Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirects, random popups, can't update


  • This topic is locked This topic is locked
21 replies to this topic

#1 CrisGer

CrisGer

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:09:02 PM

Posted 12 April 2010 - 11:46 PM

Last night i found two unknown processes in my task manager, i deleted both from the Temp folder but now i have random pops on Skype suggesting an security update is needed, i get redirects when i use Google, i can usually get thru the second or third time i try to search...and i cant update Spybot, or Malware AntiMalwarebytes....i suspect i have a hidden malware.

I ran Spybot many times, and found a trojan and it killed it, ..and Malware found a bad thing too, but now neither finds anything bad. but i still get the popups, get redirected to some generic scam sites....and cant update the two active anti virus scanners i use. I intalled Avira but it has not indicated anything wrong yet. I also turned the XP firewall on as instructed.

I have posted the requested logs below:

and will await instructructions. I have Avira Anti Virus installed and i cant turn it off ..so i will have to uninstall it when we start the work. There is no way to disable it that i have found. btw.

thanks in advance for help on this, and i will keep scanning with Malwarebytes....in hopes of finding the culprit.

cheers and thanks...and to save time, i wont change my IE browser version ..i use IE6 for several reasons..so just to save time on that. smile.gif thanks.

PS tonight for a while i had a new program running in my task manager called dllhost.exe...i had not seen it before... i found a program with that name in the Sys.32 folder but was not sure if it was what was runnning. I want to get this posted and into the line so i will add the ark.txt log once it gets done, it is taking a long time.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chris at 21:45:01.98 on Mon 04/12/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2543 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [YVIBBBHA8C] c:\docume~1\chris\locals~1\temp\Wvb.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: JWord でサイト検索 - c:\progra~1\jword\plugin2\jwdsrch.dll/300
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: advrider.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.164.101,93.188.161.167
TCP: {56275F83-A414-4D41-996B-34A8C0BD9093} = 93.188.164.101,93.188.161.167
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-8-29 116264]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2009-4-20 10112]
R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\drivers\tdrpm140.sys [2009-4-29 971168]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-11 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-11 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-11 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-15 60936]
S4 asbp2poa;asbp2poa;\??\c:\docume~1\chris\locals~1\temp\asbp2poa.sys --> c:\docume~1\chris\locals~1\temp\asbp2poa.sys [?]
S4 VFILT;Outpost Firewall Kernel Driver;\??\c:\progra~1\agnitum\outpos~1.0\kernel\2000\filtnt.sys --> c:\progra~1\agnitum\outpos~1.0\kernel\2000\FILTNT.SYS [?]

=============== Created Last 30 ================

2010-04-13 01:53:53 0 d-----w- c:\windows\system32\NtmsData
2010-04-13 01:49:02 0 d-----w- c:\docume~1\chris\applic~1\Avira
2010-04-12 02:26:16 0 d-----w- c:\program files\Avira
2010-04-12 02:26:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-04-11 20:42:48 183808 ----a-w- c:\windows\Wpuvua.exe
2010-04-10 14:58:40 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2010-04-09 17:59:36 0 d-----w- c:\program files\Kosmos
2010-04-06 05:17:24 0 ----a-w- C:\FileOut.Cns
2010-04-06 05:17:24 0 ----a-w- C:\FileIn.Cns
2010-04-06 00:33:25 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-04-05 23:44:30 0 d-----w- c:\program files\DDS Converter 2
2010-04-05 23:21:02 0 d-----w- c:\program files\Jasc Software Inc
2010-04-03 05:50:05 0 d-----w- c:\program files\Rail Simulator
2010-04-02 20:48:09 0 d-----w- c:\program files\700Tools
2010-03-29 01:18:45 0 d-----w- c:\program files\RW_Tools
2010-03-28 22:15:12 110592 ----a-w- c:\windows\system32\serz.exe
2010-03-28 22:15:11 0 d-----w- c:\program files\RailWorks
2010-03-28 19:35:15 45 ----a-w- c:\windows\system32\initdebug.nfo
2010-03-28 19:35:15 0 d-----w- c:\program files\SpeedFan
2010-03-26 00:36:59 0 d-----w- c:\program files\CCleaner
2010-03-22 20:45:45 56832 ------w- c:\windows\system32\mwace.dll
2010-03-22 20:45:45 53248 ------w- c:\windows\system32\mwgfxvb.dll
2010-03-22 20:45:45 49152 ------w- c:\windows\system32\mwddsvb.dll
2010-03-22 20:45:45 28672 ------w- c:\windows\system32\mwgfxcopy.exe
2010-03-22 20:45:45 27136 ------w- c:\windows\system32\mwacevb.dll
2010-03-22 20:45:45 256512 ------w- c:\windows\system32\mwdlg.dll
2010-03-22 20:45:45 237056 ------w- c:\windows\system32\mwgfx24.dll
2010-03-22 20:45:45 191488 ------w- c:\windows\system32\mwgfx.dll
2010-03-22 20:45:45 104960 ------w- c:\windows\system32\mwdds.dll
2010-03-22 20:45:25 0 d-----w- c:\program files\Route_Riter
2010-03-22 20:16:47 0 d-----w- C:\Programmi
2010-03-22 08:04:54 0 d-----w- c:\program files\ConBuilder
2010-03-22 08:04:41 249856 ------w- c:\windows\Setup1.exe
2010-03-22 08:04:39 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-22 04:34:27 0 d-----w- c:\program files\UltimateZip
2010-03-22 03:31:39 0 d-----w- C:\MLTtemp
2010-03-22 03:30:30 0 d-----w- c:\program files\Maple Leaf Tracks
2010-03-22 03:16:33 286720 ----a-w- c:\windows\iun507.exe
2010-03-20 20:46:01 0 d-----w- c:\program files\CFToolbox
2010-03-20 20:22:41 93 ----a-w- C:\Documents
2010-03-20 20:00:59 0 d-----w- c:\program files\common files\Thraex Software
2010-03-19 18:44:37 908800 ----a-w- c:\windows\system32\CP3245MT.DLL
2010-03-19 18:44:37 252408 ----a-w- c:\windows\system32\vclx40.bpl
2010-03-19 18:44:37 24064 ----a-w- c:\windows\system32\BORLNDMM.DLL
2010-03-19 18:44:37 193536 ----a-w- c:\windows\system32\bcbsmp40.bpl
2010-03-19 18:44:37 1888232 ----a-w- c:\windows\system32\VCL40.BPL
2010-03-19 18:44:37 106992 ----a-w- c:\windows\system32\vcljpg40.bpl
2010-03-19 18:44:37 0 d-----w- c:\program files\dvdata
2010-03-19 07:32:56 0 d-----w- c:\program files\AviSynth 2.5
2010-03-19 07:32:20 0 d-----w- c:\program files\eRightSoft
2010-03-19 01:02:15 4 ----a-w- C:\timestmp.tmp
2010-03-19 00:56:51 0 d-----w- c:\program files\Interactive Strip
2010-03-17 04:49:27 0 d-----w- C:\lib
2010-03-16 22:53:26 742 ----a-w- c:\windows\DC.ini
2010-03-16 03:31:24 0 d-----w- c:\program files\DOSBox-0.73
2010-03-16 01:15:54 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-15 22:45:38 0 d-----w- C:\prince2
2010-03-15 22:21:17 0 d-----w- c:\windows\system32\AGEIA
2010-03-15 22:20:56 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-15 21:32:46 292 ----a-w- c:\windows\vtmb.ini
2010-03-15 21:06:57 0 d-----w- c:\program files\Womble Multimedia
2010-03-15 19:53:35 0 d-----w- c:\program files\Uru Live
2010-03-15 19:02:36 255 ----a-w- c:\windows\wininit.ini
2010-03-15 19:02:36 206 ----a-w- c:\windows\wininit.tmp
2010-03-15 18:57:07 0 d-----w- C:\Anachronox

