) . 2010-07-01 20:49 . 2010-07-01 20:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-06-29 05:35 . 2004-08-04 07:56 24576 ----a-w- c:\windows\system32\stu2.exe 2010-06-27 01:30 . 2010-06-27 01:38 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\mIRC 2010-06-27 01:30 . 2010-06-27 01:30 -------- d-----w- c:\program files\mIRC 2010-06-22 06:10 . 2010-06-22 06:10 -------- d-----w- c:\documents and settings\Salade Tossiez\Incomplete 2010-06-22 06:09 . 2010-06-23 02:38 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\LimeWire 2010-06-22 06:09 . 2010-06-22 06:09 -------- d-----w- c:\program files\LimeWire 2010-06-20 23:32 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-06-20 23:32 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-06-20 23:31 . 2010-06-20 23:31 -------- d-----w- c:\program files\iPod 2010-06-20 23:31 . 2010-06-20 23:32 -------- d-----w- c:\program files\iTunes 2010-06-20 23:31 . 2010-06-20 23:31 -------- d-----w- c:\program files\QuickTime 2010-06-20 00:03 . 2010-06-20 23:33 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\Apple Computer 2010-06-20 00:02 . 2010-06-20 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-06-20 00:01 . 2010-06-20 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-06-20 00:01 . 2010-06-20 00:01 -------- d-----w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Apple 2010-06-20 00:01 . 2010-06-20 00:01 -------- d-----w- c:\program files\Apple Software Update 2010-06-20 00:01 . 2010-06-20 23:32 -------- dc----w- c:\windows\system32\DRVSTORE 2010-06-20 00:00 . 2010-06-20 00:00 -------- d-----w- c:\program files\Bonjour 2010-06-20 00:00 . 2010-06-20 23:31 -------- d-----w- c:\program files\Common Files\Apple 2010-06-20 00:00 . 2010-06-20 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-06-19 23:59 . 2010-06-20 00:03 -------- d-----w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Apple Computer 2010-06-16 03:01 . 2010-06-16 03:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-15 03:19 . 2010-06-15 03:19 -------- d-----w- c:\documents and settings\Salade Tossiez\NVDATA 2010-06-11 19:45 . 2010-06-11 19:45 2238 ----a-r- c:\documents and settings\Salade Tossiez\Application Data\Microsoft\Installer\{C6866249-495A-4ED7-AD69-99336B5E86E4}\_4ae13d6c.exe 2010-06-11 19:45 . 2010-06-11 19:45 2238 ----a-r- c:\documents and settings\Salade Tossiez\Application Data\Microsoft\Installer\{C6866249-495A-4ED7-AD69-99336B5E86E4}\_2cd672ae.exe 2010-06-11 19:43 . 2010-06-11 21:34 -------- d-----w- c:\program files\GUILTY GEAR XX ?RELOAD 2010-06-11 07:49 . 2010-06-11 07:49 -------- d-----w- c:\program files\Activision 2010-06-11 07:47 . 2010-06-11 07:47 -------- d-sh--w- c:\windows\ftpcache 2010-06-11 05:07 . 2010-06-11 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-06-08 01:11 . 2010-06-08 01:11 -------- d-----w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Criterion Games 2010-06-08 01:08 . 2010-06-08 01:08 -------- d-----w- C:\ProgramData 2010-06-08 01:08 . 2010-06-08 01:08 2752 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2010-06-08 01:07 . 2010-06-08 01:07 -------- d-----w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Downloaded Installations 2010-06-08 00:53 . 2010-06-08 00:53 -------- d-----w- c:\windows\Logs 2010-06-02 03:00 . 2010-06-30 21:27 -------- d-----w- c:\windows\Sun 2010-06-02 02:58 . 2010-06-02 02:58 -------- d-----w- c:\program files\Common Files\Java 2010-06-02 02:58 . 2010-06-02 02:58 503808 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77855811-n\msvcp71.dll 2010-06-02 02:58 . 2010-06-02 02:58 499712 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77855811-n\jmc.dll 2010-06-02 02:58 . 2010-06-02 02:58 348160 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-77855811-n\msvcr71.dll 2010-06-02 02:57 . 2010-06-02 02:57 61440 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e64fb4c-n\decora-sse.dll 2010-06-02 02:57 . 2010-06-02 02:57 12800 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e64fb4c-n\decora-d3d.dll 2010-06-02 02:57 . 2010-06-02 02:57 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-02 02:57 . 2010-06-02 02:57 -------- d-----w- c:\program files\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-01 23:30 . 2010-05-09 15:18 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\Detiuv 2010-07-01 22:49 . 2008-08-23 03:49 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-01 21:58 . 2008-08-23 03:49 1100 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-23 06:42 . 2008-08-23 03:49 2605008 ----a-w- c:\documents and settings\Salade Tossiez\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-06-20 00:42 . 2008-08-23 04:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-08 01:08 . 2010-06-08 00:54 -------- d-----w- c:\program files\Electronic Arts 2010-05-29 16:39 . 2010-05-29 16:39 -------- d-----w- c:\documents and settings\Salade Tossiez\Application Data\.BitTornado 2010-05-29 16:37 . 2010-05-29 16:37 -------- d-----w- c:\program files\BitTornado 2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 23:35 . 2010-05-18 23:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-13 17:17 . 2010-05-13 17:17 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-11 23:45 . 2010-05-11 23:45 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-06 08:41 . 2010-05-06 08:41 -------- d-----w- c:\program files\IrfanView 2010-05-06 07:51 . 2008-10-25 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 22:39 . 2008-10-25 19:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2008-10-25 19:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-25 04:23 . 2008-08-23 11:02 12328 ----a-w- c:\documents and settings\Salade Tossiez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-25 04:17 . 2010-04-25 04:17 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-04-16 18:00 . 2010-04-25 06:10 85504 ----a-w- c:\windows\system32\ff_vfw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-06 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "SkyTel"="SkyTel.EXE" [2007-06-15 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "VC5Player"="c:\program files\HHVcdV5Sys\VC5Play.exe" [2003-11-07 176128] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "Airlink101 Airlink101 WLAN Monitor"="c:\program files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe" [2007-12-01 1949696] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Salade Tossiez\\Desktop\\Rise of Nations\\rise.exe"= "c:\\Documents and Settings\\Salade Tossiez\\Desktop\\Rise of Nations\\nations.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"= "c:\\Program Files\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"= "c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "c:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"= "c:\\Program Files\\Activision\\Prototype\\prototypef.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [11/12/2003 8:26 AM 56064] S0 dnni;dnni;c:\windows\system32\drivers\wiiq.sys --> c:\windows\system32\drivers\wiiq.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 1:07 PM 25832] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}] \Shell\AutoRun\command - F:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003Core.job - c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 19:08] 2010-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003UA.job - c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 19:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ FF - ProfilePath - c:\documents and settings\Salade Tossiez\Application Data\Mozilla\Firefox\Profiles\geuvnmnh.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-{5D805279-9A56-0199-C9C6-DD9EADFB9238} - c:\documents and settings\Salade Tossiez\Application Data\Ciusm\reyd.exe Notify-AtiExtEvent - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-01 16:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vbev5mp] "ImagePath"="system32\DRIVERS\vbev5mp.sys" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\HHVcdV5Sys\VC5SecS.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\documents and settings\Salade Tossiez\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Virtual CD v5\System\VC5Tray.exe . ************************************************************************** . Completion time: 2010-07-01 16:45:16 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-01 23:45 Pre-Run: 375,057,596,416 bytes free Post-Run: 375,239,815,168 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 5E891270FB1DE07A7768E66C7AC6787D Thank you again for your advice and help.

