Jump to content

Ping.exe "Privacy protection"


Recommended Posts

So somehow I ended up with the XP Antispyware / XP Antivirus 2012 on my computer. I've done a few scans with AVG and with a program my friend gave me to fix registry errors called "Windows Registry Repair Pro", and Neither have successfully taken care of my problem...

I was able to get rid of the XP Antispyware, but like many on the forum I still have "Ping.EXE" Popping up constantly and taking up all of my CPU usage.

Just figured I'd see if I could get any tips on how to remove "Ping.exe" and "Privacy protection", along with the Google re-direct. (Both are also appearing when running in Safe mode.)

Has been a nightmare the past few days trying to figure it out myself. Thanks in advance for any help given =) - Dan

(I'm running Windows XP)

Link to post
Share on other sites

Don't mean to post again, hope you still read this.. I forgot to include the DDS TXT documents -.-*

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Daniel Moulton at 23:50:42 on 2011-12-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2151 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = localhost;*.local

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - AVG Security Toolbar BHO

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -

uRun: [<NO NAME>]

uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Windows Registry Repair Pro] c:\program files\3b software\windows registry repair pro\RegistryRepairPro.exe 4

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [<NO NAME>]

mRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r

mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE

mRun: [sBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjY4NTY0Nzc5LUZMMTArMS1ERFQrMjYxNjgtVFVHKzMtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFOKzMtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRjEwTTEyQisx"&"prod=90"&"ver=10.0.1411

dRunOnce: [setDefaultMIDI] MIDIDEF.EXE

StartupFolder: c:\docume~1\daniel~1\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe

StartupFolder: c:\docume~1\daniel~1\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\heroes of might and magic v\registration\RegistrationReminder.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

Trusted Zone: aol.com\free

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.87.71.230 68.87.73.246

TCP: Interfaces\{F74B553A-C996-4A40-A6A2-98104FD9DD76} : DhcpNameServer = 68.87.71.230 68.87.73.246

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\daniel moulton\application data\mozilla\firefox\profiles\xkdh7a18.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-7-5 12184]

R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2003-3-5 15840]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-4 41272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 gUSBSTOi;gUSBSTOi;c:\docume~1\daniel~1\locals~1\temp\gUSBSTOi.sys [2004-2-1 31744]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-05 04:46:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-04 02:10:12 -------- d-----w- c:\program files\3B Software

2011-12-03 23:41:32 -------- d--h--w- C:\$AVG

2011-12-03 23:31:13 -------- d-----w- c:\documents and settings\daniel moulton\application data\AVG2012

2011-12-03 23:29:25 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-12-03 23:28:58 -------- d-----w- c:\program files\AVG

2011-12-03 19:22:36 -------- d-----w- c:\documents and settings\daniel moulton\application data\Malwarebytes

2011-12-03 19:22:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-12-03 19:22:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-03 19:22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-24 22:22:31 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-11-24 22:22:31 215920 ----a-w- c:\windows\system32\muweb.dll

2011-11-24 22:22:31 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-11-24 08:28:32 -------- d-----w- c:\documents and settings\daniel moulton\Tracing

2011-11-24 08:27:39 -------- d-----w- c:\program files\Microsoft

2011-11-24 08:27:21 -------- d-----w- c:\program files\Windows Live SkyDrive

2011-11-24 08:24:02 -------- d-----w- c:\program files\common files\Windows Live

2011-11-22 07:26:47 -------- d-----w- C:\Games

2011-11-21 19:57:20 6600192 ----a-w- c:\windows\system32\licprotector310.exe

2011-11-21 19:57:16 -------- d-----w- c:\program files\Free File Opener

2011-11-21 19:57:16 -------- d-----w- c:\documents and settings\daniel moulton\local settings\application data\Free File Opener

.

==================== Find3M ====================

.

2011-11-30 06:32:58 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 11:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-24 23:22:11 1414 ----a-w- c:\windows\wininit.tmp

2011-09-23 17:40:32 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-09-23 17:32:23 1 ----a-w- c:\windows\system32\SI.bin

2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 23:51:07.57 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/5/2011 5:14:11 PM

System Uptime: 12/4/2011 10:58:05 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | Grouper

Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 596 GiB total, 560.259 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 464.955 GiB free.

E: is FIXED (NTFS) - 466 GiB total, 455.748 GiB free.

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM (CDFS)

K: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP90: 9/4/2011 5:10:34 PM - System Checkpoint

RP91: 9/5/2011 6:39:58 PM - System Checkpoint

RP92: 9/6/2011 8:34:36 PM - System Checkpoint

RP93: 9/8/2011 12:18:30 AM - Software Distribution Service 3.0

RP94: 9/9/2011 1:21:06 PM - System Checkpoint

RP95: 9/11/2011 11:18:54 AM - System Checkpoint

RP96: 9/13/2011 10:02:45 AM - System Checkpoint

RP97: 9/14/2011 1:21:15 AM - Software Distribution Service 3.0

RP98: 9/15/2011 4:19:38 PM - System Checkpoint

RP99: 9/17/2011 11:41:26 AM - System Checkpoint

RP100: 9/18/2011 7:22:07 PM - System Checkpoint

RP101: 9/20/2011 6:35:01 PM - System Checkpoint

RP102: 9/21/2011 12:09:57 PM - Installed Grand Theft Auto

RP103: 9/21/2011 12:19:13 PM - Installed Grand Theft Auto: London, 1969

RP104: 9/21/2011 1:22:41 PM - Installed GTA2

RP105: 9/22/2011 3:49:24 PM - System Checkpoint

RP106: 9/23/2011 1:32:32 PM - Installed Heroes of Might and Magic V

RP107: 9/23/2011 1:39:56 PM - Installed DirectX

RP108: 9/24/2011 1:40:24 PM - System Checkpoint

RP109: 9/24/2011 7:56:33 PM - Installed DirectX

RP110: 9/24/2011 8:05:00 PM - Installed DirectX

RP111: 9/26/2011 12:41:14 PM - System Checkpoint

RP112: 9/27/2011 8:49:34 PM - System Checkpoint

RP113: 9/28/2011 4:46:48 PM - Software Distribution Service 3.0

RP114: 9/29/2011 6:17:06 PM - System Checkpoint

RP115: 10/1/2011 1:32:36 PM - System Checkpoint

RP116: 10/2/2011 10:30:37 PM - System Checkpoint

RP117: 10/3/2011 11:10:10 PM - System Checkpoint

RP118: 10/4/2011 11:42:34 PM - System Checkpoint

RP119: 10/9/2011 7:33:02 PM - System Checkpoint

RP120: 10/11/2011 10:11:59 AM - System Checkpoint

RP121: 10/14/2011 9:56:37 PM - Software Distribution Service 3.0

RP122: 10/19/2011 4:42:59 PM - System Checkpoint

RP123: 10/20/2011 5:34:03 PM - System Checkpoint

RP124: 10/23/2011 9:05:53 PM - System Checkpoint

RP125: 10/26/2011 2:16:22 PM - System Checkpoint

RP126: 10/27/2011 6:58:15 PM - System Checkpoint

RP127: 10/28/2011 8:59:08 PM - System Checkpoint

RP128: 11/1/2011 6:08:48 AM - System Checkpoint

RP129: 11/2/2011 10:59:03 PM - System Checkpoint

RP130: 11/4/2011 6:41:42 PM - System Checkpoint

RP131: 11/6/2011 3:37:03 AM - System Checkpoint

RP132: 11/7/2011 10:31:26 PM - System Checkpoint

RP133: 11/9/2011 6:47:05 PM - System Checkpoint

RP134: 11/10/2011 3:00:16 AM - Software Distribution Service 3.0

RP135: 11/11/2011 3:00:16 AM - Software Distribution Service 3.0

RP136: 11/12/2011 9:18:50 PM - System Checkpoint

RP137: 11/13/2011 9:31:58 PM - System Checkpoint

RP138: 11/14/2011 9:43:05 PM - System Checkpoint

RP139: 11/16/2011 11:33:46 PM - System Checkpoint

RP140: 11/18/2011 5:18:39 PM - System Checkpoint

RP141: 11/21/2011 3:49:43 PM - System Checkpoint

RP142: 11/22/2011 2:26:46 AM - Installed Fallen Earth.