==================== Find3M ====================

2010-03-18 15:31:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 22:48:18 11973 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-15 20:04:41 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-02-07 20:17:45 233472 ----a-w- c:\program files\PakScape.exe
2009-03-06 20:11:10 61 --sh--w- c:\windows\cnerolf.bin
2008-12-25 22:08:49 61 --sh--w- c:\windows\cnerolf.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 21:46:52.64 ===============

QUOTE
UPDATE: Tuesday AM: I re installed Malware Antimalwarebytes but was again prevented from updating it, i am guessing by the virus. I then ran a full scan over night and it found no problems. Avira in the meantime found three, i am guessing because of the files being exposed in the Malware Antim... scan: this is what Avira found:

DR/PSW Agent.mxm was found in file D:\System Volume INformation \....A0026s63.exe Access to this file was denied. Please select a further action.

A0052295.EXE TR/Crypt.XPACK.Gen
A0017260.exe TR/Agent2.clwo


I quarenteened all three.

i await instructions here...I am getting popups from Skype every three hours or so saying:



WINDOWS REQUIRES IMMEDIATE ATTENTION
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!

http://www.updatens.org/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !

FULL DETAILS OF SCAN RESULT BELOW
****************************************

WINDOWS REQUIRES IMMEDIATE ATTENTION

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

http://www.updatens.org/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser!
[2:08:12 AM] Request Support says: WINDOWS REQUIRES IMMEDIATE ATTENTION
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!

http://www.updatens.org/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !

FULL DETAILS OF SCAN RESULT BELOW
****************************************

WINDOWS REQUIRES IMMEDIATE ATTENTION

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

http://www.updatens.org/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser!

Attached Files


Edited by CrisGer, 13 April 2010 - 09:04 AM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 17 April 2010 - 07:37 AM

Hello and welcome to Bleeping Computer

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:09:02 PM

Posted 17 April 2010 - 03:53 PM

Thank you very much for the help, i have run the scans ..as much as i could the OTL went ok but the GMER made it about 2/3 of the way thru my Program files folder and froze up. So i am posting what i have here, in hopes that it will help.

While i was running the OTL this morning my Avira found one bad file and quarenteened it. After that, i got a notice of an error for one of the files for my Avira install, saying it had been destroyed. The redirect virus or whatever it is is still active, it grabs my browser the first time i try to go anywhere in the net but after that i can re call the same address and get there.

And i still cant update either Spybot or Malware AntiMalwarebytes free version:

UPDATE:

the two viruses found today are:

Virus or unwanted program 'TR/Renos.PDC [trojan]'
detected in file 'C:\WINDOWS\Wpuvua.exe.
Action performed: Deny access

The file 'C:\WINDOWS\Wpuvua.exe'
contained a virus or unwanted program 'TR/Renos.PDC' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4e77759a.qua'.


here are the scans:

OTL logfile created on: 4/17/2010 9:28:08 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 53.51 Gb Free Space | 19.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-25CB808AE
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/17 09:23:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/30 11:34:18 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2007/07/27 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/17 09:23:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/03 22:39:54 | 000,554,264 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/30 11:34:18 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/29 09:37:20 | 000,971,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm140.sys -- (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140)
DRV - [2009/04/29 09:37:18 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/04/29 09:37:18 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/04/29 09:37:15 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/01/23 01:44:59 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2008/10/23 21:53:47 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/23 21:53:46 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/10/07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/16 01:29:53 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2008/04/25 13:31:48 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/08/29 04:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2007/07/27 06:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/22 09:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ョ 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/08/11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/11/29 12:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/11/25 10:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/10/28 04:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/04/02 16:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/09/04 06:45:44 | 000,055,144 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (si3112)
DRV - [2003/06/09 11:56:40 | 000,010,112 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
DRV - [2003/06/09 11:56:40 | 000,010,112 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003/04/19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2001/08/17 07:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