I apologize for the repeated posts, my browser was repeatedly redirected every time I hit add reply, and I didn't realize my posts were still going through. On reviewing my posts I see that they've been cut off in the middle of OTL Extra log, so I'll just include the logs as attachments. Sorry again. gmer.txt OTL.Txt Extras.Txt

Hello and thank you for your prompt response! Essentially I have the remnants of a virus embedded in my system. Although I have done repeated scans with mbam, it often comes up clean, or only finds one or two malicious items. My web pages have pop pups, and I have google search redirects. Further my google chrome browser no longer functions, and I've noticed performance issues with my system. Also I get a blue screen upon start up when my external hard drive is plugged into the system (this has never happened before). This is the blue screen error message "PAGE_FAULT_IN_NONPAGED_AREA" Along with this stop code "0x00000050 (0X9FA0A1A2, 0X00000001, 0X851A99C4, 0X00000000). Here is my latest MBAM log file. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4262 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 6/30/2010 2:13:20 PM mbam-log-2010-06-30 (14-13-20).txt Scan type: Quick scan Objects scanned: 120688 Time elapsed: 6 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Salade Tossiez\Local Settings\Temporary Internet Files\Content.IE5\NO6R8KVF\317[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Here is the OTL log: OTL logfile created on: 6/30/2010 2:16:30 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Salade Tossiez\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 348.75 Gb Free Space | 74.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AHK Current User Name: Salade Tossiez Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/30 14:15:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Salade Tossiez\My Documents\Downloads\OTL.exe PRC - [2010/06/26 01:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/06/15 20:13:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2007/11/30 17:47:52 | 001,949,696 | ---- | M] (Airlink101) -- C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/11/07 08:43:28 | 000,176,128 | ---- | M] (H+H Software GmbH) -- C:\Program Files\HHVcdV5Sys\VC5Play.exe PRC - [2003/11/07 08:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) -- C:\Program Files\HHVcdV5Sys\VC5SecS.exe PRC - [2003/09/04 09:59:28 | 000,155,648 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v5\System\VC5Tray.exe ========== Modules (SafeList) ========== MOD - [2010/06/30 14:15:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Salade Tossiez\My Documents\Downloads\OTL.exe MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/12/15 13:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2003/11/07 08:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\HHVcdV5Sys\VC5SecS.exe -- (VC5SecS) ========== Driver Services (SafeList) ========== DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008/01/24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008/01/24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008/01/24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008/01/24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007/11/16 11:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2007/07/09 18:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2007/03/05 21:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007/03/05 21:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/12/27 20:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2003/11/12 08:26:50 | 000,056,064 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBEV5MP.sys -- (vbev5mp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 21:30:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 21:30:16 | 000,000,000 | ---D | M] [2008/08/23 06:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Salade Tossiez\Application Data\Mozilla\Extensions [2008/08/23 06:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Salade Tossiez\Application Data\Mozilla\Firefox\Profiles\geuvnmnh.default\extensions [2010/06/29 21:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe (Airlink101) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe (H+H Software GmbH) O4 - HKCU..\Run: [{5D805279-9A56-0199-C9C6-DD9EADFB9238}] C:\Documents and Settings\Salade Tossiez\Application Data\Ciusm\reyd.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/22 21:37:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/10/18 14:09:17 | 000,000,000 | R--D | M] - F:\Autorun -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:42:09 | 000,253,952 | R--- | M] (Firaxis Games) - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:42:09 | 000,004,118 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell - "" = AutoRun O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2005/10/14 23:42:09 | 000,253,952 | R--- | M] (Firaxis Games) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll) - C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/06/29 21:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/06/29 15:47:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010/06/28 23:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/06/28 23:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/28 22:38:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/06/28 22:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server [2010/06/28 22:35:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010/06/26 18:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC [2010/06/26 18:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\mIRC [2010/06/22 16:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\[Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264] [2010/06/21 23:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Incomplete [2010/06/21 23:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Incomplete [2010/06/21 23:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\LimeWire [2010/06/21 23:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire [2010/06/20 16:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\SHARED [2010/06/20 16:32:30 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2010/06/20 16:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/20 16:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/20 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/06/19 17:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\TABS [2010/06/19 17:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Apple Computer [2010/06/19 17:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/06/19 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010/06/19 17:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Apple [2010/06/19 17:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/06/19 17:01:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010/06/19 17:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/19 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/06/19 17:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/06/19 16:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Apple Computer [2010/06/18 01:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Real [2010/06/14 20:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\NVDATA [2010/06/11 12:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\GUILTY GEAR XX ?RELOAD [2010/06/11 01:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\My Documents\Prototype [2010/06/11 00:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Activision [2010/06/11 00:47:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2010/06/10 22:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/10 16:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Junk - Record of the Last Hero [2010/06/10 14:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Guilty Gear Collection [2010/06/09 22:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\roms [2010/06/08 04:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Prototype-Razor1911 FULL PC ISO MAXSPEED [2010/06/07 18:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Criterion Games [2010/06/07 18:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData [2010/06/07 18:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Downloaded Installations [2010/06/07 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010/06/07 17:54:13 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2010/06/07 17:54:13 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2010/06/07 17:54:13 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2010/06/07 17:54:12 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2010/06/07 17:54:12 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2010/06/07 17:54:12 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2010/06/07 17:54:12 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2010/06/07 17:54:11 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2010/06/07 17:54:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2010/06/07 17:54:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2010/06/07 17:54:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2010/06/07 17:54:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2010/06/07 17:54:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2010/06/07 17:54:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2010/06/07 17:54:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2010/06/07 17:54:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2010/06/07 17:54:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2010/06/07 17:54:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2010/06/07 17:54:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2010/06/07 17:54:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2010/06/07 17:54:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2010/06/07 17:54:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2010/06/07 17:54:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2010/06/07 17:54:06 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2010/06/07 17:54:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2010/06/07 17:54:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2010/06/07 17:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2010/06/07 15:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Burnout.Paradise.The.Ultimate.Box [2010/06/06 04:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\AnO [2010/06/05 14:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Battle Club [bYAAAH+case-DCP] [2010/06/05 14:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Phantom_Wizard_[Cireus] [2010/06/01 20:00:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010/06/01 19:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/06/01 19:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/06/01 19:57:51 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/01 19:57:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/01 19:57:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/01 19:57:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/01 19:57:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/01 19:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/01 19:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Sun [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/30 14:18:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003UA.job [2010/06/30 14:13:27 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vnem.sys [2010/06/30 14:10:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/30 10:54:14 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/30 10:54:14 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/30 10:54:13 | 000,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/30 10:50:29 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Salade Tossiez\NTUSER.DAT [2010/06/30 10:50:25 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{25AC91B9-90CD-488F-B45D-12C78446AA47} [2010/06/30 10:50:19 | 000,000,015 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{25AC91B9-90CD-488F-B45D-12C78446AA47} [2010/06/30 10:50:15 | 000,181,423 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/06/30 10:50:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/30 10:50:11 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2010/06/30 10:50:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/30 10:50:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/30 07:45:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Salade Tossiez\ntuser.ini [2010/06/30 07:45:23 | 003,772,886 | -H-- | M] () -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\IconCache.db [2010/06/29 21:30:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/29 20:18:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003Core.job [2010/06/29 15:35:22 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Google Chrome.lnk [2010/06/29 15:35:22 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/06/28 22:38:32 | 1072,971,776 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010/06/28 22:35:33 | 000,037,880 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe [2010/06/28 13:50:22 | 000,012,883 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153224v0] [Ryuumaru-Commie] Ikkitousen Xtreme Xecutor 01 - 12 [H264][480p].torrent [2010/06/28 13:10:16 | 000,058,506 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Silent Night Melody.pdf [2010/06/27 23:07:48 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/26 18:19:35 | 000,013,508 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153407v0] Mai-HiME.torrent [2010/06/25 11:30:03 | 000,007,690 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153402v0] Trigun Badlands Rumble.torrent [2010/06/22 16:03:48 | 000,014,342 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153345v1] [Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264].torrent [2010/06/21 23:09:42 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\LimeWire 4.14.10.lnk [2010/06/19 15:00:56 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Emulator.ini [2010/06/13 20:18:10 | 000,015,284 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153164v0] Fullmetal Alchemist.torrent [2010/06/11 02:18:57 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to prototypef.lnk [2010/06/10 21:44:12 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini [2010/06/07 18:10:41 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to BurnoutParadise.lnk [2010/06/07 18:08:05 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg [2010/06/07 18:03:03 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Burnout Paradise The Ultimate Box.lnk [2010/06/01 19:57:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/01 19:57:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/01 19:57:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/01 19:57:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/01 19:57:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/30 14:13:27 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vnem.sys [2010/06/29 21:30:18 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/29 15:35:22 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Google Chrome.lnk [2010/06/29 15:35:22 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/06/28 13:50:22 | 000,012,883 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153224v0] [Ryuumaru-Commie] Ikkitousen Xtreme Xecutor 01 - 12 [H264][480p].torrent [2010/06/28 13:10:16 | 000,058,506 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Silent Night Melody.pdf [2010/06/26 18:19:33 | 000,013,508 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153407v0] Mai-HiME.torrent [2010/06/25 11:30:03 | 000,007,690 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153402v0] Trigun Badlands Rumble.torrent [2010/06/22 16:03:48 | 000,014,342 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153345v1] [Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264].torrent [2010/06/21 23:09:42 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\LimeWire 4.14.10.lnk [2010/06/19 15:00:56 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Emulator.ini [2010/06/13 20:18:10 | 000,015,284 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153164v0] Fullmetal Alchemist.torrent [2010/06/11 01:03:49 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to prototypef.lnk [2010/06/07 18:10:41 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to BurnoutParadise.lnk [2010/06/07 18:08:05 | 000,002,752 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg [2010/06/07 18:03:03 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Burnout Paradise The Ultimate Box.lnk [2010/04/24 23:10:41 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/24 23:10:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/04/24 23:10:39 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/04/24 23:10:39 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/04/24 23:10:39 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/04/24 23:10:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/04/24 23:10:37 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010/04/24 21:00:58 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll [2010/04/24 21:00:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/09/07 15:46:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008/09/07 02:53:02 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll < End of report > Here is the EXTRA LOG OTL Extras logfile created on: 6/30/2010 2:16:30 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Salade Tossiez\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 348.75 Gb Free Space | 74.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AHK Current User Name: Salade Tossiez Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force) .url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) htmlfile [opennew] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) http [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) https [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) InternetShortcut [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\rise.exe" = C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.) "C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\nations.exe" = C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\nations.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games) "C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe" = C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled:Dragon Age Origins Character Creator -- (BioWare) "C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Character Creator Launcher -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare) "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype -- (Activision) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{7F878808-B462-4A82-B956-452595F8B29A}" = Virtual CD v5 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Suppor