RP143: 11/23/2011 5:12:38 PM - System Checkpoint

RP144: 11/24/2011 5:37:47 PM - System Checkpoint

RP145: 11/25/2011 3:00:17 AM - Software Distribution Service 3.0

RP146: 11/26/2011 8:41:02 AM - System Checkpoint

RP147: 11/27/2011 8:06:44 PM - System Checkpoint

RP148: 11/29/2011 1:35:22 PM - System Checkpoint

RP149: 11/30/2011 3:08:37 PM - System Checkpoint

RP150: 12/1/2011 6:59:29 PM - System Checkpoint

RP151: 12/3/2011 1:42:56 PM - Removed AVG 2011

RP152: 12/3/2011 1:44:06 PM - Removed AVG 2011

RP153: 12/3/2011 3:44:08 PM - Restore Operation

RP154: 12/3/2011 3:51:04 PM - Restore Operation

RP155: 12/3/2011 6:28:57 PM - Installed AVG 2012

RP156: 12/3/2011 6:29:15 PM - Installed AVG 2012

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.0)

AIM 7

Alarm Clock v1.00

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Control Panel

ATI Decoder

ATI Display Driver

ATI HYDRAVISION

ATI Multimedia Center

ATI Multimedia Center 9.01

ATI Remote Wonder 2

ATI Remote Wonder 2.5

AVG 2012

Bonjour

Command & Conquer Red Alert 2

ConvertHelper 2.2

Creative System Information

DAO

Download Updater (AOL LLC)

eReg

Fallen Earth

Free File Opener v2011.7.0.1

GameSpy Arcade

GIMP 2.6.11

Grand Theft Auto

Grand Theft Auto: London, 1969

GTA2

Guild Wars

Heroes of Might and Magic V

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

iTunes

Java Auto Updater

Java 6 Update 26

Logitech Desktop Messenger

Logitech SetPoint 6.30

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 8.0.1 (x86 en-US)

MSVCRT

Painkiller

Painkiller - Battle Out Of Hell

QuickTime

Realtek High Definition Audio Driver

RuneScape Launcher 1.0.4

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Segoe UI

Sound Blaster Audigy 2 ZS

Tibia

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 1.1.11

WebFldrs XP

Westwood Shared Internet Components

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Management Framework Core

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows Registry Repair Pro

Windows Search 4.0

Windows XP Service Pack 3

Winrar 3.93

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

12/4/2011 7:25:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/4/2011 7:23:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/4/2011 7:12:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm

12/4/2011 6:15:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402

12/4/2011 6:15:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402

12/4/2011 5:15:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402

12/4/2011 5:15:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402

12/4/2011 4:15:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402

12/4/2011 4:15:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402

12/4/2011 3:15:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402

12/4/2011 3:15:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402

12/4/2011 2:15:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402

12/4/2011 2:15:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402

12/4/2011 12:15:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402

12/4/2011 12:15:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402

12/4/2011 11:15:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402

12/4/2011 11:15:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402

12/4/2011 10:58:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

12/4/2011 1:15:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402

12/4/2011 1:15:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402

12/3/2011 9:18:31 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

12/3/2011 9:18:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

12/3/2011 9:18:31 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/3/2011 9:18:03 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/3/2011 9:15:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402

12/3/2011 9:15:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402

12/3/2011 8:15:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402

12/3/2011 8:15:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402

12/3/2011 7:15:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: General access denied error

12/3/2011 7:15:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: General access denied error

12/3/2011 7:10:24 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 5 time(s).

12/3/2011 7:10:20 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 4 time(s).

12/3/2011 6:47:14 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

12/3/2011 6:44:13 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/3/2011 6:24:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde

12/3/2011 6:24:08 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

12/3/2011 6:24:08 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.

12/3/2011 5:23:16 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/3/2011 5:23:16 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

12/3/2011 5:23:16 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

12/3/2011 5:23:16 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

12/3/2011 5:23:16 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/3/2011 5:23:16 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

12/3/2011 4:10:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/3/2011 4:03:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

12/3/2011 4:03:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

12/3/2011 4:03:35 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 4:03:35 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 4:03:35 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 4:03:35 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 4:03:35 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 4:03:35 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2011 1:40:19 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

11/28/2011 5:25:13 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Arcemedes! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

In your next reply, please post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Link to post
Share on other sites

Hello Maniac, Nice to meet you, and appreciate the help =.)Okay Here's the TXT files you asked for... First is the TDSkill, OTL, and then Extras.

09:26:50.0546 3208 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

09:26:50.0734 3208 ============================================================

09:26:50.0734 3208 Current date / time: 2011/12/05 09:26:50.0734

09:26:50.0734 3208 SystemInfo:

09:26:50.0734 3208

09:26:50.0734 3208 OS Version: 5.1.2600 ServicePack: 3.0

09:26:50.0734 3208 Product type: Workstation

09:26:50.0734 3208 ComputerName: DANIEL-46C1FCFD

09:26:50.0734 3208 UserName: Daniel Moulton

09:26:50.0734 3208 Windows directory: C:\WINDOWS

09:26:50.0734 3208 System windows directory: C:\WINDOWS

09:26:50.0734 3208 Processor architecture: Intel x86

09:26:50.0734 3208 Number of processors: 2

09:26:50.0734 3208 Page size: 0x1000

09:26:50.0734 3208 Boot type: Normal boot

09:26:50.0734 3208 ============================================================

09:26:52.0171 3208 Initialize success

09:27:28.0906 2212 ============================================================

09:27:28.0906 2212 Scan started

09:27:28.0906 2212 Mode: Manual; SigCheck; TDLFS;

09:27:28.0906 2212 ============================================================

09:27:29.0453 2212 Abiosdsk - ok

09:27:29.0468 2212 abp480n5 - ok

09:27:29.0500 2212 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:27:30.0609 2212 ACPI - ok

09:27:30.0640 2212 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:27:30.0765 2212 ACPIEC - ok

09:27:30.0781 2212 adpu160m - ok

09:27:30.0812 2212 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:27:30.0953 2212 aec - ok

09:27:31.0000 2212 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:27:31.0062 2212 AFD - ok

09:27:31.0062 2212 Aha154x - ok

09:27:31.0078 2212 aic78u2 - ok

09:27:31.0093 2212 aic78xx - ok

09:27:31.0109 2212 AliIde - ok

09:27:31.0125 2212 amsint - ok

09:27:31.0171 2212 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:27:31.0296 2212 Arp1394 - ok

09:27:31.0312 2212 asc - ok

09:27:31.0328 2212 asc3350p - ok

09:27:31.0343 2212 asc3550 - ok

09:27:31.0375 2212 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:27:31.0531 2212 AsyncMac - ok

09:27:31.0562 2212 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:27:31.0703 2212 atapi - ok

09:27:31.0718 2212 Atdisk - ok

09:27:31.0765 2212 ATI Remote Wonder II (1c5473c7214a63c3012d5544779d07a3) C:\WINDOWS\system32\drivers\ATIRWVD.SYS

09:27:31.0781 2212 ATI Remote Wonder II ( UnsignedFile.Multi.Generic ) - warning

09:27:31.0781 2212 ATI Remote Wonder II - detected UnsignedFile.Multi.Generic (1)

09:27:31.0828 2212 ati2mtag (03eaf48fa040a00c6c5f2b8cc11182f1) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:27:31.0890 2212 ati2mtag - ok

09:27:31.0937 2212 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:27:32.0078 2212 Atmarpc - ok

09:27:32.0093 2212 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:27:32.0218 2212 audstub - ok