[2008/08/06 00:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/08/06 00:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\nwy1mmgu.default\extensions
[2010/03/15 13:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/03/24 01:24:39 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003..\Run: [YVIBBBHA8C] C:\DOCUME~1\Chris\LOCALS~1\Temp\Wvb.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\..Trusted Domains: advrider.com ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.101,93.188.161.167
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 11:35:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 12:11:08 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{aefa978d-12ef-11dd-83cc-c878b1e2a408}\Shell - "" = AutoRun
O33 - MountPoints2\{aefa978d-12ef-11dd-83cc-c878b1e2a408}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aefa978d-12ef-11dd-83cc-c878b1e2a408}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/20 07:23:47 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe File not found
MsConfig - StartUpReg: CTHelper - hkey= - key= - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.ir31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.ir32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 09:23:28 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/16 13:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\TB Route Update
[2010/04/16 12:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\SKIPTON CARLISLE 2
[2010/04/16 11:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\SKIPTON 1920
[2010/04/15 21:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\MSTSUK+
[2010/04/14 21:19:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2010/04/14 16:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ZEBRA
[2010/04/12 23:07:53 | 000,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 23:07:51 | 000,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 22:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\fixes
[2010/04/12 19:53:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/12 19:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Avira
[2010/04/11 20:26:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/04/11 20:26:16 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/04/11 20:26:16 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/04/11 20:26:16 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/04/11 20:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/11 20:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/04/11 12:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\workz
[2010/04/10 08:58:40 | 000,434,688 | ---- | C] (Virtualzone.de) -- C:\WINDOWS\System32\ss2uinst.exe
[2010/04/09 11:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Kosmos
[2010/04/07 17:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2010/04/07 17:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2010/04/05 18:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\SteelIXB
[2010/04/05 17:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\DDS Converter 2
[2010/04/05 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2010/04/05 10:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Taxes 2009
[2010/04/05 02:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Mama Puri1
[2010/04/02 23:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Rail Simulator
[2010/04/02 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\700Tools
[2010/04/02 12:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Steam Era RR
[2010/03/28 19:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\RW_Tools
[2010/03/28 16:15:12 | 000,110,592 | ---- | C] (Kuju) -- C:\WINDOWS\System32\serz.exe
[2010/03/28 16:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\RailWorks
[2010/03/28 13:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010/03/28 13:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Flight Simulator X Files
[2010/03/28 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ART$
[2010/03/27 11:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\FSX
[2010/03/26 14:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ships and harbours
[2010/03/25 18:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ZRegBackups
[2010/03/25 18:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/25 13:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\InstallShield
[2010/03/22 14:45:45 | 000,256,512 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwdlg.dll
[2010/03/22 14:45:45 | 000,237,056 | ---- | C] (MW Publishing) -- C:\WINDOWS\System32\mwgfx24.dll
[2010/03/22 14:45:45 | 000,191,488 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfx.dll
[2010/03/22 14:45:45 | 000,104,960 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwdds.dll
[2010/03/22 14:45:45 | 000,056,832 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwace.dll
[2010/03/22 14:45:45 | 000,053,248 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfxvb.dll
[2010/03/22 14:45:45 | 000,049,152 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwddsvb.dll
[2010/03/22 14:45:45 | 000,028,672 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfxcopy.exe
[2010/03/22 14:45:45 | 000,027,136 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwacevb.dll
[2010/03/22 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Route_Riter
[2010/03/22 14:16:47 | 000,000,000 | ---D | C] -- C:\Programmi
[2010/03/22 02:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\ConBuilder
[2010/03/22 02:04:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/03/22 02:04:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/03/21 22:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\UltimateZip
[2010/03/21 21:31:39 | 000,000,000 | ---D | C] -- C:\MLTtemp
[2010/03/21 21:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Maple Leaf Tracks
[2010/03/21 21:16:33 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun507.exe
[2010/03/21 21:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\MSTS Update
[2010/03/20 14:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\CFToolbox
[2010/03/20 14:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thraex Software
[2010/03/19 18:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\p3a_w_fx
[2010/03/19 14:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ScanAFD
[2010/03/19 13:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\FS Addons Glacier Bay 2.0
[2010/03/19 13:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\LAGO Special
[2010/03/19 12:44:37 | 001,888,232 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\VCL40.BPL
[2010/03/19 12:44:37 | 000,908,800 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\CP3245MT.DLL
[2010/03/19 12:44:37 | 000,252,408 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vclx40.bpl
[2010/03/19 12:44:37 | 000,106,992 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vcljpg40.bpl
[2010/03/19 12:44:37 | 000,024,064 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\BORLNDMM.DLL
[2010/03/19 12:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\dvdata
[2010/03/19 12:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\CFS2 FX9 ACM
[2010/03/19 01:32:57 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010/03/19 01:32:57 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010/03/19 01:32:57 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/03/19 01:32:57 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/03/19 01:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/03/19 01:32:23 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/03/19 01:32:23 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/03/19 01:32:23 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/03/19 01:32:23 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/03/19 01:32:23 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/03/19 01:32:23 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/03/19 01:32:23 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/03/19 01:32:23 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/03/19 01:32:23 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/03/19 01:32:23 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/03/19 01:32:23 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/03/19 01:32:23 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/03/19 01:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/03/18 18:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Interactive Strip
[2010/03/18 17:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\New Folder
[2010/03/18 11:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\SiN Patches
[2010/03/18 09:31:13 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/18 09:31:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/18 09:31:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/04/27 00:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/27 00:38:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/27 00:38:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/27 00:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/07 14:17:45 | 000,233,472 | ---- | C] (Peter Engstrm) -- C:\Program Files\PakScape.exe
[2006/08/11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2000/11/01 18:46:28 | 000,160,256 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/17 09:23:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/17 09:15:26 | 000,193,866 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/17 09:15:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/17 09:14:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/17 09:14:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/16 19:45:43 | 015,990,784 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2010/04/16 19:45:43 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/16 19:45:43 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/16 19:45:43 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/16 19:45:43 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/16 19:45:43 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/16 19:45:43 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/16 19:45:43 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/16 15:45:11 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ATT00026.htm
[2010/04/14 23:32:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/04/11 23:33:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/11 19:40:45 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 08:58:07 | 000,434,688 | ---- | M] (Virtualzone.de) -- C:\WINDOWS\System32\ss2uinst.exe
[2010/04/09 22:40:46 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/04/09 22:40:46 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/04/09 09:45:02 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Shortcut to Train Simulator.lnk
[2010/04/09 00:14:57 | 001,577,778 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/07 17:01:39 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2010/04/07 02:16:45 | 000,154,708 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\BREE.jpg
[2010/04/06 13:56:55 | 002,542,720 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Picture 002.jpg
[2010/04/06 13:56:55 | 002,535,721 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Picture 001.jpg
[2010/04/05 18:33:10 | 000,151,552 | ---- | M] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/04/02 14:23:13 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/04/02 14:23:12 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/04/01 16:43:04 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\My collection of English Translated Hentai-Doujinshi-Manga.url
[2010/03/30 23:05:59 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Anachronox walkthrough - solution.url