Hello and thank you for your prompt response! Essentially I have the remnants of a virus embedded in my system. Although I have done repeated scans with mbam, it often comes up clean, or only finds one or two malicious items. My web pages have pop pups, and I have google search redirects. Further my google chrome browser no longer functions, and I've noticed performance issues with my system. Also I get a blue screen upon start up when my external hard drive is plugged into the system (this has never happened before). This is the blue screen error message "PAGE_FAULT_IN_NONPAGED_AREA" Along with this stop code "0x00000050 (0X9FA0A1A2, 0X00000001, 0X851A99C4, 0X00000000). Here is my latest MBAM log file. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4262 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 6/30/2010 2:13:20 PM mbam-log-2010-06-30 (14-13-20).txt Scan type: Quick scan Objects scanned: 120688 Time elapsed: 6 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Salade Tossiez\Local Settings\Temporary Internet Files\Content.IE5\NO6R8KVF\317[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Here is the OTL log: OTL logfile created on: 6/30/2010 2:16:30 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Salade Tossiez\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 348.75 Gb Free Space | 74.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AHK Current User Name: Salade Tossiez Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/30 14:15:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Salade Tossiez\My Documents\Downloads\OTL.exe PRC - [2010/06/26 01:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/06/15 20:13:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2007/11/30 17:47:52 | 001,949,696 | ---- | M] (Airlink101) -- C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/11/07 08:43:28 | 000,176,128 | ---- | M] (H+H Software GmbH) -- C:\Program Files\HHVcdV5Sys\VC5Play.exe PRC - [2003/11/07 08:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) -- C:\Program Files\HHVcdV5Sys\VC5SecS.exe PRC - [2003/09/04 09:59:28 | 000,155,648 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v5\System\VC5Tray.exe ========== Modules (SafeList) ========== MOD - [2010/06/30 14:15:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Salade Tossiez\My Documents\Downloads\OTL.exe MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/12/15 13:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2003/11/07 08:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\HHVcdV5Sys\VC5SecS.exe -- (VC5SecS) ========== Driver Services (SafeList) ========== DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008/01/24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008/01/24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008/01/24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008/01/24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007/11/16 11:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2007/07/09 18:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2007/03/05 21:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007/03/05 21:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/12/27 20:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2003/11/12 08:26:50 | 000,056,064 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBEV5MP.sys -- (vbev5mp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 21:30:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 21:30:16 | 000,000,000 | ---D | M] [2008/08/23 06:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Salade Tossiez\Application Data\Mozilla\Extensions [2008/08/23 06:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Salade Tossiez\Application Data\Mozilla\Firefox\Profiles\geuvnmnh.default\extensions [2010/06/29 21:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe (Airlink101) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe (H+H Software GmbH) O4 - HKCU..\Run: [{5D805279-9A56-0199-C9C6-DD9EADFB9238}] C:\Documents and Settings\Salade Tossiez\Application Data\Ciusm\reyd.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/22 21:37:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/10/18 14:09:17 | 000,000,000 | R--D | M] - F:\Autorun -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:42:09 | 000,253,952 | R--- | M] (Firaxis Games) - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:42:09 | 000,004,118 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell - "" = AutoRun O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2005/10/14 23:42:09 | 000,253,952 | R--- | M] (Firaxis Games) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll) - C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/06/29 21:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/06/29 15:47:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010/06/28 23:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/06/28 23:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/28 22:38:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/06/28 22:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server [2010/06/28 22:35:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010/06/26 18:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC [2010/06/26 18:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\mIRC [2010/06/22 16:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\[Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264] [2010/06/21 23:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Incomplete [2010/06/21 23:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Incomplete [2010/06/21 23:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\LimeWire [2010/06/21 23:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire [2010/06/20 16:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\SHARED [2010/06/20 16:32:30 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2010/06/20 16:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/20 16:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/20 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/06/19 17:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\TABS [2010/06/19 17:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Apple Computer [2010/06/19 17:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/06/19 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010/06/19 17:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Apple [2010/06/19 17:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/06/19 17:01:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010/06/19 17:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/19 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/06/19 17:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/06/19 16:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Apple Computer [2010/06/18 01:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Real [2010/06/14 20:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\NVDATA [2010/06/11 12:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\GUILTY GEAR XX ?RELOAD [2010/06/11 01:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\My Documents\Prototype [2010/06/11 00:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Activision [2010/06/11 00:47:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2010/06/10 22:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/10 16:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Junk - Record of the Last Hero [2010/06/10 14:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Guilty Gear Collection [2010/06/09 22:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\roms [2010/06/08 04:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Prototype-Razor1911 FULL PC ISO MAXSPEED [2010/06/07 18:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Criterion Games [2010/06/07 18:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData [2010/06/07 18:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Downloaded Installations [2010/06/07 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010/06/07 17:54:13 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2010/06/07 17:54:13 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2010/06/07 17:54:13 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2010/06/07 17:54:12 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2010/06/07 17:54:12 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2010/06/07 17:54:12 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2010/06/07 17:54:12 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2010/06/07 17:54:11 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2010/06/07 17:54:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2010/06/07 17:54:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2010/06/07 17:54:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2010/06/07 17:54:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2010/06/07 17:54:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2010/06/07 17:54:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2010/06/07 17:54:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2010/06/07 17:54:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2010/06/07 17:54:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2010/06/07 17:54:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2010/06/07 17:54:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2010/06/07 17:54:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2010/06/07 17:54:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2010/06/07 17:54:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2010/06/07 17:54:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2010/06/07 17:54:06 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2010/06/07 17:54:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2010/06/07 17:54:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2010/06/07 17:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2010/06/07 15:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Burnout.Paradise.The.Ultimate.Box [2010/06/06 04:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\AnO [2010/06/05 14:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Battle Club [bYAAAH+case-DCP] [2010/06/05 14:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Phantom_Wizard_[Cireus] [2010/06/01 20:00:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010/06/01 19:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/06/01 19:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/06/01 19:57:51 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/01 19:57:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/01 19:57:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/01 19:57:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/01 19:57:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/01 19:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/01 19:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Sun [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/30 14:18:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003UA.job [2010/06/30 14:13:27 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vnem.sys [2010/06/30 14:10:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/30 10:54:14 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/30 10:54:14 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/30 10:54:13 | 000,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/30 10:50:29 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Salade Tossiez\NTUSER.DAT [2010/06/30 10:50:25 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{25AC91B9-90CD-488F-B45D-12C78446AA47} [2010/06/30 10:50:19 | 000,000,015 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{25AC91B9-90CD-488F-B45D-12C78446AA47} [2010/06/30 10:50:15 | 000,181,423 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/06/30 10:50:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/30 10:50:11 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2010/06/30 10:50:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/30 10:50:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/30 07:45:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Salade Tossiez\ntuser.ini [2010/06/30 07:45:23 | 003,772,886 | -H-- | M] () -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\IconCache.db [2010/06/29 21:30:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/29 20:18:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003Core.job [2010/06/29 15:35:22 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Google Chrome.lnk [2010/06/29 15:35:22 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/06/28 22:38:32 | 1072,971,776 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010/06/28 22:35:33 | 000,037,880 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe [2010/06/28 13:50:22 | 000,012,883 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153224v0] [Ryuumaru-Commie] Ikkitousen Xtreme Xecutor 01 - 12 [H264][480p].torrent [2010/06/28 13:10:16 | 000,058,506 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Silent Night Melody.pdf [2010/06/27 23:07:48 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/26 18:19:35 | 000,013,508 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153407v0] Mai-HiME.torrent [2010/06/25 11:30:03 | 000,007,690 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153402v0] Trigun Badlands Rumble.torrent [2010/06/22 16:03:48 | 000,014,342 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153345v1] [Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264].torrent [2010/06/21 23:09:42 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\LimeWire 4.14.10.lnk [2010/06/19 15:00:56 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Emulator.ini [2010/06/13 20:18:10 | 000,015,284 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153164v0] Fullmetal Alchemist.torrent [2010/06/11 02:18:57 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to prototypef.lnk [2010/06/10 21:44:12 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini [2010/06/07 18:10:41 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to BurnoutParadise.lnk [2010/06/07 18:08:05 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg [2010/06/07 18:03:03 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Burnout Paradise The Ultimate Box.lnk [2010/06/01 19:57:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/01 19:57:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/01 19:57:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/01 19:57:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/01 19:57:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/30 14:13:27 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vnem.sys [2010/06/29 21:30:18 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/29 15:35:22 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Google Chrome.lnk [2010/06/29 15:35:22 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/06/28 13:50:22 | 000,012,883 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153224v0] [Ryuumaru-Commie] Ikkitousen Xtreme Xecutor 01 - 12 [H264][480p].torrent [2010/06/28 13:10:16 | 000,058,506 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Silent Night Melody.pdf [2010/06/26 18:19:33 | 000,013,508 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153407v0] Mai-HiME.torrent [2010/06/25 11:30:03 | 000,007,690 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153402v0] Trigun Badlands Rumble.torrent [2010/06/22 16:03:48 | 000,014,342 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153345v1] [Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264].torrent [2010/06/21 23:09:42 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\LimeWire 4.14.10.lnk [2010/06/19 15:00:56 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Emulator.ini [2010/06/13 20:18:10 | 000,015,284 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153164v0] Fullmetal Alchemist.torrent [2010/06/11 01:03:49 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to prototypef.lnk [2010/06/07 18:10:41 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to BurnoutParadise.lnk [2010/06/07 18:08:05 | 000,002,752 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg [2010/06/07 18:03:03 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Burnout Paradise The Ultimate Box.lnk [2010/04/24 23:10:41 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/24 23:10:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/04/24 23:10:39 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/04/24 23:10:39 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/04/24 23:10:39 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/04/24 23:10:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/04/24 23:10:37 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010/04/24 21:00:58 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll [2010/04/24 21:00:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/09/07 15:46:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008/09/07 02:53:02 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll < End of report > Here is the EXTRA LOG OTL Extras logfile created on: 6/30/2010 2:16:30 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Salade Tossiez\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 348.75 Gb Free Space | 74.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AHK Current User Name: Salade Tossiez Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force) .url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) htmlfile [opennew] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) http [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) https [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) InternetShortcut [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\rise.exe" = C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.) "C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\nations.exe" = C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\nations.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games) "C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe" = C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled:Dragon Age Origins Character Creator -- (BioWare) "C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Character Creator Launcher -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare) "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype -- (Activision) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{7F878808-B462-4A82-B956-452595F8B29A}" = Virtual CD v5 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89F4137D-6C