09:27:32.0265 2212 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

09:27:32.0593 2212 AVGIDSDriver - ok

09:27:32.0609 2212 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

09:27:32.0625 2212 AVGIDSEH - ok

09:27:32.0656 2212 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

09:27:32.0671 2212 AVGIDSFilter - ok

09:27:32.0718 2212 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

09:27:32.0734 2212 AVGIDSShim - ok

09:27:32.0796 2212 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

09:27:32.0812 2212 Avgldx86 - ok

09:27:32.0828 2212 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

09:27:32.0843 2212 Avgmfx86 - ok

09:27:32.0859 2212 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

09:27:32.0875 2212 Avgrkx86 - ok

09:27:32.0906 2212 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

09:27:32.0921 2212 Avgtdix - ok

09:27:32.0968 2212 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:27:33.0109 2212 Beep - ok

09:27:33.0156 2212 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:27:33.0281 2212 cbidf2k - ok

09:27:33.0296 2212 cd20xrnt - ok

09:27:33.0328 2212 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:27:33.0468 2212 Cdaudio - ok

09:27:33.0515 2212 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:27:33.0656 2212 Cdfs - ok

09:27:33.0687 2212 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:27:33.0812 2212 Cdrom - ok

09:27:33.0828 2212 Changer - ok

09:27:33.0859 2212 CmdIde - ok

09:27:33.0906 2212 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL

09:27:33.0921 2212 COMMONFX.DLL - ok

09:27:33.0937 2212 Cpqarray - ok

09:27:33.0968 2212 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL

09:27:34.0046 2212 CT20XUT.DLL - ok

09:27:34.0078 2212 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys

09:27:34.0109 2212 ctac32k - ok

09:27:34.0156 2212 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys

09:27:34.0187 2212 ctaud2k - ok

09:27:34.0203 2212 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL

09:27:34.0250 2212 CTAUDFX.DLL - ok

09:27:34.0296 2212 ctdvda2k (18779d6877a2f4ff2f23193fee44b095) C:\WINDOWS\system32\drivers\ctdvda2k.sys

09:27:34.0328 2212 ctdvda2k - ok

09:27:34.0359 2212 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL

09:27:34.0390 2212 CTEAPSFX.DLL - ok

09:27:34.0406 2212 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL

09:27:34.0453 2212 CTEDSPFX.DLL - ok

09:27:34.0468 2212 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL

09:27:34.0500 2212 CTEDSPIO.DLL - ok

09:27:34.0515 2212 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL

09:27:34.0546 2212 CTEDSPSY.DLL - ok

09:27:34.0578 2212 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL

09:27:34.0609 2212 CTERFXFX.DLL - ok

09:27:34.0656 2212 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL

09:27:34.0734 2212 CTEXFIFX.DLL - ok

09:27:34.0750 2212 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL

09:27:34.0796 2212 CTHWIUT.DLL - ok

09:27:34.0828 2212 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys

09:27:34.0843 2212 ctprxy2k - ok

09:27:34.0859 2212 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL

09:27:34.0906 2212 CTSBLFX.DLL - ok

09:27:34.0921 2212 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys

09:27:34.0953 2212 ctsfm2k - ok

09:27:34.0953 2212 dac2w2k - ok

09:27:34.0968 2212 dac960nt - ok

09:27:35.0031 2212 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:27:35.0156 2212 Disk - ok

09:27:35.0203 2212 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:27:35.0359 2212 dmboot - ok

09:27:35.0375 2212 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:27:35.0515 2212 dmio - ok

09:27:35.0546 2212 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:27:35.0671 2212 dmload - ok

09:27:35.0718 2212 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:27:35.0875 2212 DMusic - ok

09:27:35.0890 2212 dpti2o - ok

09:27:35.0906 2212 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:27:36.0062 2212 drmkaud - ok

09:27:36.0078 2212 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys

09:27:36.0093 2212 emupia - ok

09:27:36.0140 2212 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:27:36.0281 2212 Fastfat - ok

09:27:36.0296 2212 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

09:27:36.0437 2212 Fdc - ok

09:27:36.0453 2212 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:27:36.0593 2212 Fips - ok

09:27:36.0609 2212 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:27:36.0734 2212 Flpydisk - ok

09:27:36.0765 2212 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:27:36.0906 2212 FltMgr - ok

09:27:36.0921 2212 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:27:37.0046 2212 Fs_Rec - ok

09:27:37.0062 2212 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:27:37.0203 2212 Ftdisk - ok

09:27:37.0234 2212 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

09:27:37.0359 2212 gameenum - ok

09:27:37.0390 2212 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:27:37.0406 2212 GEARAspiWDM - ok

09:27:37.0421 2212 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:27:37.0562 2212 Gpc - ok

09:27:37.0703 2212 gUSBSTOi (4d7fc082bd1fc138c6be1782210d848b) C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\gUSBSTOi.sys

09:27:37.0750 2212 gUSBSTOi ( UnsignedFile.Multi.Generic ) - warning

09:27:37.0750 2212 gUSBSTOi - detected UnsignedFile.Multi.Generic (1)

09:27:37.0796 2212 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys

09:27:37.0843 2212 ha10kx2k - ok

09:27:37.0875 2212 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys

09:27:37.0890 2212 hap16v2k - ok

09:27:37.0921 2212 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys

09:27:37.0953 2212 hap17v2k - ok

09:27:37.0984 2212 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:27:38.0125 2212 HDAudBus - ok

09:27:38.0171 2212 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:27:38.0296 2212 hidusb - ok

09:27:38.0328 2212 hpn - ok

09:27:38.0375 2212 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:27:38.0437 2212 HTTP - ok

09:27:38.0453 2212 i2omgmt - ok

09:27:38.0468 2212 i2omp - ok

09:27:38.0500 2212 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:27:38.0640 2212 i8042prt - ok

09:27:38.0656 2212 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:27:38.0781 2212 Imapi - ok

09:27:38.0812 2212 ini910u - ok

09:27:38.0906 2212 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

09:27:39.0078 2212 IntcAzAudAddService - ok

09:27:39.0109 2212 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:27:39.0250 2212 IntelIde - ok

09:27:39.0265 2212 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:27:39.0390 2212 intelppm - ok

09:27:39.0421 2212 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:27:39.0562 2212 Ip6Fw - ok

09:27:39.0593 2212 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:27:39.0734 2212 IpFilterDriver - ok

09:27:39.0750 2212 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:27:39.0890 2212 IpInIp - ok

09:27:39.0921 2212 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:27:40.0062 2212 IpNat - ok

09:27:40.0093 2212 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:27:40.0218 2212 IPSec - ok

09:27:40.0250 2212 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:27:40.0375 2212 IRENUM - ok

09:27:40.0390 2212 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:27:40.0531 2212 isapnp - ok

09:27:40.0562 2212 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:27:40.0703 2212 Kbdclass - ok

09:27:40.0750 2212 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:27:40.0875 2212 kmixer - ok

09:27:40.0906 2212 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:27:40.0953 2212 KSecDD - ok

09:27:41.0015 2212 LBeepKE (5644acfa1b281ce2212353552147d1a0) C:\WINDOWS\system32\Drivers\LBeepKE.sys

09:27:41.0031 2212 LBeepKE - ok

09:27:41.0046 2212 lbrtfdc - ok

09:27:41.0093 2212 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

09:27:41.0109 2212 LHidFilt - ok

09:27:41.0156 2212 LHidKe (6f6fed015cd3d33a048f9fc40f42e076) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

09:27:41.0156 2212 LHidKe ( UnsignedFile.Multi.Generic ) - warning

09:27:41.0156 2212 LHidKe - detected UnsignedFile.Multi.Generic (1)

09:27:41.0187 2212 LHidUsbK (c9feeb4604c303cbd68e0a6780b5f50c) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys

09:27:41.0203 2212 LHidUsbK ( UnsignedFile.Multi.Generic ) - warning

09:27:41.0203 2212 LHidUsbK - detected UnsignedFile.Multi.Generic (1)

09:27:41.0218 2212 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

09:27:41.0250 2212 LMouFilt - ok

09:27:41.0265 2212 LMouKE (e424eb5f4fcf486490a17bea3dfc64a9) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