[2010/03/28 13:35:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/03/26 15:47:14 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Shortcut to Train Simulator.lnk
[2010/03/26 13:15:06 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Asisbiz.com - Search Engine Optimization and Software Development Company.url
[2010/03/26 13:11:22 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\HyperWar US Army in WWII Northwest Africa Seizing the Initiative In the West.url
[2010/03/22 14:35:16 | 000,969,674 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\trnst322.zip
[2010/03/22 11:02:24 | 001,409,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/22 04:01:14 | 000,017,968 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/21 21:16:24 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun507.exe
[2010/03/21 20:21:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2010/03/21 20:07:47 | 000,000,080 | ---- | M] () -- C:\WINDOWS\CoD.ini
[2010/03/20 14:22:41 | 000,000,093 | ---- | M] () -- C:\Documents
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/16 15:45:11 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ATT00026.htm
[2010/04/11 14:42:48 | 000,183,808 | ---- | C] () -- C:\WINDOWS\Wpuvua.exe
[2010/04/09 09:45:02 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Shortcut to Train Simulator.lnk
[2010/04/07 17:01:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2010/04/07 02:16:45 | 000,154,708 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\BREE.jpg
[2010/04/06 11:34:22 | 002,542,720 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Picture 002.jpg
[2010/04/06 11:33:08 | 002,535,721 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Picture 001.jpg
[2010/04/05 23:17:24 | 000,000,000 | ---- | C] () -- C:\FileOut.Cns
[2010/04/05 23:17:24 | 000,000,000 | ---- | C] () -- C:\FileIn.Cns
[2010/04/05 18:33:25 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/04/01 16:43:04 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\My collection of English Translated Hentai-Doujinshi-Manga.url
[2010/03/30 23:05:58 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Anachronox walkthrough - solution.url
[2010/03/28 13:35:15 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/03/26 15:47:14 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Shortcut to Train Simulator.lnk
[2010/03/26 13:14:46 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Asisbiz.com - Search Engine Optimization and Software Development Company.url
[2010/03/26 13:11:21 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\HyperWar US Army in WWII Northwest Africa Seizing the Initiative In the West.url
[2010/03/22 14:35:16 | 000,969,674 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\trnst322.zip
[2010/03/20 14:22:41 | 000,000,093 | ---- | C] () -- C:\Documents
[2010/03/19 12:44:37 | 000,193,536 | ---- | C] () -- C:\WINDOWS\System32\bcbsmp40.bpl
[2010/03/19 01:32:57 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/03/19 01:32:23 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/03/19 01:32:23 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/03/19 01:32:23 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/03/19 01:32:23 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/03/19 01:32:23 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/03/19 01:32:23 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/03/19 01:32:23 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/03/19 01:32:23 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/03/16 16:53:26 | 000,000,742 | ---- | C] () -- C:\WINDOWS\DC.ini
[2010/03/15 15:32:46 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2010/03/15 13:02:36 | 000,000,255 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/14 23:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/04/11 00:43:09 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/03/16 11:44:04 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/02/25 14:57:36 | 000,000,135 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009/02/25 14:55:35 | 000,000,578 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/02/23 06:52:44 | 000,000,218 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/06 15:40:35 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/23 01:45:00 | 000,147,192 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/01/23 01:39:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
[2009/01/02 21:16:07 | 000,000,080 | ---- | C] () -- C:\WINDOWS\CoD.ini
[2008/12/25 16:05:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\fs9configurator.ini
[2008/12/20 14:02:36 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/12/20 14:02:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/11/04 13:53:39 | 000,386,634 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/11/04 13:53:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/10/08 05:18:42 | 015,990,784 | ---- | C] () -- C:\Documents and Settings\Chris\ntuser.dat
[2008/09/26 22:24:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/24 11:46:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Caesar2.ini
[2008/09/20 16:09:40 | 000,000,129 | ---- | C] () -- C:\WINDOWS\WET.INI
[2008/09/20 12:40:18 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/09/20 12:40:18 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/09/17 12:50:36 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/09/13 16:44:52 | 000,000,385 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/09/11 14:18:17 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/08/28 11:15:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\DOSINST.INI
[2008/08/25 16:27:28 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\SMACKW32.DLL
[2008/08/25 16:25:50 | 000,159,232 | ---- | C] () -- C:\WINDOWS\System32\4.1a-smackw32.dll
[2008/08/25 16:25:50 | 000,158,208 | ---- | C] () -- C:\WINDOWS\System32\4.0k-smackw32.dll
[2008/08/25 16:25:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\4.0g-smackw32.dll
[2008/08/25 16:25:50 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\4.0d-smackw32.dll
[2008/08/25 16:25:50 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\4.0b-smackw32.dll
[2008/08/25 16:25:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\3.1c-smackw32.dll
[2008/08/25 16:25:50 | 000,098,304 | R--- | C] () -- C:\WINDOWS\System32\3.1b-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2m-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2h-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2g-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2f-smackw32.dll
[2008/08/25 16:25:50 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\3.2e-smackw32.dll
[2008/08/25 16:25:50 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\3.2b-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | R--- | C] () -- C:\WINDOWS\System32\3.1k-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1s-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1r-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1p-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1n-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1L-smackw32.dll
[2008/08/25 16:25:50 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\3.1h-smackw32.dll
[2008/08/25 16:25:50 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\3.1g-smackw32.dll
[2008/08/25 16:25:50 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\3.1f-smackw32.dll
[2008/08/25 16:25:50 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\3.0r-smackw32.dll
[2008/08/25 16:25:50 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\3.0p-smackw32.dll
[2008/08/25 16:25:50 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\3.0j-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0h-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0g-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0d-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0c-smackw32.dll
[2008/08/25 16:25:50 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\2.2i-smackw32.dll
[2008/08/25 16:25:50 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\2.2c-smackw32.dll
[2008/08/25 16:25:50 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\2.1g-smackw32.dll
[2008/08/25 16:25:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\4.0e-smackw32.dll
[2008/08/25 16:25:50 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\2.1c-smackw32.dll
[2008/08/23 22:44:46 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/08/23 17:02:51 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\launchpad.dll
[2008/08/23 12:26:25 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/08/22 12:14:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/08/22 11:47:25 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Chris\.rnd
[2008/08/21 18:44:15 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Chris\DesktopTomb Raider (Glide).VLP
[2008/08/20 14:17:10 | 000,000,255 | ---- | C] () -- C:\WINDOWS\civ.ini
[2008/08/20 14:09:00 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\ATM.DLL
[2008/08/15 18:28:14 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2008/08/15 18:28:14 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2008/08/04 21:56:30 | 000,003,260 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\glide_wrapper.zbag.ini
[2008/05/26 15:10:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/05/24 18:02:36 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/05/10 13:09:14 | 000,349,696 | ---- | C] () -- C:\WINDOWS\System32\Mss32.dll
[2008/05/04 22:46:36 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/26 15:24:44 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\PnkBstrK.sys
[2008/04/26 12:44:56 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/04/26 12:44:55 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/04/25 20:00:36 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/25 16:00:12 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2008/04/25 15:33:51 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/25 13:58:42 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/04/25 13:58:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/04/25 11:47:30 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Chris\ntuser.dat.LOG
[2008/04/25 11:47:30 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Chris\ntuser.ini
[2008/04/21 20:06:16 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/06 14:17:40 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/08/02 19:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007/08/02 19:11:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007/07/27 16:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 16:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/12/05 21:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 14:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/06 17:01:19 | 000,121,562 | ---- | C] () -- C:\WINDOWS\System32\PicFormat32.dll
[2005/06/19 10:45:22 | 000,258,048 | ---- | C] () -- C:\WINDOWS\glide3x.dll
[2005/06/19 10:45:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\glide2x.dll
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/09/20 14:09:18 | 000,032,872 | ---- | C] () -- C:\WINDOWS\System32\etvdq.dll
[2003/08/15 12:23:11 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\dsucp.dll
[2003/07/12 21:40:28 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\SAWZipNG.dll
[2002/03/12 23:46:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998/06/14 02:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[1996/08/26 02:12:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\QTWMCI32.DLL
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< Click the "Scan All Users" checkbox. >