Hello and thank you for your prompt response! Essentially I have the remnants of a virus embedded in my system. Although I have done repeated scans with mbam, it often comes up clean, or only finds one or two malicious items. My web pages have pop pups, and I have google search redirects. Further my google chrome browser no longer functions, and I've noticed performance issues with my system. Also I get a blue screen upon start up when my external hard drive is plugged into the system (this has never happened before). This is the blue screen error message "PAGE_FAULT_IN_NONPAGED_AREA" Along with this stop code "0x00000050 (0X9FA0A1A2, 0X00000001, 0X851A99C4, 0X00000000). Here is my latest MBAM log file. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4262 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 6/30/2010 2:13:20 PM mbam-log-2010-06-30 (14-13-20).txt Scan type: Quick scan Objects scanned: 120688 Time elapsed: 6 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Salade Tossiez\Local Settings\Temporary Internet Files\Content.IE5\NO6R8KVF\317[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Here is the OTL log: OTL logfile created on: 6/30/2010 2:16:30 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Salade Tossiez\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 348.75 Gb Free Space | 74.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AHK Current User Name: Salade Tossiez Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/30 14:15:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Salade Tossiez\My Documents\Downloads\OTL.exe PRC - [2010/06/26 01:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/06/15 20:13:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2007/11/30 17:47:52 | 001,949,696 | ---- | M] (Airlink101) -- C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/11/07 08:43:28 | 000,176,128 | ---- | M] (H+H Software GmbH) -- C:\Program Files\HHVcdV5Sys\VC5Play.exe PRC - [2003/11/07 08:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) -- C:\Program Files\HHVcdV5Sys\VC5SecS.exe PRC - [2003/09/04 09:59:28 | 000,155,648 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v5\System\VC5Tray.exe ========== Modules (SafeList) ========== MOD - [2010/06/30 14:15:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Salade Tossiez\My Documents\Downloads\OTL.exe MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/12/15 13:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2003/11/07 08:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\HHVcdV5Sys\VC5SecS.exe -- (VC5SecS) ========== Driver Services (SafeList) ========== DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008/01/24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008/01/24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008/01/24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008/01/24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007/11/16 11:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2007/07/09 18:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2007/03/05 21:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007/03/05 21:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/12/27 20:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2003/11/12 08:26:50 | 000,056,064 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBEV5MP.sys -- (vbev5mp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 21:30:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 21:30:16 | 000,000,000 | ---D | M] [2008/08/23 06:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Salade Tossiez\Application Data\Mozilla\Extensions [2008/08/23 06:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Salade Tossiez\Application Data\Mozilla\Firefox\Profiles\geuvnmnh.default\extensions [2010/06/29 21:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe (Airlink101) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe (H+H Software GmbH) O4 - HKCU..\Run: [{5D805279-9A56-0199-C9C6-DD9EADFB9238}] C:\Documents and Settings\Salade Tossiez\Application Data\Ciusm\reyd.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/22 21:37:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/10/18 14:09:17 | 000,000,000 | R--D | M] - F:\Autorun -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:42:09 | 000,253,952 | R--- | M] (Firaxis Games) - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:42:09 | 000,004,118 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell - "" = AutoRun O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2005/10/14 23:42:09 | 000,253,952 | R--- | M] (Firaxis Games) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll) - C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/06/29 21:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/06/29 15:47:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010/06/28 23:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/06/28 23:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/28 22:38:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/06/28 22:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server [2010/06/28 22:35:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010/06/26 18:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC [2010/06/26 18:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\mIRC [2010/06/22 16:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\[Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264] [2010/06/21 23:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Incomplete [2010/06/21 23:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Incomplete [2010/06/21 23:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\LimeWire [2010/06/21 23:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire [2010/06/20 16:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\SHARED [2010/06/20 16:32:30 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2010/06/20 16:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/20 16:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/20 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/06/19 17:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\TABS [2010/06/19 17:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Apple Computer [2010/06/19 17:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/06/19 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010/06/19 17:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Apple [2010/06/19 17:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/06/19 17:01:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010/06/19 17:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/19 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/06/19 17:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/06/19 16:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Apple Computer [2010/06/18 01:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Real [2010/06/14 20:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\NVDATA [2010/06/11 12:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\GUILTY GEAR XX ?RELOAD [2010/06/11 01:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\My Documents\Prototype [2010/06/11 00:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Activision [2010/06/11 00:47:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2010/06/10 22:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/10 16:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Junk - Record of the Last Hero [2010/06/10 14:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Guilty Gear Collection [2010/06/09 22:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\roms [2010/06/08 04:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Prototype-Razor1911 FULL PC ISO MAXSPEED [2010/06/07 18:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Criterion Games [2010/06/07 18:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData [2010/06/07 18:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Downloaded Installations [2010/06/07 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010/06/07 17:54:13 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2010/06/07 17:54:13 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2010/06/07 17:54:13 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2010/06/07 17:54:12 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2010/06/07 17:54:12 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2010/06/07 17:54:12 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2010/06/07 17:54:12 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2010/06/07 17:54:11 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2010/06/07 17:54:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2010/06/07 17:54:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2010/06/07 17:54:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2010/06/07 17:54:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2010/06/07 17:54:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2010/06/07 17:54:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2010/06/07 17:54:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2010/06/07 17:54:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2010/06/07 17:54:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2010/06/07 17:54:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2010/06/07 17:54:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2010/06/07 17:54:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2010/06/07 17:54:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2010/06/07 17:54:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2010/06/07 17:54:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2010/06/07 17:54:06 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2010/06/07 17:54:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2010/06/07 17:54:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2010/06/07 17:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2010/06/07 15:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Burnout.Paradise.The.Ultimate.Box [2010/06/06 04:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\AnO [2010/06/05 14:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Battle Club [bYAAAH+case-DCP] [2010/06/05 14:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Phantom_Wizard_[Cireus] [2010/06/01 20:00:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010/06/01 19:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/06/01 19:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/06/01 19:57:51 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/01 19:57:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/01 19:57:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/01 19:57:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/01 19:57:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/01 19:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/01 19:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Sun [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/30 14:18:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003UA.job [2010/06/30 14:13:27 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vnem.sys [2010/06/30 14:10:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/30 10:54:14 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/30 10:54:14 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/30 10:54:13 | 000,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/30 10:50:29 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Salade Tossiez\NTUSER.DAT [2010/06/30 10:50:25 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{25AC91B9-90CD-488F-B45D-12C78446AA47} [2010/06/30 10:50:19 | 000,000,015 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{25AC91B9-90CD-488F-B45D-12C78446AA47} [2010/06/30 10:50:15 | 000,181,423 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/06/30 10:50:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/30 10:50:11 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2010/06/30 10:50:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/30 10:50:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/30 07:45:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Salade Tossiez\ntuser.ini [2010/06/30 07:45:23 | 003,772,886 | -H-- | M] () -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\IconCache.db [2010/06/29 21:30:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/29 20:18:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003Core.job [2010/06/29 15:35:22 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Google Chrome.lnk [2010/06/29 15:35:22 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/06/28 22:38:32 | 1072,971,776 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010/06/28 22:35:33 | 000,037,880 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe [2010/06/28 13:50:22 | 000,012,883 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153224v0] [Ryuumaru-Commie] Ikkitousen Xtreme Xecutor 01 - 12 [H264][480p].torrent [2010/06/28 13:10:16 | 000,058,506 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Silent Night Melody.pdf [2010/06/27 23:07:48 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/26 18:19:35 | 000,013,508 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153407v0] Mai-HiME.torrent [2010/06/25 11:30:03 | 000,007,690 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153402v0] Trigun Badlands Rumble.torrent [2010/06/22 16:03:48 | 000,014,342 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153345v1] [Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264].torrent [2010/06/21 23:09:42 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\LimeWire 4.14.10.lnk [2010/06/19 15:00:56 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Emulator.ini [2010/06/13 20:18:10 | 000,015,284 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153164v0] Fullmetal Alchemist.torrent [2010/06/11 02:18:57 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to prototypef.lnk [2010/06/10 21:44:12 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini [2010/06/07 18:10:41 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to BurnoutParadise.lnk [2010/06/07 18:08:05 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg [2010/06/07 18:03:03 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Burnout Paradise The Ultimate Box.lnk [2010/06/01 19:57:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/01 19:57:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/01 19:57:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/01 19:57:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/01 19:57:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/30 14:13:27 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vnem.sys [2010/06/29 21:30:18 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/29 15:35:22 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Google Chrome.lnk [2010/06/29 15:35:22 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/06/28 13:50:22 | 000,012,883 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153224v0] [Ryuumaru-Commie] Ikkitousen Xtreme Xecutor 01 - 12 [H264][480p].torrent [2010/06/28 13:10:16 | 000,058,506 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Silent Night Melody.pdf [2010/06/26 18:19:33 | 000,013,508 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153407v0] Mai-HiME.torrent [2010/06/25 11:30:03 | 000,007,690 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153402v0] Trigun Badlands Rumble.torrent [2010/06/22 16:03:48 | 000,014,342 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153345v1] [Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264].torrent [2010/06/21 23:09:42 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\LimeWire 4.14.10.lnk [2010/06/19 15:00:56 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Emulator.ini [2010/06/13 20:18:10 | 000,015,284 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153164v0] Fullmetal Alchemist.torrent [2010/06/11 01:03:49 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to prototypef.lnk [2010/06/07 18:10:41 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to BurnoutParadise.lnk [2010/06/07 18:08:05 | 000,002,752 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg [2010/06/07 18:03:03 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Burnout Paradise The Ultimate Box.lnk [2010/04/24 23:10:41 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/24 23:10:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/04/24 23:10:39 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/04/24 23:10:39 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/04/24 23:10:39 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/04/24 23:10:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/04/24 23:10:37 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010/04/24 21:00:58 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll [2010/04/24 21:00:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/09/07 15:46:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008/09/07 02:53:02 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll < End of report > Here is the EXTRA LOG OTL Extras logfile created on: 6/30/2010 2:16:30 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Salade Tossiez\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 348.75 Gb Free Space | 74.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AHK Current User Name: Salade Tossiez Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force) .url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) htmlfile [opennew] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) http [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) https [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) InternetShortcut [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\rise.exe" = C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.) "C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\nations.exe" = C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\nations.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games) "C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe" = C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled:Dragon Age Origins Character Creator -- (BioWare) "C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Character Creator Launcher -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare) "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype -- (Activision) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{7F878808-B462-4A82-B956-452595F8B29A}" = Virtual CD v5 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