09:27:41.0296 2212 LMouKE ( UnsignedFile.Multi.Generic ) - warning

09:27:41.0296 2212 LMouKE - detected UnsignedFile.Multi.Generic (1)

09:27:41.0343 2212 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

09:27:41.0359 2212 LUsbFilt - ok

09:27:41.0390 2212 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:27:41.0531 2212 mnmdd - ok

09:27:41.0578 2212 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:27:41.0718 2212 Modem - ok

09:27:41.0734 2212 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:27:41.0875 2212 Mouclass - ok

09:27:41.0875 2212 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:27:42.0015 2212 mouhid - ok

09:27:42.0031 2212 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:27:42.0171 2212 MountMgr - ok

09:27:42.0187 2212 mraid35x - ok

09:27:42.0203 2212 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:27:42.0343 2212 MRxDAV - ok

09:27:42.0375 2212 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:27:42.0453 2212 MRxSmb - ok

09:27:42.0500 2212 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:27:42.0625 2212 Msfs - ok

09:27:42.0656 2212 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:27:42.0796 2212 MSKSSRV - ok

09:27:42.0812 2212 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:27:42.0937 2212 MSPCLOCK - ok

09:27:42.0953 2212 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:27:43.0078 2212 MSPQM - ok

09:27:43.0093 2212 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:27:43.0234 2212 mssmbios - ok

09:27:43.0250 2212 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:27:43.0281 2212 Mup - ok

09:27:43.0328 2212 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:27:43.0484 2212 NDIS - ok

09:27:43.0515 2212 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:27:43.0562 2212 NdisTapi - ok

09:27:43.0593 2212 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:27:43.0734 2212 Ndisuio - ok

09:27:43.0750 2212 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:27:43.0875 2212 NdisWan - ok

09:27:43.0921 2212 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:27:44.0000 2212 NDProxy - ok

09:27:44.0031 2212 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:27:44.0171 2212 NetBIOS - ok

09:27:44.0187 2212 NetBT (0ae50956b77a07dd5ceb5c850b98b765) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:27:44.0203 2212 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 0ae50956b77a07dd5ceb5c850b98b765, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d

09:27:44.0203 2212 NetBT ( Rootkit.Win32.ZAccess.aml ) - infected

09:27:44.0203 2212 NetBT - detected Rootkit.Win32.ZAccess.aml (0)

09:27:44.0234 2212 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:27:44.0359 2212 NIC1394 - ok

09:27:44.0390 2212 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:27:44.0531 2212 Npfs - ok

09:27:44.0546 2212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:27:44.0703 2212 Ntfs - ok

09:27:44.0750 2212 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:27:44.0875 2212 Null - ok

09:27:44.0906 2212 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:27:45.0046 2212 NwlnkFlt - ok

09:27:45.0062 2212 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:27:45.0203 2212 NwlnkFwd - ok

09:27:45.0218 2212 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:27:45.0359 2212 ohci1394 - ok

09:27:45.0390 2212 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys

09:27:45.0406 2212 ossrv - ok

09:27:45.0421 2212 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:27:45.0562 2212 Parport - ok

09:27:45.0578 2212 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:27:45.0750 2212 PartMgr - ok

09:27:45.0765 2212 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:27:45.0906 2212 ParVdm - ok

09:27:45.0921 2212 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:27:46.0062 2212 PCI - ok

09:27:46.0078 2212 PCIDump - ok

09:27:46.0093 2212 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

09:27:46.0250 2212 PCIIde - ok

09:27:46.0281 2212 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:27:46.0421 2212 Pcmcia - ok

09:27:46.0437 2212 PDCOMP - ok

09:27:46.0453 2212 PDFRAME - ok

09:27:46.0453 2212 PDRELI - ok

09:27:46.0468 2212 PDRFRAME - ok

09:27:46.0484 2212 perc2 - ok

09:27:46.0500 2212 perc2hib - ok

09:27:46.0546 2212 PfDetNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys

09:27:46.0562 2212 PfDetNT - ok

09:27:46.0562 2212 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys

09:27:46.0593 2212 PfModNT - ok

09:27:46.0609 2212 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:27:46.0750 2212 PptpMiniport - ok

09:27:46.0765 2212 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:27:46.0906 2212 PSched - ok

09:27:46.0937 2212 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:27:47.0062 2212 Ptilink - ok

09:27:47.0078 2212 ql1080 - ok

09:27:47.0093 2212 Ql10wnt - ok

09:27:47.0109 2212 ql12160 - ok

09:27:47.0125 2212 ql1240 - ok

09:27:47.0140 2212 ql1280 - ok

09:27:47.0156 2212 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:27:47.0296 2212 RasAcd - ok

09:27:47.0312 2212 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:27:47.0437 2212 Rasl2tp - ok

09:27:47.0453 2212 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:27:47.0593 2212 RasPppoe - ok

09:27:47.0593 2212 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:27:47.0734 2212 Raspti - ok

09:27:47.0765 2212 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:27:47.0906 2212 Rdbss - ok

09:27:47.0921 2212 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:27:48.0046 2212 RDPCDD - ok

09:27:48.0062 2212 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:27:48.0203 2212 rdpdr - ok

09:27:48.0234 2212 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

09:27:48.0312 2212 RDPWD - ok

09:27:48.0328 2212 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:27:48.0468 2212 redbook - ok

09:27:48.0531 2212 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

09:27:48.0609 2212 RTL8023xp - ok

09:27:48.0656 2212 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

09:27:48.0765 2212 rtl8139 - ok

09:27:48.0796 2212 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:27:48.0937 2212 Secdrv - ok

09:27:48.0953 2212 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

09:27:49.0093 2212 Serial - ok

09:27:49.0125 2212 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:27:49.0265 2212 Sfloppy - ok

09:27:49.0281 2212 Simbad - ok

09:27:49.0296 2212 Sparrow - ok

09:27:49.0328 2212 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:27:49.0468 2212 splitter - ok

09:27:49.0500 2212 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:27:49.0625 2212 sr - ok

09:27:49.0656 2212 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:27:49.0718 2212 Srv - ok

09:27:49.0765 2212 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:27:49.0890 2212 swenum - ok

09:27:49.0937 2212 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:27:50.0078 2212 swmidi - ok

09:27:50.0093 2212 symc810 - ok

09:27:50.0109 2212 symc8xx - ok

09:27:50.0125 2212 sym_hi - ok

09:27:50.0125 2212 sym_u3 - ok

09:27:50.0156 2212 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:27:50.0296 2212 sysaudio - ok

09:27:50.0343 2212 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:27:50.0421 2212 Tcpip - ok

09:27:50.0437 2212 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:27:50.0578 2212 TDPIPE - ok

09:27:50.0640 2212 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:27:50.0781 2212 TDTCP - ok

09:27:50.0796 2212 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:27:50.0937 2212 TermDD - ok

09:27:50.0953 2212 TosIde - ok

09:27:51.0000 2212 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:27:51.0140 2212 Udfs - ok

09:27:51.0156 2212 ultra - ok

09:27:51.0187 2212 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:27:51.0328 2212 Update - ok

09:27:51.0375 2212 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:27:51.0515 2212 usbehci - ok

09:27:51.0531 2212 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:27:51.0656 2212 usbhub - ok

09:27:51.0703 2212 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:27:51.0828 2212 usbscan - ok

09:27:51.0843 2212 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:27:51.0968 2212 usbstor - ok

09:27:52.0000 2212 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:27:52.0125 2212 usbuhci - ok

09:27:52.0140 2212 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:27:52.0281 2212 VgaSave - ok

09:27:52.0296 2212 ViaIde - ok

09:27:52.0312 2212 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:27:52.0453 2212 VolSnap - ok

09:27:52.0468 2212 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:27:52.0609 2212 Wanarp - ok