< Under the Custom Scan box paste this in: >

< >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/07/27 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2007/07/27 06:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/07/27 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\symbols\atapi.sys\41107B4D17480\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\websymbols\atapi.sys\41107B4D17480\atapi.sys
[2007/07/27 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/07/27 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2007/07/27 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2007/07/27 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2007/07/27 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Documents and Settings\Chris\My Documents\System Specs\Nvidia_NF-123_2K_XP_v5.10\WIN2K_XP\IDE\Win2K\NvAtaBus.sys
[2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Documents and Settings\Chris\My Documents\System Specs\Nvidia_NF-123_2K_XP_v5.10\WIN2K_XP\IDE\WinXP\NvAtaBus.sys
[2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2007/07/27 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2007/07/27 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\.Trashes:AFP_AfpInfo
@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >


OTL Extras:

OTL Extras logfile created on: 4/17/2010 9:28:08 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 53.51 Gb Free Space | 19.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-25CB808AE
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\backup\Program Files\Curious Labs\Poser 6\Poser.exe" = C:\backup\Program Files\Curious Labs\Poser 6\Poser.exe:*:Disabled:Poser executable file -- (Curious Labs, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:オTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- File not found
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Disabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Disabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Disabled:PnkBstrB -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Disabled:Steam -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{1D8CF8E6-7C9E-4146-B43F-FE40255C6AF8}_is1" = RailWorks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21140CDD-AEB3-44E7-ADA0-4FBDF8D3271A}" = LAGO Venice Scenery FS2004 Version 1.11
"{21ABDAE4-9C9E-446C-B82E-28B143156BE9}" = nHancer
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29CB3A0C-8980-45B6-95A0-B1118B776C5A}" = Fly The Airbus A380 v2 for FSX
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{304CF423-1CE8-49F4-8D2E-D780EFC3D7F3}" = Pan American Fokker FVIIb_3m for FSX or FS2004
"{30A2D194-CDEB-4E8B-8CB5-EBF26BDF97E3}" = Just Flight B-17 Memphis Belle CFS3 v1.00
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = AcronisTrueImageHome
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3A2515B2-3324-46D6-AF39-63397CC1B2CA}}_is1" = Super Flight Planner 3.0.3
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{4290EA5A-633E-4C6D-B9E3-5FEAEC615CC9}" = Anachronox
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4C577751-2A67-450B-B689-B9E5A40E5E55}" = Martin M130 for FSX or FS2004
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v2.6.0
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.7.0519
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype 3.6
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6BF81CE7-3D5A-497F-8912-2A65A0253E1B}" = Beyond Good & Evil
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786CF17A-66A5-4A35-B24A-178D3B39F86A}_is1" = Womble EasyDVD 1.0.1.21 (11/2009)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{85CCDC7D-71DA-4671-9FF6-1ABF86439859}" = Short Empire for FSX or FS2004
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B07DC0B6-923A-4877-9C81-1BF88BF6899A}" = Pirates of the Caribbean
"{B1BD17C5-48FA-4CFD-BDBE-0931D79C4108}" = BAE-Software GFX-View V3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C539AF6F-9DB3-458C-9274-1F3EE3291FB1}" = Abacus EZ-Libraries
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb" = X-Wing & TIE Fighter 95 Compatibility Fix
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Try And Buy
"{D8367C9D-00BB-4465-9DCB-148483897252}" = Just Flight B-17 Memphis Belle 2004 v1.00
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED654F5D-5DC9-46EA-9D10-621231527F98}" = FS9 Configurator
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"4shared_Uploader" = 4shared Uploader
"7-Zip" = 7-Zip 4.64
"AC3Filter" = AC3Filter (remove only)
"AceIt_is1" = AceIt v1.3.1
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Aircraft Container Manager V2.5" = Aircraft Container Manager V2.5
"Auckland 2002 v1.0" = Auckland 2002 v1.0
"Audacity_is1" = Audacity 1.2.6
"AudioConSole" = Creative Audio Console
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B-29B Superfortress - RELEASE v1.1" = B-29B Superfortress - RELEASE v1.1
"BADLANDS Summer Clear Plug-in for KOSMOS" = BADLANDS Summer Clear Plug-in for KOSMOS
"Belarc Advisor" = Belarc Advisor 7.2
"Bink and Smacker" = Bink and Smacker
"Blender" = Blender (remove only)
"BNSF Scenic Subdivision" = BNSF Scenic Subdivision
"BR BDA Bogie Bolsters" = BR BDA Bogie Bolsters
"BTmod" = Oblivion - BTmod 2.20
"Cabina per locomotive FS Gr. 740" = Cabina per locomotive FS Gr. 740
"Cabina per locomotive FS Gr. 940" = Cabina per locomotive FS Gr. 940
"Caesar 3" = Caesar 3
"Cascade Crossing" = Cascade Crossing
"CCleaner" = CCleaner
"Class 26 & 27 cabview for MSTS by 37714 (Robert Potts)" = Class 26 & 27 cabview for MSTS by 37714 (Robert Potts)
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
"comtypes-py2.5" = Python 2.5 comtypes-0.5.2
"Darksaber's Ultimate Craft Pack" = Darksaber's Ultimate Craft Pack v1.1
"DDS Converter 2.1" = DDS Converter 2.1
"DirectXMediaRuntime" = DirectX Media Runtime 5.2b
"DiscJuggler" = DiscJuggler
"DOOM Collector's Edition" = DOOM Collector's Edition
"Empire State Express Locomotive Add-on for MSTS" = Empire State Express Locomotive Add-on for MSTS
"Euro Link VA Scenery Package 1" = Euro Link VA Scenery Package 1
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v4.60
"Ferrovie dello Stato Gr 170" = Ferrovie dello Stato Gr 170