Hello and thank you for your prompt response! Essentially I have the remnants of a virus embedded in my system. Although I have done repeated scans with mbam, it often comes up clean, or only finds one or two malicious items. My web pages have pop pups, and I have google search redirects. Further my google chrome browser no longer functions, and I've noticed performance issues with my system. Also I get a blue screen upon start up when my external hard drive is plugged into the system (this has never happened before). This is the blue screen error message "PAGE_FAULT_IN_NONPAGED_AREA" Along with this stop code "0x00000050 (0X9FA0A1A2, 0X00000001, 0X851A99C4, 0X00000000). Here is my latest MBAM log file. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4262 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 6/30/2010 2:13:20 PM mbam-log-2010-06-30 (14-13-20).txt Scan type: Quick scan Objects scanned: 120688 Time elapsed: 6 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Salade Tossiez\Local Settings\Temporary Internet Files\Content.IE5\NO6R8KVF\317[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Here is the OTL log: OTL logfile created on: 6/30/2010 2:16:30 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Salade Tossiez\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 348.75 Gb Free Space | 74.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AHK Current User Name: Salade Tossiez Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/30 14:15:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Salade Tossiez\My Documents\Downloads\OTL.exe PRC - [2010/06/26 01:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/06/15 20:13:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2007/11/30 17:47:52 | 001,949,696 | ---- | M] (Airlink101) -- C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/11/07 08:43:28 | 000,176,128 | ---- | M] (H+H Software GmbH) -- C:\Program Files\HHVcdV5Sys\VC5Play.exe PRC - [2003/11/07 08:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) -- C:\Program Files\HHVcdV5Sys\VC5SecS.exe PRC - [2003/09/04 09:59:28 | 000,155,648 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v5\System\VC5Tray.exe ========== Modules (SafeList) ========== MOD - [2010/06/30 14:15:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Salade Tossiez\My Documents\Downloads\OTL.exe MOD - [2004/08/04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/12/15 13:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2003/11/07 08:29:06 | 000,147,456 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\HHVcdV5Sys\VC5SecS.exe -- (VC5SecS) ========== Driver Services (SafeList) ========== DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008/01/24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008/01/24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008/01/24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008/01/24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007/11/16 11:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2007/07/09 18:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2007/03/05 21:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007/03/05 21:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/12/27 20:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2003/11/12 08:26:50 | 000,056,064 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBEV5MP.sys -- (vbev5mp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 21:30:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 21:30:16 | 000,000,000 | ---D | M] [2008/08/23 06:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Salade Tossiez\Application Data\Mozilla\Extensions [2008/08/23 06:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Salade Tossiez\Application Data\Mozilla\Firefox\Profiles\geuvnmnh.default\extensions [2010/06/29 21:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe (Airlink101) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe (H+H Software GmbH) O4 - HKCU..\Run: [{5D805279-9A56-0199-C9C6-DD9EADFB9238}] C:\Documents and Settings\Salade Tossiez\Application Data\Ciusm\reyd.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/22 21:37:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/10/18 14:09:17 | 000,000,000 | R--D | M] - F:\Autorun -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:42:09 | 000,253,952 | R--- | M] (Firaxis Games) - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2005/10/14 23:42:09 | 000,004,118 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell - "" = AutoRun O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f46b6755-7cc6-11dd-9ec1-001e90dffd88}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2005/10/14 23:42:09 | 000,253,952 | R--- | M] (Firaxis Games) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll) - C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\jxdxaa.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/06/29 21:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/06/29 15:47:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010/06/28 23:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/06/28 23:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/28 22:38:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/06/28 22:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server [2010/06/28 22:35:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe [2010/06/26 18:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC [2010/06/26 18:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\mIRC [2010/06/22 16:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\[Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264] [2010/06/21 23:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Incomplete [2010/06/21 23:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Incomplete [2010/06/21 23:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\LimeWire [2010/06/21 23:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire [2010/06/20 16:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\SHARED [2010/06/20 16:32:30 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2010/06/20 16:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/20 16:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/20 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/06/19 17:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\TABS [2010/06/19 17:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Apple Computer [2010/06/19 17:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/06/19 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010/06/19 17:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Apple [2010/06/19 17:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/06/19 17:01:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010/06/19 17:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/19 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/06/19 17:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/06/19 16:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Apple Computer [2010/06/18 01:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Real [2010/06/14 20:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\NVDATA [2010/06/11 12:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\GUILTY GEAR XX ?RELOAD [2010/06/11 01:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\My Documents\Prototype [2010/06/11 00:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Activision [2010/06/11 00:47:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2010/06/10 22:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/10 16:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Junk - Record of the Last Hero [2010/06/10 14:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Guilty Gear Collection [2010/06/09 22:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\roms [2010/06/08 04:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Prototype-Razor1911 FULL PC ISO MAXSPEED [2010/06/07 18:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Criterion Games [2010/06/07 18:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData [2010/06/07 18:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Downloaded Installations [2010/06/07 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010/06/07 17:54:13 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2010/06/07 17:54:13 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2010/06/07 17:54:13 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2010/06/07 17:54:12 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2010/06/07 17:54:12 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2010/06/07 17:54:12 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2010/06/07 17:54:12 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2010/06/07 17:54:11 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2010/06/07 17:54:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2010/06/07 17:54:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2010/06/07 17:54:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2010/06/07 17:54:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2010/06/07 17:54:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2010/06/07 17:54:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2010/06/07 17:54:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2010/06/07 17:54:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2010/06/07 17:54:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2010/06/07 17:54:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2010/06/07 17:54:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2010/06/07 