09:27:52.0640 2212 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

09:27:52.0671 2212 Wdf01000 - ok

09:27:52.0687 2212 WDICA - ok

09:27:52.0734 2212 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:27:52.0859 2212 wdmaud - ok

09:27:52.0906 2212 WinDriver6 (8741604ecc3c006b7d2f769bf55dea9a) C:\WINDOWS\system32\drivers\windrvr6.sys

09:27:52.0937 2212 WinDriver6 - ok

09:27:53.0046 2212 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:27:53.0078 2212 WudfPf - ok

09:27:53.0109 2212 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:27:53.0125 2212 WudfRd - ok

09:27:53.0171 2212 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys

09:27:53.0218 2212 xusb21 - ok

09:27:53.0250 2212 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:27:53.0437 2212 \Device\Harddisk0\DR0 - ok

09:27:53.0437 2212 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

09:27:53.0671 2212 \Device\Harddisk1\DR1 - ok

09:27:53.0671 2212 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

09:27:53.0937 2212 \Device\Harddisk2\DR2 - ok

09:27:53.0953 2212 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk7\DR10

09:27:54.0218 2212 \Device\Harddisk7\DR10 - ok

09:27:54.0218 2212 Boot (0x1200) (a6b55f714232a802214ade61d94786d5) \Device\Harddisk0\DR0\Partition0

09:27:54.0218 2212 \Device\Harddisk0\DR0\Partition0 - ok

09:27:54.0218 2212 Boot (0x1200) (8bf25607fc2b2e1877fa3ea4451497fa) \Device\Harddisk1\DR1\Partition0

09:27:54.0234 2212 \Device\Harddisk1\DR1\Partition0 - ok

09:27:54.0234 2212 Boot (0x1200) (f3f8f897c005eca6ca5ad6221fbf1923) \Device\Harddisk2\DR2\Partition0

09:27:54.0234 2212 \Device\Harddisk2\DR2\Partition0 - ok

09:27:54.0234 2212 Boot (0x1200) (da83987279a23436db113ecc364f6440) \Device\Harddisk7\DR10\Partition0

09:27:54.0234 2212 \Device\Harddisk7\DR10\Partition0 - ok

09:27:54.0234 2212 ============================================================

09:27:54.0234 2212 Scan finished

09:27:54.0234 2212 ============================================================

09:27:54.0359 1512 Detected object count: 6

09:27:54.0359 1512 Actual detected object count: 6

09:28:54.0406 1512 ATI Remote Wonder II ( UnsignedFile.Multi.Generic ) - skipped by user

09:28:54.0406 1512 ATI Remote Wonder II ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:28:54.0406 1512 gUSBSTOi ( UnsignedFile.Multi.Generic ) - skipped by user

09:28:54.0406 1512 gUSBSTOi ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:28:54.0406 1512 LHidKe ( UnsignedFile.Multi.Generic ) - skipped by user

09:28:54.0406 1512 LHidKe ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:28:54.0406 1512 LHidUsbK ( UnsignedFile.Multi.Generic ) - skipped by user

09:28:54.0406 1512 LHidUsbK ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:28:54.0406 1512 LMouKE ( UnsignedFile.Multi.Generic ) - skipped by user

09:28:54.0406 1512 LMouKE ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:28:54.0734 1512 Backup copy found, using it..

09:28:54.0750 1512 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot

09:28:56.0156 1512 NetBT ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure

09:29:05.0796 3144 Deinitialize success

Link to post
Share on other sites

These two are the OTL and then Extras...

(Also I noticed alot of folders are greyed out such as Windows Update in C://...just wanted to be sure it's according to plan lol)

OTL logfile created on: 12/5/2011 9:36:06 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daniel Moulton\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 80.61% Memory free

4.97 Gb Paging File | 4.37 Gb Available in Paging File | 87.98% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 596.17 Gb Total Space | 560.17 Gb Free Space | 93.96% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 464.95 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Drive E: | 465.76 Gb Total Space | 455.75 Gb Free Space | 97.85% Space Free | Partition Type: NTFS

Drive J: | 625.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive K: | 565.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIEL-46C1FCFD | User Name: Daniel Moulton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Daniel Moulton\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()

PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)

PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe (3B Software, Inc.)

PRC - C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE (ATI Technologies Inc.)

PRC - C:\Program Files\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)

PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()

MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()

MOD - C:\Program Files\AIM\nssckbi.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

MOD - C:\WINDOWS\system32\quartz.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - C:\WINDOWS\system32\ati2evxx.dll ()

========== Win32 Services (SafeList) ==========

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)

DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)

DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)

DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)

DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)

DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)

DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)

DRV - (CTERFXFX.DLL) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)

DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)

DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)

DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)

DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)

DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)

DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)

DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)

DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)

DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)

DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)

DRV - (gUSBSTOi) -- C:\Documents and Settings\Daniel Moulton\Local Settings\Temp\gUSBSTOi.sys ()

DRV - (ATI Remote Wonder II) -- C:\WINDOWS\system32\drivers\atirwvd.sys (Jungo)

DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)

DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)

DRV - (PfDetNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/07/05 19:53:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/07/06 05:02:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/03 18:29:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/03 20:50:22 | 000,000,000 | ---D | M]

[2011/07/29 21:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Moulton\Application Data\Mozilla\Extensions

[2011/11/11 02:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Moulton\Application Data\Mozilla\Firefox\Profiles\xkdh7a18.default\extensions

[2011/11/11 02:00:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Daniel Moulton\Application Data\Mozilla\Firefox\Profiles\xkdh7a18.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/07/29 21:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/12/03 20:50:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/12/03 18:29:49 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4

[2011/12/03 20:50:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 03:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 03:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2010/01/01 03:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/12/03 20:50:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2010/01/01 03:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003..\Run: [] File not found

O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)

O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE (ATI Technologies Inc.)

O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()

O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe (3B Software, Inc.)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [setDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)

O4 - HKU\S-1-5-18..\RunOnce: [setDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Daniel Moulton\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

O4 - Startup: C:\Documents and Settings\Daniel Moulton\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O15 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F74B553A-C996-4A40-A6A2-98104FD9DD76}: DhcpNameServer = 68.87.71.230 68.87.73.246

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/07/05 16:12:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/10/28 02:15:07 | 000,000,000 | ---D | M] - E:\Autopilot Off -- [ NTFS ]

O32 - AutoRun File - [2006/04/11 18:15:11 | 000,323,584 | R--- | M] (Nival Interactive) - J:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2006/04/05 19:38:16 | 000,050,534 | R--- | M] () - J:\AutoRun.ico -- [ CDFS ]

O32 - AutoRun File - [2006/04/20 00:29:22 | 000,000,000 | R--D | M] - J:\Autorun -- [ CDFS ]

O32 - AutoRun File - [2003/03/14 14:03:15 | 000,000,047 | R--- | M] () - J:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2003/01/26 20:00:00 | 000,000,054 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{37a621b4-a727-11e0-8e5d-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{37a621b4-a727-11e0-8e5d-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{37a621b4-a727-11e0-8e5d-806d6172696f}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- [2006/04/11 18:15:11 | 000,323,584 | R--- | M] (Nival Interactive)

O33 - MountPoints2\{37a621b5-a727-11e0-8e5d-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{37a621b5-a727-11e0-8e5d-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{37a621b5-a727-11e0-8e5d-806d6172696f}\Shell\AutoRun\command - "" = K:\CTRun\START.EXE -- [2002/06/19 20:02:00 | 000,057,344 | R--- | M] (Creative Technology Ltd.)