"Ferrovie dello Stato Gr 895-059" = Ferrovie dello Stato Gr 895-059
"Ferrovie dello Stato GR 910-001 e Rete Sicula 401" = Ferrovie dello Stato GR 910-001 e Rete Sicula 401
"Ferrovie dello Stato Gr. 740-351 V. 2" = Ferrovie dello Stato Gr. 740-351 V. 2
"Ferrovie dello Stato Gr. 940" = Ferrovie dello Stato Gr. 940
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Fraps" = Fraps
"FS Elmo" = FS Elmo
"FSAddon - Misty Fjords" = FSAddon - Misty Fjords
"FSX Sirocco GTX 132 ft. Motoryacht" = FSX Sirocco GTX 132 ft. Motoryacht
"FSX Viper V1.1" = FSX Viper V1.1
"Glacier Bay v2a_is1" = Glacier Bay v2a
"Glacier Bay v2b_is1" = Glacier Bay v2b
"GlidewrapZbag" = zeckensack's Glide wrapper (remove only)
"Grand Teton - Experience - Vtp Photorealistic" = Grand Teton - Experience - Vtp Photorealistic
"GWR Loco Sound Set" = GWR Loco Sound Set
"Half-Life" = Half-Life
"Hertford Loop" = Hertford Loop
"Indeoョ software" = Indeoョ software
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Juanda Scenery" = Juanda Scenery
"Kicking Horse Pass (v. 2.0)" = Kicking Horse Pass (v. 2.0)
"Kosmos 1.0" = Kosmos 1.0
"LucasArts' X-Wing Alliance" = LucasArts' X-Wing Alliance
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple Leaf Tracks - Niagara Corridor" = Maple Leaf Tracks - Niagara Corridor
"MARACAIBO - LA CHINITA Fs 2004 By Jaime Ortega" = MARACAIBO - LA CHINITA Fs 2004 By Jaime Ortega
"Michigan Iron Ore" = Michigan Iron Ore
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MoCat's Caribbean Seaplane Tours, Key West" = MoCat's Caribbean Seaplane Tours, Key West
"MOUL" = Myst Online: Uru Live (remove only)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OceanFX 2" = OceanFX 2
"Omikron The Nomad Soul" = Omikron The Nomad Soul
"Pageants Field" = Pageants Field
"Paris-St Gervais Night Train" = Paris-St Gervais Night Train
"Photodex Presenter" = Photodex Presenter
"PIL-py2.5" = Python 2.5 PIL-1.1.6
"Product_Name" = Train Sim Interface Quick Fix
"ProShow Gold" = ProShow Gold
"psyco-py2.5" = Python 2.5 psyco-1.6
"Pullman 6-3 Pullman (Green)" = Pullman 6-3 Pullman (Green)
"PW Sceneries Volume 1 - Grenada" = PW Sceneries Volume 1 - Grenada
"PW Sceneries Volume 2 - The Grenadines, Saint Vincent and Barbados" = PW Sceneries Volume 2 - The Grenadines, Saint Vincent and Barbados
"PW Sceneries Volume 3 - Saint Lucia and Martinique" = PW Sceneries Volume 3 - Saint Lucia and Martinique
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.5" = Python 2.5 pywin32-212
"QuickPar" = QuickPar 0.9
"QuickSFV" = QuickSFV (Remove only)
"QuickTime32" = QuickTime for Windows (32-bit)
"RealPlayer 6.0" = RealPlayer
"Rio Grande Cupola Caboose" = Rio Grande Cupola Caboose
"Rome, Caesar's will" = Rome, Caesar's will
"Scotflight FSX: Highlands & Islands" = Scotflight FSX: Highlands & Islands
"ScummVM_is1" = ScummVM SVN
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"Sin with Wages of Sin_is1" = Sin with Wages of Sin (version 1.11)
"Sopwith Camel for FS2004" = Sopwith Camel for FS2004
"Southern Pacific Bay Window C-30-4" = Southern Pacific Bay Window C-30-4
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = ConBuilder
"ST6UNST #2" = ConBuilder (C:\Program Files\ConBuilder\)
"SUPER ゥ" = SUPER ゥ Version 2010.bld.37 (Jan 2, 2010)
"Superfortress 'mania' - 509th CG addon pack v1.0" = Superfortress 'mania' - 509th CG addon pack v1.0
"SystemRequirementsLab" = System Requirements Lab
"TA Pacific Steam Pack" = TA Pacific Steam Pack
"Tachyon" = Tachyon
"Teton County - Idaho - Land Class Base" = Teton County - Idaho - Land Class Base
"TGATool2A_is1" = TGATool2A version 4.00.34
"The Times - Exclusive Tomb Raider Level" = The Times - Exclusive Tomb Raider Level
"Tomb Raider Chronicles" = Tomb Raider Chronicles
"Tomb Raider II" = Tomb Raider II
"Totalcmd" = Total Commander (Remove or Repair)
"Train Artisan E7 SP DayLight Trainset Add-on" = Train Artisan E7 SP DayLight Trainset Add-on
"Train Artisan Empire State Express 2.0 Trainset Add-on for MSTS" = Train Artisan Empire State Express 2.0 Trainset Add-on for MSTS
"Train Artisan F7 Super Chief Add-on" = Train Artisan F7 Super Chief Add-on
"Train Artisan USRA Mountain Loco Beta Release" = Train Artisan USRA Mountain Loco Beta Release
"Train Artisan VIA Passenger Car Set version 2.0" = Train Artisan VIA Passenger Car Set version 2.0
"Train Simulator 1.0" = Microsoft Train Simulator
"Ultimate Terrain - Canada & Alaska" = Ultimate Terrain - Canada & Alaska
"Ultimate Terrain - USA" = Ultimate Terrain - USA
"Update Paris-St Gervais Night Train" = Update Paris-St Gervais Night Train
"Uru 2d Scrapbook_is1" = Uru 2d Scrapbook
"Utopia City" = Utopia City
"VDMSound" = VDMSound
"VLC media player" = VLC media player 0.9.2
"WestWind FSDZigns L049a Connie" = WestWind FSDZigns L049a Connie
"Wet Attack - The Empire Cums Back" = Wet Attack - The Empire Cums Back
"Wilco Fleet : A380" = Wilco Fleet : A380
"WinAce Archiver" = WinAce Archiver
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Womble EasyDVD" = Womble EasyDVD 1.0.1.21 (11/2009)
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5
"XiphQT" = Xiph QuickTime Components
"X-Wing Install System" = X-Wing Install System 2.71

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Carrozza Dinamometrica" = Carrozza Dinamometrica
"Carrozze cassa in legno 1950" = Carrozze cassa in legno 1950
"CN Blackfoot Vegreville Subs v2 Route" = CN Blackfoot Vegreville Subs v2 Route
"CN Blackfoot Vegreville v2 Equipment Pack" = CN Blackfoot Vegreville v2 Equipment Pack
"Maple Leaf Tracks Bala Sub V1.0" = Maple Leaf Tracks Bala Sub V1.0
"MLT Bala Patch V1.1" = MLT Bala Patch V1.1
"MLT Greater Toronto Area" = MLT Greater Toronto Area
"Route_Riter v7.1.29" = Route_Riter v7.1.29
"RW_Tools V2" = RW_Tools V2
"Strecke BT -Rollmaterial-" = Strecke BT -Rollmaterial-
"Ultimate Terrain X - Europe" = Ultimate Terrain X - Europe
"Ultimate Terrain X - USA" = Ultimate Terrain X - USA
"uTorrent" = オTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2010 12:52:55 AM | Computer Name = CHRIS-25CB808AE | Source = Application Error | ID = 1000
Description = Faulting application train.exe, version 1.16.5.912, faulting module
train.exe, version 1.16.5.912, fault address 0x0029d7f8.