17:54:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2010/06/07 17:54:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2010/06/07 17:54:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2010/06/07 17:54:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2010/06/07 17:54:06 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2010/06/07 17:54:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2010/06/07 17:54:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2010/06/07 17:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2010/06/07 15:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Burnout.Paradise.The.Ultimate.Box [2010/06/06 04:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\AnO [2010/06/05 14:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Battle Club [bYAAAH+case-DCP] [2010/06/05 14:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Desktop\Phantom_Wizard_[Cireus] [2010/06/01 20:00:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010/06/01 19:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/06/01 19:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/06/01 19:57:51 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/01 19:57:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/01 19:57:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/01 19:57:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/01 19:57:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/01 19:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/01 19:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Salade Tossiez\Application Data\Sun [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/30 14:18:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003UA.job [2010/06/30 14:13:27 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vnem.sys [2010/06/30 14:10:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/30 10:54:14 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/30 10:54:14 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/30 10:54:13 | 000,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/30 10:50:29 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Salade Tossiez\NTUSER.DAT [2010/06/30 10:50:25 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{25AC91B9-90CD-488F-B45D-12C78446AA47} [2010/06/30 10:50:19 | 000,000,015 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{25AC91B9-90CD-488F-B45D-12C78446AA47} [2010/06/30 10:50:15 | 000,181,423 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/06/30 10:50:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/30 10:50:11 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2010/06/30 10:50:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/30 10:50:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/30 07:45:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Salade Tossiez\ntuser.ini [2010/06/30 07:45:23 | 003,772,886 | -H-- | M] () -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\IconCache.db [2010/06/29 21:30:18 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/29 20:18:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1801674531-839522115-1003Core.job [2010/06/29 15:35:22 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Google Chrome.lnk [2010/06/29 15:35:22 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/06/28 22:38:32 | 1072,971,776 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010/06/28 22:35:33 | 000,037,880 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe [2010/06/28 13:50:22 | 000,012,883 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153224v0] [Ryuumaru-Commie] Ikkitousen Xtreme Xecutor 01 - 12 [H264][480p].torrent [2010/06/28 13:10:16 | 000,058,506 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Silent Night Melody.pdf [2010/06/27 23:07:48 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/26 18:19:35 | 000,013,508 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153407v0] Mai-HiME.torrent [2010/06/25 11:30:03 | 000,007,690 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153402v0] Trigun Badlands Rumble.torrent [2010/06/22 16:03:48 | 000,014,342 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153345v1] [Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264].torrent [2010/06/21 23:09:42 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\LimeWire 4.14.10.lnk [2010/06/19 15:00:56 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Emulator.ini [2010/06/13 20:18:10 | 000,015,284 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153164v0] Fullmetal Alchemist.torrent [2010/06/11 02:18:57 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to prototypef.lnk [2010/06/10 21:44:12 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini [2010/06/07 18:10:41 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to BurnoutParadise.lnk [2010/06/07 18:08:05 | 000,002,752 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg [2010/06/07 18:03:03 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Burnout Paradise The Ultimate Box.lnk [2010/06/01 19:57:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/01 19:57:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/01 19:57:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/01 19:57:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/01 19:57:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/30 14:13:27 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vnem.sys [2010/06/29 21:30:18 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/29 15:35:22 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Google Chrome.lnk [2010/06/29 15:35:22 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/06/28 13:50:22 | 000,012,883 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153224v0] [Ryuumaru-Commie] Ikkitousen Xtreme Xecutor 01 - 12 [H264][480p].torrent [2010/06/28 13:10:16 | 000,058,506 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Silent Night Melody.pdf [2010/06/26 18:19:33 | 000,013,508 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153407v0] Mai-HiME.torrent [2010/06/25 11:30:03 | 000,007,690 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153402v0] Trigun Badlands Rumble.torrent [2010/06/22 16:03:48 | 000,014,342 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153345v1] [Ryuumaru] Ichiban Ushiro no Daimaou 01 - 12 [480p][uNCENSORED][H264].torrent [2010/06/21 23:09:42 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\LimeWire 4.14.10.lnk [2010/06/19 15:00:56 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Emulator.ini [2010/06/13 20:18:10 | 000,015,284 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\[bakaBT.153164v0] Fullmetal Alchemist.torrent [2010/06/11 01:03:49 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to prototypef.lnk [2010/06/07 18:10:41 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Salade Tossiez\Desktop\Shortcut to BurnoutParadise.lnk [2010/06/07 18:08:05 | 000,002,752 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg [2010/06/07 18:03:03 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Burnout Paradise The Ultimate Box.lnk [2010/04/24 23:10:41 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/24 23:10:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/04/24 23:10:39 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/04/24 23:10:39 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/04/24 23:10:39 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/04/24 23:10:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/04/24 23:10:37 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010/04/24 21:00:58 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll [2010/04/24 21:00:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/09/07 15:46:03 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008/09/07 02:53:02 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll < End of report > Here is the EXTRA LOG OTL Extras logfile created on: 6/30/2010 2:16:30 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Salade Tossiez\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 386.00 Mb Available Physical Memory | 38.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 348.75 Gb Free Space | 74.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AHK Current User Name: Salade Tossiez Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force) .url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) htmlfile [opennew] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) http [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) https [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) InternetShortcut [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\rise.exe" = C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.) "C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\nations.exe" = C:\Documents and Settings\Salade Tossiez\Desktop\Rise of Nations\nations.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games) "C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe" = C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled:Dragon Age Origins Character Creator -- (BioWare) "C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Character Creator Launcher -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare) "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout Paradise The Ultimate Box -- (Electronic Arts) "C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype -- (Activision) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{7F878808-B462-4A82-B956-452595F8B29A}" = Virtual CD v5 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89F4137D-6C2