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe -- [2006/04/11 18:15:11 | 000,323,584 | R--- | M] (Nival Interactive)

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\CTRun\START.EXE -- [2002/06/19 20:02:00 | 000,057,344 | R--- | M] (Creative Technology Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 23:46:30 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/12/04 19:10:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2011/12/03 21:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3B Software

[2011/12/03 21:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\3B Software

[2011/12/03 20:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/12/03 18:41:32 | 000,000,000 | -H-D | C] -- C:\$AVG

[2011/12/03 18:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Moulton\Application Data\AVG2012

[2011/12/03 18:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012

[2011/12/03 18:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2011/12/03 18:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2011/12/03 17:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/12/03 17:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/12/03 15:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/03 14:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Moulton\Application Data\Malwarebytes

[2011/12/03 14:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/12/03 14:22:29 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/12/03 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/11/27 23:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Moulton\Desktop\L2A1 Chaos

[2011/11/24 17:22:31 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2011/11/24 17:22:31 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2011/11/24 03:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Moulton\Tracing

[2011/11/24 03:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2011/11/24 03:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2011/11/24 03:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2011/11/24 03:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live

[2011/11/24 03:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2011/11/24 03:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2011/11/22 02:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fallen Earth

[2011/11/22 02:26:47 | 000,000,000 | ---D | C] -- C:\Games

[2011/11/21 14:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free File Opener

[2011/11/21 14:57:20 | 006,600,192 | ---- | C] (Mirage Systems) -- C:\WINDOWS\System32\licprotector310.exe

[2011/11/21 14:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Free File Opener

[2011/11/21 14:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\Free File Opener

[2011/07/05 17:21:45 | 000,135,168 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

[2003/10/06 01:38:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[2003/03/13 20:33:40 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/05 09:30:42 | 004,933,913 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000004-00001102-00000004-20021102}.CDF

[2011/12/05 09:30:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/05 09:30:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/05 09:29:27 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000004-00001102-00000004-20021102}.rfx

[2011/12/05 09:29:27 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000004-00001102-00000004-20021102}.rfx

[2011/12/05 09:29:27 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000004-00001102-00000004-20021102}.rfx

[2011/12/05 09:29:27 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000004-00001102-00000004-20021102}.rfx

[2011/12/05 09:29:27 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000004-00001102-00000004-20021102}.rfx

[2011/12/05 09:29:06 | 004,933,913 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000004-00001102-00000004-20021102}.BAK

[2011/12/05 09:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2011/12/05 09:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2011/12/05 08:55:19 | 111,434,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/12/05 00:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2011/12/05 00:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2011/12/05 00:06:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/04 23:46:30 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/12/04 23:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At48.job

[2011/12/04 23:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At47.job

[2011/12/04 06:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2011/12/04 06:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2011/12/04 05:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2011/12/04 05:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2011/12/04 04:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2011/12/04 04:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2011/12/04 03:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2011/12/04 03:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2011/12/04 02:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2011/12/04 02:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2011/12/04 01:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2011/12/04 01:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2011/12/03 21:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At44.job

[2011/12/03 21:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At43.job

[2011/12/03 21:10:13 | 000,001,936 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Desktop\Windows Registry Repair Pro.lnk

[2011/12/03 20:49:44 | 001,588,804 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-12-04-01-49.dmp

[2011/12/03 20:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At42.job

[2011/12/03 20:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At41.job

[2011/12/03 19:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At40.job

[2011/12/03 19:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job

[2011/12/03 18:29:49 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2011/12/03 18:15:41 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At38.job

[2011/12/03 18:15:41 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At37.job

[2011/12/03 17:35:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3s6h0T.com.b

[2011/12/03 17:35:23 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SA7287P.dat

[2011/12/03 17:34:46 | 000,001,712 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\t1yq4mb4e5c4rsdkwn14dgv1ke1f3sv1ig840

[2011/12/03 17:34:45 | 000,001,712 | -HS- | M] () -- C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\t1yq4mb4e5c4rsdkwn14dgv1ke1f3sv1ig840

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At46.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At36.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At34.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At32.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At30.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At28.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At26.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At35.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At33.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At31.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At29.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At27.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At25.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2011/12/03 17:29:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/03 14:22:45 | 000,014,634 | -HS- | M] () -- C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\3m08wy1n12n341

[2011/12/03 14:22:45 | 000,014,634 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3m08wy1n12n341

[2011/12/02 14:18:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2011/12/01 20:27:35 | 000,119,656 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Desktop\SS_have_i_seen_that_car_general_lee.jpg

[2011/11/30 22:39:58 | 000,101,147 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Desktop\Ford RS200 - Mark Lovell.jpg

[2011/11/30 01:32:58 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys

[2011/11/29 05:04:47 | 000,051,835 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Desktop\1322560715786.jpg

[2011/11/27 23:16:43 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/27 23:03:08 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Desktop\WinRAR.lnk

[2011/11/25 17:59:18 | 000,794,663 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-25-22-59.dmp

[2011/11/24 22:20:06 | 000,002,296 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\.recently-used.xbel

[2011/11/24 05:14:13 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/22 23:19:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/11/22 19:52:04 | 001,415,774 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-23-00-52.dmp

[2011/11/22 19:22:01 | 001,253,950 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-23-00-22.dmp

[2011/11/22 18:30:29 | 001,064,012 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-22-23-30.dmp

[2011/11/22 08:15:24 | 001,347,645 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-22-13-15.dmp

[2011/11/22 06:11:03 | 000,167,506 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Application Data\icarus-dxdiag.xml

[2011/11/22 02:27:08 | 000,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Fallen Earth.lnk

[2011/11/22 02:25:31 | 261,774,336 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Desktop\FallenEarth.msi

[2011/11/21 14:57:23 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk

[2011/11/21 14:57:23 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free File Opener.lnk

[2011/11/11 03:01:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/11/06 01:23:14 | 000,502,216 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/06 01:23:14 | 000,086,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/03 21:10:13 | 000,001,936 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Desktop\Windows Registry Repair Pro.lnk

[2011/12/03 20:49:44 | 001,588,804 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-12-04-01-49.dmp

[2011/12/03 18:29:49 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2011/12/03 17:35:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3s6h0T.com.b

[2011/12/03 17:32:45 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At48.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At46.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At44.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At42.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At40.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At38.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At47.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At45.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At43.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At41.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At39.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At37.job

[2011/12/03 17:32:45 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SA7287P.dat

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At36.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At34.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At32.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At30.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At28.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At26.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At35.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At33.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At31.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At29.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At27.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At25.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2011/12/03 17:18:27 | 000,001,712 | -HS- | C] () -- C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\t1yq4mb4e5c4rsdkwn14dgv1ke1f3sv1ig840

[2011/12/03 17:18:27 | 000,001,712 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t1yq4mb4e5c4rsdkwn14dgv1ke1f3sv1ig840

[2011/12/03 14:22:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/02 14:18:01 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2011/12/02 04:27:23 | 000,014,634 | -HS- | C] () -- C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\3m08wy1n12n341

[2011/12/02 04:27:23 | 000,014,634 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3m08wy1n12n341

[2011/12/01 20:27:34 | 000,119,656 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Desktop\SS_have_i_seen_that_car_general_lee.jpg

[2011/11/30 22:14:13 | 000,101,147 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Desktop\Ford RS200 - Mark Lovell.jpg

[2011/11/29 05:04:47 | 000,051,835 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Desktop\1322560715786.jpg

[2011/11/27 23:03:07 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Desktop\WinRAR.lnk

[2011/11/25 17:59:17 | 000,794,663 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-25-22-59.dmp

[2011/11/24 22:20:06 | 000,002,296 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\.recently-used.xbel

[2011/11/24 00:23:38 | 085,495,232 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Desktop\xvideos.com_30668e0bd27314cb6362368a3b044d73.flv

[2011/11/22 19:52:04 | 001,415,774 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-23-00-52.dmp

[2011/11/22 19:22:00 | 001,253,950 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-23-00-22.dmp

[2011/11/22 18:30:28 | 001,064,012 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-22-23-30.dmp

[2011/11/22 08:15:22 | 001,347,645 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Fallen Earth_2.54.0.3_2011-11-22-13-15.dmp

[2011/11/22 06:11:03 | 000,167,506 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Application Data\icarus-dxdiag.xml

[2011/11/22 02:27:08 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Fallen Earth.lnk

[2011/11/22 02:17:43 | 261,774,336 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Desktop\FallenEarth.msi