Error - 4/11/2010 2:41:42 PM | Computer Name = CHRIS-25CB808AE | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2010 9:12:21 PM | Computer Name = CHRIS-25CB808AE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x10001e96.

Error - 4/11/2010 10:26:53 PM | Computer Name = CHRIS-25CB808AE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: 404 (HTTP Response Status)

Error - 4/12/2010 9:45:34 PM | Computer Name = CHRIS-25CB808AE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: 404 (HTTP Response Status)

Error - 4/13/2010 1:06:56 AM | Computer Name = CHRIS-25CB808AE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: 404 (HTTP Response Status)

Error - 4/13/2010 10:58:29 PM | Computer Name = CHRIS-25CB808AE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00011948.

Error - 4/13/2010 11:05:58 PM | Computer Name = CHRIS-25CB808AE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/14/2010 9:22:01 PM | Computer Name = CHRIS-25CB808AE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00001e44.

Error - 4/15/2010 1:35:02 AM | Computer Name = CHRIS-25CB808AE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 4/16/2010 6:56:03 PM | Computer Name = CHRIS-25CB808AE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.FlightSimulator.SimConnect
. Reference error message: The referenced assembly is not installed on your system.
.

Error - 4/16/2010 6:56:03 PM | Computer Name = CHRIS-25CB808AE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Microsoft
Games\Microsoft Flight Simulator X\Modules\FSUIPC4.dll. Reference error message:
The operation completed successfully. .

Error - 4/16/2010 6:56:03 PM | Computer Name = CHRIS-25CB808AE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.FlightSimulator.SimConnect could not
be found and Last Error was The referenced assembly is not installed on your system.


Error - 4/16/2010 6:56:03 PM | Computer Name = CHRIS-25CB808AE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.FlightSimulator.SimConnect
. Reference error message: The referenced assembly is not installed on your system.
.

Error - 4/16/2010 6:56:03 PM | Computer Name = CHRIS-25CB808AE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Microsoft
Games\Microsoft Flight Simulator X\Modules\FSUIPC4.dll. Reference error message:
The operation completed successfully. .

Error - 4/17/2010 11:15:05 AM | Computer Name = CHRIS-25CB808AE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 4/17/2010 11:15:13 AM | Computer Name = CHRIS-25CB808AE | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 4/17/2010 11:18:48 AM | Computer Name = CHRIS-25CB808AE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/17/2010 11:18:53 AM | Computer Name = CHRIS-25CB808AE | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/17/2010 11:19:39 AM | Computer Name = CHRIS-25CB808AE | Source = Service Control Manager | ID = 7034
Description = The Acronis Scheduler2 Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >

PDATE:

the two viruses found today are:

Virus or unwanted program 'TR/Renos.PDC [trojan]'
detected in file 'C:\WINDOWS\Wpuvua.exe.
Action performed: Deny access

The file 'C:\WINDOWS\Wpuvua.exe'
contained a virus or unwanted program 'TR/Renos.PDC' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4e77759a.qua'.

Attached Files

  • Attached File  ark.txt   17.59KB   7 downloads

Edited by CrisGer, 17 April 2010 - 04:22 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 17 April 2010 - 04:27 PM

Hello, CrisGer.

OK, it looks like your RAID driver is infected with a backdoor rootkit. What kind of RAID array do you have setup? You may want to back up your computer if you haven't done that recently. Do not make an image, rather please only back up documents, pictures, etc., but not Windows system files or program files. We can scan the backup later.



Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case CCleaner). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as CrisGerCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on CrisGerCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:09:02 PM

Posted 17 April 2010 - 06:41 PM

I will proceed with this cleaning and not re load my OS.

I removed Utorrent and CCleaner as advised.

I ran Combofix and log is posted here:

ComboFix 10-04-17.02 - Chris 04/17/2010 17:05:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2691 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\CrisGerCF.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents
c:\windows\system32\AVSredirect.dll
c:\windows\system32\QTWMCI32.DLL
c:\windows\system32\spool\prtprocs\w32x86\000022c4.tmp