So last night I got a virus resulting a blue screen error with this code "PAGE_FAULT_IN_NONPAGED_AREA" Along with this stop code "0x00000050 (0X9FA0A1A2, 0X00000001, 0X851A99C4, 0X00000000). I rebooted into safemode, and ran mbam which gave me this log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4247 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 7.0.5730.13 6/28/2010 11:10:59 PM mbam-log-2010-06-28 (23-10-59).txt Scan type: Quick scan Objects scanned: 130937 Time elapsed: 14 minute(s), 5 second(s) Memory Processes Infected: 1 Memory Modules Infected: 2 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 29 Memory Processes Infected: C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\AUTMGR32.EXE (Trojan.Dropper) -> Unloaded process successfully. Memory Modules Infected: C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\awfhcp.dll (Spyware.Passwords) -> Delete on reboot. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tvonupom (Trojan.Hiloti) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Delete on reboot. HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Salade Tossiez\Local Settings\Application Data\Windows Server\awfhcp.dll (Spyware.Passwords) -> Delete on reboot. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Delete on reboot. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\AUTMGR32.EXE (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\msypsan.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\FwsNOjiGkd.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\PRAGMA23f9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\PRAGMA887a.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\PRAGMAf671.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\tmp315B.tmp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\tmp782F.tmp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\tmp97D6.tmp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temporary Internet Files\Content.IE5\8D6VKL5G\139-direct[1].ex (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temporary Internet Files\Content.IE5\YP6TPRBV\setup[2].exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temporary Internet Files\Content.IE5\YUZ9D6QJ\139-direct[1].ex (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temporary Internet Files\Content.IE5\YUZ9D6QJ\setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Desktop\spam001.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Desktop\spam003.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Desktop\troj000.exe (Malware.Trave) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\PRAGMA23e9.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\PRAGMA886b.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\PRAGMAf651.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\asd6.tmp.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Salade Tossiez\Local Settings\Temp\asd7.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. I then rebooted again into normal, updated mbam, and ran it again, which gave me this log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4252 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 6/28/2010 11:24:43 PM mbam-log-2010-06-28 (23-24-43).txt Scan type: Quick scan Objects scanned: 132265 Time elapsed: 10 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Salade Tossiez\Local Settings\Temporary Internet Files\Content.IE5\8D6VKL5G\setup[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully. Thinking the problem dealt with, I went to sleep, and woke up this morning, only to find the SAME blue screen error again upon startup. However, I noticed that when I unplugged my external hard drive, the blue screen error would not ocurr upon start up. Updating mbam once more, with my external unplugged, I ran it again, and got this log file: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4258 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 6/29/2010 2:00:42 PM mbam-log-2010-06-29 (14-00-42).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 213781 Time elapsed: 51 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{1B141DC9-293A-48B1-A657-9A7098B34777}\RP1\A0001005.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1B141DC9-293A-48B1-A657-9A7098B34777}\RP1\A0001008.dll (Spyware.Passwords) -> Quarantined and deleted successfully. D:\Recycled\Dd1\Symantec Norton 2005 Key Generators ( antivirus - systemworks - internet security )\Antivirus 2005 Key Generator\KEY GENERATOR.EXE (Trojan.Agent.CK) -> Quarantined and deleted successfully. I have since ran a full scan on both my external and C drive, and found no errors, however, upont booting up with the external plugged in I get the same blue screen. Further, google's chrome program simply hangs at start up never loading any web pages, and while I can use avant broswer, it frequently get's redirected to random cites during browsing. I have tried reinstalling chrome, but the problem persists. So, here I am, any help is greatly appreciated.