[2011/11/21 14:57:23 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Application Data\Microsoft\Internet Explorer\Quick Launch\Free File Opener.lnk

[2011/11/21 14:57:23 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free File Opener.lnk

[2011/09/23 12:32:23 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin

[2011/09/21 10:12:56 | 000,001,466 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/08/29 21:34:21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/29 21:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/07/21 13:44:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI

[2011/07/07 01:04:24 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/05 21:32:46 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

[2011/07/05 19:04:11 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000004-00001102-00000004-20021102}.dat

[2011/07/05 19:04:11 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000004-00001102-00000004-20021102}.dat

[2011/07/05 19:03:42 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT

[2011/07/05 19:03:17 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2011/07/05 19:03:16 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT

[2011/07/05 19:02:32 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat

[2011/07/05 19:00:45 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2011/07/05 17:21:50 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2011/07/05 16:14:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/07/05 16:09:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/07/05 12:01:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/07/05 12:00:25 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll

[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll

[2007/04/09 11:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe

[2007/04/09 11:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2007/04/09 11:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe

[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll

[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 07:00:00 | 000,502,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 07:00:00 | 000,086,682 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/07/17 21:07:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

[2004/07/17 21:06:19 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

[2004/01/28 10:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini

[2003/12/25 22:53:28 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini

[2003/10/21 04:54:50 | 000,217,272 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2003/10/21 04:54:48 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat

[2003/10/21 04:54:42 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat

[2003/10/21 04:50:46 | 000,112,411 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2003/10/21 04:50:44 | 000,230,201 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT

[2003/10/21 04:47:40 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2003/10/21 04:47:34 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2003/10/06 01:59:00 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2003/10/06 01:48:42 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2003/03/21 04:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

[2002/09/15 22:59:46 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI

[2001/06/27 22:05:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe

[2000/04/25 12:58:08 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wrkgadm.exe

========== LOP Check ==========

[2011/07/05 22:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2011/12/03 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/12/04 22:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2011/07/05 21:59:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/12/05 08:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/07/05 22:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/07/06 05:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Moulton\Application Data\acccore

[2011/07/05 22:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Moulton\Application Data\AVG10

[2011/12/03 18:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Moulton\Application Data\AVG2012

[2011/10/14 20:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Moulton\Application Data\gtk-2.0

[2011/07/05 21:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Moulton\Application Data\Leadertech

[2011/09/12 23:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Moulton\Application Data\Tibia

[2011/07/05 19:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Moulton\Application Data\Windows Desktop Search

[2011/07/25 12:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Moulton\Application Data\Windows Search

[2011/07/06 04:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Moulton\Application Data\X10 Commander

[2011/12/05 00:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2011/12/04 04:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2011/12/04 05:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2011/12/04 05:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2011/12/04 06:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2011/12/04 06:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2011/12/03 17:32:44 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2011/12/05 09:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2011/12/05 00:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2011/12/05 09:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2011/12/03 17:32:44 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job

[2011/12/04 01:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job

[2011/12/03 18:15:41 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job

[2011/12/03 18:15:41 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job

[2011/12/03 19:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job

[2011/12/04 01:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2011/12/03 19:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job

[2011/12/03 20:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job

[2011/12/03 20:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job

[2011/12/03 21:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job

[2011/12/03 21:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job

[2011/12/03 17:32:45 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job

[2011/12/03 17:32:45 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job

[2011/12/04 23:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job

[2011/12/04 23:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job

[2011/12/04 02:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2011/12/04 02:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2011/12/04 03:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2011/12/04 03:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2011/12/04 04:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 12/5/2011 9:36:06 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daniel Moulton\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 80.61% Memory free

4.97 Gb Paging File | 4.37 Gb Available in Paging File | 87.98% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 596.17 Gb Total Space | 560.17 Gb Free Space | 93.96% Space Free | Partition Type: NTFS

Drive D: | 465.76 Gb Total Space | 464.95 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Drive E: | 465.76 Gb Total Space | 455.75 Gb Free Space | 97.85% Space Free | Partition Type: NTFS

Drive J: | 625.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive K: | 565.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIEL-46C1FCFD | User Name: Daniel Moulton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1229272821-1177238915-839522115-1003\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480 -- ()

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Documents and Settings\Daniel Moulton\My Documents\Downloads\Painkiller_Windows_Server_1.62\Bin\PKConsoleServer.exe" = C:\Documents and Settings\Daniel Moulton\My Documents\Downloads\Painkiller_Windows_Server_1.62\Bin\PKConsoleServer.exe:*:Disabled:PKConsoleServer -- ()

"C:\Westwood\RA2\patchget.dat" = C:\Westwood\RA2\patchget.dat:*:Enabled:patchgrabber -- (Westwood Studios)

"C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe" = C:\Program Files\Ubisoft\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- ()

"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield

"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V

"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4

"{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012

"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012

"{82448C0D-FB2A-4E10-9F2C-F404F067A85B}" = Fallen Earth

"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center

"{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder 2

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{93AE605A-3FD6-40B7-A7EA-D64DA4EABF21}" = Grand Theft Auto

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EB0E3879-24B3-4FDC-9592-18A12B825EBC}" = Grand Theft Auto: London, 1969

"{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIM_7" = AIM 7

"Alarm Clock_is1" = Alarm Clock v1.00

"ATI Display Driver" = ATI Display Driver

"AVG" = AVG 2012

"Free File Opener_is1" = Free File Opener v2011.7.0.1

"GameSpy Arcade" = GameSpy Arcade

"Guild Wars" = Guild Wars

"ie8" = Windows Internet Explorer 8

"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center 9.01

"InstallShield_{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder 2.5

"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"InstallShield_{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Painkiller" = Painkiller

"Painkiller - Battle Out Of Hell" = Painkiller - Battle Out Of Hell

"Red Alert 2" = Command & Conquer Red Alert 2

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"sp6" = Logitech SetPoint 6.30

"SysInfo" = Creative System Information

"Tibia_is1" = Tibia

"VLC media player" = VLC media player 1.1.11

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows Registry Repair Pro_is1" = Windows Registry Repair Pro

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winrar 3.93" = Winrar 3.93

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"WOLAPI" = Westwood Shared Internet Components

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/19/2011 12:23:44 PM | Computer Name = DANIEL-46C1FCFD | Source = Application Error | ID = 1000

Description = Faulting application spkrcal.exe, version 1.0.3.1, faulting module

openal32.dll, version 5.12.1.441, fault address 0x00010636.

Error - 9/21/2011 12:53:33 AM | Computer Name = DANIEL-46C1FCFD | Source = Application Hang | ID = 1002

Description = Hanging application game.exe, version 1.0.0.1, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2011 12:53:36 AM | Computer Name = DANIEL-46C1FCFD | Source = Application Hang | ID = 1001

Description = Fault bucket 01945281.

Error - 9/22/2011 6:25:23 AM | Computer Name = DANIEL-46C1FCFD | Source = Application Error | ID = 1000

Description = Faulting application painkiller.exe, version 1.0.0.1, faulting module

unknown, version 0.0.0.0, fault address 0x03425236.

Error - 9/22/2011 6:25:32 AM | Computer Name = DANIEL-46C1FCFD | Source = Application Error | ID = 1001

Description = Fault bucket 101681694.

Error - 9/22/2011 1:02:23 PM | Computer Name = DANIEL-46C1FCFD | Source = Application Error | ID = 1000

Description = Faulting application painkiller.exe, version 1.0.0.1, faulting module

unknown, version 0.0.0.0, fault address 0x0342524a.

Error - 9/22/2011 2:12:58 PM | Computer Name = DANIEL-46C1FCFD | Source = Application Error | ID = 1000

Description = Faulting application painkiller.exe, version 1.0.0.1, faulting module

unknown, version 0.0.0.0, fault address 0x03425236.

Error - 9/22/2011 2:13:02 PM | Computer Name = DANIEL-46C1FCFD | Source = Application Error | ID = 1001

Description = Fault bucket 101681694.