Hi, I actually tried that, checked the drive and it's fine, and tried repairing both the boot and master boot but still no luck. Luckily I still have the original OS cd, so if I can't figure things out soon, I may just reformat. Most of my data is already backed up, but still, it's a pain. Thank you for the advice and suggestions. --A

Thank you for your prompt response, Unfortunately I cannot access windows in any mode, not even safe mode. While I can navigate through the features of the repair console, using windows itself is currently not an option. I suspect I could use command prompt, and hopefully from there run mbam, but I'll need to get my hands on a dos boot disk. Before I get started, I should ask, Can mbam be run from command prompt? Thank you again for your help and advice, --A

Hello everyone, I've got quite the interesting problem. I got the blue screen on my dell, and now windows hangs up at start up and just gives me a blank screen before even the logo appears. I've tried starting in safe mode, and using the repair console to fix the boot and master boot files but no luck, I can't get any access to windows, or mbam to run a test. Do I have any other options besides reinstalling windows? And if I do have to reinstall windows, is there a way to do so, without losing my data? Any help and advice offered is greatly appreciated, thanks in advance. A.

Problem solved, please feel free to close this thread.

So my pc is definitely infected with something, I just don't know what. Mbam will run, but won't update. I repeatedly get an error code of 732. And when I scan, the quick scan takes over an hour and finds nothing. (normally a quick scan for me is about 10 minutes tops). Also I can't access the mbam website (I'm currently on a desktop at school). While no malicious activity is taking place on my computer as of yet, I feel it's only a matter of time. Any advice or help would be greatly appreciated. --AHK

I put in the command and combofix is uninstalled. Thanks so much for all of your help, everything seems to be working great now!

Hi, I downloaded combofix and renamed it just in case. Here is the log file from the scan. ComboFix 09-06-23.01 - Owner 06/24/2009 0:49.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.305 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\Hector.exe AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\TDSSserv.sys c:\windows\system32\drivers\UACkjoydcsrinkplukjv.sys c:\windows\system32\UACbdnyjwylhvtmnmqhs.dll c:\windows\system32\UACgxokqhnppojhcqaff.dll c:\windows\system32\UACndkegdlltnqknqbkw.log c:\windows\system32\UACowvaspnkuucsxtqbk.dat c:\windows\system32\UACtyvuptxgrwacnalga.dll c:\windows\system32\UACuklwodpgtgyaxdxra.log c:\windows\system32\UACwbjgkstydwrceldcb.log c:\windows\system32\UACwvcacxyofqnwqhcch.dll c:\windows\system32\UACyebxqrylkumkntglk.dll c:\docume~1\Owner\LOCALS~1\Temp\install_flash_player.exe c:\windows\system32\drivers\TDSSserv.sys c:\windows\system32\drivers\UACkjoydcsrinkplukjv.sys c:\windows\system32\UACbdnyjwylhvtmnmqhs.dll c:\windows\system32\UACgxokqhnppojhcqaff.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACndkegdlltnqknqbkw.log c:\windows\system32\UACowvaspnkuucsxtqbk.dat c:\windows\system32\UACtyvuptxgrwacnalga.dll c:\windows\system32\UACuklwodpgtgyaxdxra.log c:\windows\system32\UACwbjgkstydwrceldcb.log c:\windows\system32\UACwvcacxyofqnwqhcch.dll c:\windows\system32\UACyebxqrylkumkntglk.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSSERV -------\Legacy_TDSSSERV -------\Service_UACd.sys -------\Legacy_XPROTECTOR -------\Service_XPROTECTOR ((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 ))))))))))))))))))))))))))))))) . 2009-06-21 19:07 . 2009-06-21 19:07 -------- d-----w- c:\program files\Trend Micro 2009-06-20 08:32 . 2009-06-20 08:32 52736 ----a-w- c:\windows\ipuninst.exe 2009-06-20 08:30 . 2009-06-20 08:30 -------- d-----w- c:\program files\BlackIsle 2009-06-13 06:52 . 2009-06-13 06:52 1048576 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yq2y6zjv.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2009-06-10 21:48 . 2009-06-10 21:48 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 07:36 . 2005-12-06 23:00 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-22 19:08 . 2008-08-28 09:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-21 18:49 . 2008-09-03 01:47 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-21 07:58 . 2007-11-06 01:34 -------- d-----w- c:\program files\BitComet 2009-06-18 04:43 . 2009-02-11 07:59 -------- d-----w- c:\program files\CometBird 2009-06-17 18:27 . 2008-08-28 09:03 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 18:27 . 2008-08-28 09:03 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-01 06:57 . 2007-02-10 08:51 -------- d-----w- c:\program files\Inmagic . ------- Sigcheck ------- [7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2002-09-03 17:06 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys [7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys [7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys [-] 2007-11-06 02:08 359808 DE891AD282E856ACFD40990094A63B6F c:\windows\system32\dllcache\tcpip.sys [-] 2007-11-06 02:08 359808 DE891AD282E856ACFD40990094A63B6F c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhotoShow Deluxe Media Manager"="c:\ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-12 212992] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-19 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 59040] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-12-06 100056] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-15 257088] "Airlink101 Airlink101 WLAN Monitor"="c:\program files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe" [2007-12-01 1949696] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitComet\\BitComet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9924:TCP"= 9924:TCP:BitComet 9924 TCP "9924:UDP"= 9924:UDP:BitComet 9924 UDP R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 7:50 PM 24652] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [11/16/2007 11:56 AM 550272] . Contents of the 'Scheduled Tasks' folder 2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 22:42] 2009-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-299502267-725345543-1003.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 08:18] 2009-05-23 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Owner.job - c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 20:54] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.myspace.com/ mWindow Title = Microsoft Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = iexplore IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-24 00:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2456) c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Messenger\msmsgs.exe . ************************************************************************** . Completion time: 2009-06-24 1:03 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-24 08:03 Pre-Run: 14,386,434,048 bytes free Post-Run: 15,669,727,232 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 181 --- E O F --- 2008-03-31 07:08 I'm glad to see uacinit.dll was included in the delete list. Is there anything left to do, or am I out of the woods? Thanks again for all of the help!

Hi, thanks for getting back to me. I did manage to update MB and get a full scan in. Although now, I intermitantly get a blue screen error message, so things are progressing in a bad direction. Here are the updated log files from HT and MB. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:45:21 PM, on 6/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace O1 - Hosts: ::1 localhost O1 - Hosts: 94.232.248.66 antivirsystem-pro.microsoft.com O1 - Hosts: 94.232.248.66 antivir-system-pro.com O1 - Hosts: 94.232.248.66 www.antivir-system-pro.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\titan.cbr.exe" /runcleanupscript O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10057 bytes Malwarebytes' Anti-Malware 1.38 Database version: 2323 Windows 5.1.2600 Service Pack 2 6/22/2009 5:44:56 PM mbam-log-2009-06-22 (17-44-56).txt Scan type: Full Scan (C:\|) Objects scanned: 193149 Time elapsed: 38 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. Thanks very much for all the help, can't wait to get rid of this thing.

Apparently av still has an active rootkit within my system. While renamed MB will run, I cannot update or reinstall it. Here are the log files from Hijack, and MB respectively. Thanks in advance for the advice and help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:05 PM, on 6/21/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\yoyo.cbr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace O1 - Hosts: ::1 localhost O1 - Hosts: 94.232.248.66 antivirsystem-pro.microsoft.com O1 - Hosts: 94.232.248.66 antivir-system-pro.com O1 - Hosts: 94.232.248.66 www.antivir-system-pro.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Airlink101 Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\yoyo.cbr.exe" /runcleanupscript O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10361 bytes Malwarebytes' Anti-Malware 1.37 Database version: 2297 Windows 5.1.2600 Service Pack 2 6/21/2009 12:05:10 PM mbam-log-2009-06-21 (12-05-10).txt Scan type: Quick Scan Objects scanned: 117170 Time elapsed: 13 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. I've tried running a quick scan and full scan, and MB has the same results, it finds these two files, asks me to reboot, but can't seem to remove uacinit.dll. I imagine that 1.38 is equipped to handle this problem, but I can't update or uninstall for a clean reinstall. What do I do now?

My computer was infected with Antivirus Pro, and it was keeping malwarebytes from opening. I used to rename trick, and managed to open mb, do a quick scan and get rid of the virus. However, even with the virus gone, mb still won't open. I've tried to uninstall mb, and reinstall it in hopes of doing a clean install, but nothing happens when I click uninstall. It will still open from the renamed program, but whenever I try to update, after the initial download has finished, and the program shuts itself off to restart, nothing will happen, and the updates never take effect. If I had to hazzard a guess, I think some remnant of antivirus pro must still be around, but that doesn't make too much sense. Anyone have any ideas? Thanks in advance for the advice.