Error - 10/15/2011 11:45:52 PM | Computer Name = DANIEL-46C1FCFD | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

Error - 10/23/2011 7:35:50 PM | Computer Name = DANIEL-46C1FCFD | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 12/5/2011 10:28:15 AM | Computer Name = DANIEL-46C1FCFD | Source = Service Control Manager | ID = 7023

Description = The Network Location Awareness (NLA) service terminated with the following

error: %%127

Error - 12/5/2011 10:30:20 AM | Computer Name = DANIEL-46C1FCFD | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring

the volume.

Error - 12/5/2011 10:30:41 AM | Computer Name = DANIEL-46C1FCFD | Source = DCOM | ID = 10005

Description = DCOM got error "%1055" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/5/2011 10:30:41 AM | Computer Name = DANIEL-46C1FCFD | Source = DCOM | ID = 10005

Description = DCOM got error "%1055" attempting to start the service iPod Service

with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 12/5/2011 10:30:42 AM | Computer Name = DANIEL-46C1FCFD | Source = DCOM | ID = 10005

Description = DCOM got error "%1055" attempting to start the service winmgmt with

arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 12/5/2011 10:30:42 AM | Computer Name = DANIEL-46C1FCFD | Source = DCOM | ID = 10005

Description = DCOM got error "%1055" attempting to start the service BITS with arguments

"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 12/5/2011 10:30:42 AM | Computer Name = DANIEL-46C1FCFD | Source = DCOM | ID = 10005

Description = DCOM got error "%1055" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/5/2011 10:30:42 AM | Computer Name = DANIEL-46C1FCFD | Source = DCOM | ID = 10005

Description = DCOM got error "%1055" attempting to start the service WSearch with

arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 12/5/2011 10:31:46 AM | Computer Name = DANIEL-46C1FCFD | Source = Service Control Manager | ID = 7000

Description = The PfModNT service failed to start due to the following error: %%2

Error - 12/5/2011 10:31:46 AM | Computer Name = DANIEL-46C1FCFD | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

PCIIde

< End of report >

Link to post
Share on other sites

(Also I noticed alot of folders are greyed out such as Windows Update in C://...just wanted to be sure it's according to plan lol)

You mean that they are not hidden anymore?

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-1229272821-1177238915-839522115-1003..\Run: [] File not found
[2011/12/03 21:10:13 | 000,001,936 | ---- | M] () -- C:\Documents and Settings\Daniel Moulton\Desktop\Windows Registry Repair Pro.lnk
[2011/12/03 17:35:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3s6h0T.com.b
[2011/12/03 17:35:23 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SA7287P.dat
[2011/12/03 17:34:46 | 000,001,712 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\t1yq4mb4e5c4rsdkwn14dgv1ke1f3sv1ig840
[2011/12/03 17:34:45 | 000,001,712 | -HS- | M] () -- C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\t1yq4mb4e5c4rsdkwn14dgv1ke1f3sv1ig840
[2011/12/03 14:22:45 | 000,014,634 | -HS- | M] () -- C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\3m08wy1n12n341
[2011/12/03 14:22:45 | 000,014,634 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3m08wy1n12n341
[2011/07/05 21:32:46 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

:files
C:\WINDOWS\tasks\*.job

:Commands
[emptytemp]
[resethosts]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

Yeah.. maybe that's what it was.. Alright, here's the TXT...

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1229272821-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

C:\Documents and Settings\Daniel Moulton\Desktop\Windows Registry Repair Pro.lnk moved successfully.

C:\WINDOWS\system32\3s6h0T.com.b moved successfully.

C:\Documents and Settings\All Users\Application Data\SA7287P.dat moved successfully.

C:\Documents and Settings\All Users\Application Data\t1yq4mb4e5c4rsdkwn14dgv1ke1f3sv1ig840 moved successfully.

C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\t1yq4mb4e5c4rsdkwn14dgv1ke1f3sv1ig840 moved successfully.

C:\Documents and Settings\Daniel Moulton\Local Settings\Application Data\3m08wy1n12n341 moved successfully.

C:\Documents and Settings\All Users\Application Data\3m08wy1n12n341 moved successfully.

C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe moved successfully.

========== FILES ==========

C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.

C:\WINDOWS\tasks\At1.job moved successfully.

C:\WINDOWS\tasks\At10.job moved successfully.

C:\WINDOWS\tasks\At11.job moved successfully.

C:\WINDOWS\tasks\At12.job moved successfully.

C:\WINDOWS\tasks\At13.job moved successfully.

C:\WINDOWS\tasks\At14.job moved successfully.

C:\WINDOWS\tasks\At15.job moved successfully.

C:\WINDOWS\tasks\At16.job moved successfully.

C:\WINDOWS\tasks\At17.job moved successfully.

C:\WINDOWS\tasks\At18.job moved successfully.

C:\WINDOWS\tasks\At19.job moved successfully.

C:\WINDOWS\tasks\At2.job moved successfully.

C:\WINDOWS\tasks\At20.job moved successfully.

C:\WINDOWS\tasks\At21.job moved successfully.

C:\WINDOWS\tasks\At22.job moved successfully.

C:\WINDOWS\tasks\At23.job moved successfully.

C:\WINDOWS\tasks\At24.job moved successfully.

C:\WINDOWS\tasks\At25.job moved successfully.

C:\WINDOWS\tasks\At26.job moved successfully.

C:\WINDOWS\tasks\At27.job moved successfully.

C:\WINDOWS\tasks\At28.job moved successfully.

C:\WINDOWS\tasks\At29.job moved successfully.

C:\WINDOWS\tasks\At3.job moved successfully.

C:\WINDOWS\tasks\At30.job moved successfully.

C:\WINDOWS\tasks\At31.job moved successfully.

C:\WINDOWS\tasks\At32.job moved successfully.

C:\WINDOWS\tasks\At33.job moved successfully.

C:\WINDOWS\tasks\At34.job moved successfully.

C:\WINDOWS\tasks\At35.job moved successfully.

C:\WINDOWS\tasks\At36.job moved successfully.

C:\WINDOWS\tasks\At37.job moved successfully.

C:\WINDOWS\tasks\At38.job moved successfully.

C:\WINDOWS\tasks\At39.job moved successfully.

C:\WINDOWS\tasks\At4.job moved successfully.

C:\WINDOWS\tasks\At40.job moved successfully.

C:\WINDOWS\tasks\At41.job moved successfully.

C:\WINDOWS\tasks\At42.job moved successfully.

C:\WINDOWS\tasks\At43.job moved successfully.

C:\WINDOWS\tasks\At44.job moved successfully.

C:\WINDOWS\tasks\At45.job moved successfully.

C:\WINDOWS\tasks\At46.job moved successfully.

C:\WINDOWS\tasks\At47.job moved successfully.

C:\WINDOWS\tasks\At48.job moved successfully.

C:\WINDOWS\tasks\At5.job moved successfully.

C:\WINDOWS\tasks\At6.job moved successfully.

C:\WINDOWS\tasks\At7.job moved successfully.

C:\WINDOWS\tasks\At8.job moved successfully.

C:\WINDOWS\tasks\At9.job moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Daniel Moulton

->Temp folder emptied: 5433919699 bytes

->Temporary Internet Files folder emptied: 781104201 bytes

->Java cache emptied: 137446 bytes

->FireFox cache emptied: 145602991 bytes

->Flash cache emptied: 104495 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 420611814 bytes

->Java cache emptied: 5795 bytes

->Flash cache emptied: 21589 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2163697 bytes

%systemroot%\System32 .tmp files removed: 328398 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 445352410 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 38156406 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 607260 bytes

Total Files Cleaned = 6,932.00 mb

HOSTS file reset successfully

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12052011_222335

Files\Folders moved on Reboot...

C:\Documents and Settings\Daniel Moulton\Local Settings\Temp\IadHide4.dll moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Do the opposite here and they will hide again:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/win_fcab_show_file_extensions.mspx?mfr=true

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.