Infected copy of c:\windows\system32\drivers\si3112.sys was found and disinfected
Restored copy from - c:\windows\OemDir\si3112.sys
.
((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-13 05:07 . 2009-04-06 21:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-13 05:07 . 2009-04-06 21:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-13 01:53 . 2010-04-14 06:11 -------- d-----w- c:\windows\system32\NtmsData
2010-04-13 01:49 . 2010-04-13 01:49 -------- d-----w- c:\documents and settings\Chris\Application Data\Avira
2010-04-12 02:26 . 2010-04-12 02:26 -------- d-----w- c:\program files\Avira
2010-04-12 02:26 . 2010-04-12 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-12 02:26 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-12 02:26 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-12 02:26 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-10 14:58 . 2010-04-10 14:58 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2010-04-09 17:59 . 2010-04-10 14:58 -------- d-----w- c:\program files\Kosmos
2010-04-07 23:01 . 2010-04-07 23:01 128 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\fusioncache.dat
2010-04-07 23:01 . 2010-04-07 23:01 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\ApplicationHistory
2010-04-06 00:33 . 2010-04-06 00:33 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-04-06 00:31 . 2010-04-06 00:31 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\SteelIXB
2010-04-05 23:44 . 2010-04-05 23:44 -------- d-----w- c:\program files\DDS Converter 2
2010-04-05 23:21 . 2010-04-05 23:21 -------- d-----w- c:\program files\Jasc Software Inc
2010-04-03 05:50 . 2010-04-03 05:50 -------- d-----w- c:\program files\Rail Simulator
2010-04-02 20:48 . 2010-04-02 20:48 -------- d-----w- c:\program files\700Tools
2010-03-29 01:18 . 2010-04-06 03:25 -------- d-----w- c:\program files\RW_Tools
2010-03-28 22:15 . 2009-06-13 03:45 110592 ----a-w- c:\windows\system32\serz.exe
2010-03-28 22:15 . 2010-04-06 01:32 -------- d-----w- c:\program files\RailWorks
2010-03-28 19:35 . 2010-03-28 19:35 -------- d-----w- c:\program files\SpeedFan
2010-03-25 19:29 . 2010-03-25 19:29 -------- d-----w- c:\documents and settings\Chris\Application Data\InstallShield
2010-03-22 20:45 . 2009-03-11 05:25 191488 ------w- c:\windows\system32\mwgfx.dll
2010-03-22 20:45 . 2008-10-20 19:44 237056 ------w- c:\windows\system32\mwgfx24.dll
2010-03-22 20:45 . 2008-09-05 14:32 104960 ------w- c:\windows\system32\mwdds.dll
2010-03-22 20:45 . 2008-08-10 16:39 53248 ------w- c:\windows\system32\mwgfxvb.dll
2010-03-22 20:45 . 2007-08-19 15:37 28672 ------w- c:\windows\system32\mwgfxcopy.exe
2010-03-22 20:45 . 2006-03-14 17:48 256512 ------w- c:\windows\system32\mwdlg.dll
2010-03-22 20:45 . 2004-05-14 17:13 56832 ------w- c:\windows\system32\mwace.dll
2010-03-22 20:45 . 2004-05-14 15:13 27136 ------w- c:\windows\system32\mwacevb.dll
2010-03-22 20:45 . 2004-03-16 22:47 49152 ------w- c:\windows\system32\mwddsvb.dll
2010-03-22 20:45 . 2010-03-22 20:53 -------- d-----w- c:\program files\Route_Riter
2010-03-22 20:16 . 2010-03-22 20:16 -------- d-----w- C:\Programmi
2010-03-22 08:04 . 2010-04-09 15:48 -------- d-----w- c:\program files\ConBuilder
2010-03-22 08:04 . 2010-04-02 20:23 249856 ------w- c:\windows\Setup1.exe
2010-03-22 08:04 . 2010-04-02 20:23 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-22 04:34 . 2010-03-22 04:41 -------- d-----w- c:\program files\UltimateZip
2010-03-22 03:31 . 2010-03-22 03:31 -------- d-----w- C:\MLTtemp
2010-03-22 03:30 . 2010-04-08 20:50 -------- d-----w- c:\program files\Maple Leaf Tracks
2010-03-22 03:16 . 2010-03-22 03:16 286720 ----a-w- c:\windows\iun507.exe
2010-03-20 20:46 . 2010-04-06 05:50 -------- d-----w- c:\program files\CFToolbox
2010-03-20 20:00 . 2010-03-20 20:00 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-03-19 18:44 . 2010-03-19 18:44 -------- d-----w- c:\program files\dvdata
2010-03-19 18:44 . 1999-01-27 10:00 908800 ----a-w- c:\windows\system32\CP3245MT.DLL
2010-03-19 18:44 . 1999-01-27 10:00 24064 ----a-w- c:\windows\system32\BORLNDMM.DLL
2010-03-19 07:32 . 2009-09-27 15:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-03-19 07:32 . 2004-02-22 16:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-19 07:32 . 2004-01-25 06:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-19 07:32 . 2004-01-25 06:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-03-19 07:32 . 2010-03-19 07:32 -------- d-----w- c:\program files\AviSynth 2.5
2010-03-19 07:32 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-03-19 07:32 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-03-19 07:32 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-03-19 07:32 . 2010-03-19 07:32 -------- d-----w- c:\program files\eRightSoft
2010-03-19 00:56 . 2010-03-19 00:56 -------- d-----w- c:\program files\Interactive Strip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 23:28 . 2008-04-25 19:19 -------- d-----w- c:\documents and settings\Chris\Application Data\Skype
2010-04-17 23:27 . 2008-04-26 02:00 -------- d-----w- c:\documents and settings\Chris\Application Data\skypePM
2010-04-17 00:12 . 2008-04-25 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 03:22 . 2008-05-05 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-14 04:48 . 2009-04-25 05:50 -------- d-----w- c:\program files\Abacus
2010-04-13 05:11 . 2010-03-22 17:04 439816 ----a-w- c:\documents and settings\Chris\Application Data\Real\Update\setup3.10\setup.exe
2010-04-13 05:08 . 2008-08-18 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 05:08 . 2010-04-13 05:08 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-13 03:02 . 2010-03-15 19:53 -------- d-----w- c:\program files\Uru Live
2010-04-11 23:14 . 2010-03-19 01:02 4 ----a-w- C:\timestmp.tmp
2010-04-09 15:45 . 2008-09-10 07:52 -------- d-----w- c:\program files\Microsoft Games
2010-04-06 00:33 . 2008-04-25 19:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 00:33 . 2006-04-26 03:52 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-27 04:44 . 2008-09-17 17:07 -------- d-----w- c:\program files\Ahead
2010-03-26 16:08 . 2008-05-05 04:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-25 21:26 . 2008-04-27 06:15 -------- d-----w- c:\program files\LucasArts
2010-03-25 19:31 . 2008-04-26 20:36 -------- d-----w- c:\program files\Ubisoft
2010-03-22 10:01 . 2008-04-25 18:47 17968 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 04:31 . 2008-09-05 03:22 -------- d-----w- c:\program files\WinAce
2010-03-20 04:19 . 2008-08-29 16:21 -------- d-----w- c:\program files\Sin
2010-03-18 15:31 . 2009-03-24 06:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-18 15:30 . 2008-09-09 20:03 -------- d-----w- c:\program files\Java
2010-03-18 15:30 . 2010-03-18 15:30 152576 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-18 15:29 . 2010-03-18 15:29 79488 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-18 06:01 . 2010-03-16 03:31 -------- d-----w- c:\program files\DOSBox-0.73
2010-03-16 18:49 . 2010-03-16 18:49 1956808 ----a-w- c:\documents and settings\Chris\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-03-15 23:14 . 2008-06-14 00:00 -------- d-----w- c:\program files\Eidos Interactive
2010-03-15 22:48 . 2007-07-27 12:00 11973 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-15 22:21 . 2010-03-15 22:21 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-15 22:20 . 2010-03-15 22:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-15 21:20 . 2008-10-01 03:57 -------- d-----w- c:\program files\Activision
2010-03-15 21:06 . 2010-03-15 21:06 -------- d-----w- c:\program files\Womble Multimedia
2010-03-15 20:12 . 2008-08-24 05:40 -------- d-----w- c:\program files\Microprose
2010-03-15 20:04 . 2009-01-17 06:24 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-15 19:05 . 2010-03-15 19:02 206 ----a-w- c:\windows\wininit.tmp
2010-03-15 17:24 . 2008-08-09 17:47 -------- d-----w- c:\program files\ScummVM
2010-02-16 19:24 . 2010-03-16 01:15 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-02-07 20:17 . 2009-02-07 20:17 233472 ----a-w- c:\program files\PakScape.exe
2009-03-06 20:11 . 2009-03-06 20:11 61 --sh--w- c:\windows\cnerolf.bin
2008-12-25 22:08 . 2008-12-25 22:08 61 --sh--w- c:\windows\cnerolf.dat
2006-05-03 10:06 . 2010-03-19 07:32 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-19 07:32 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-19 07:32 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-03 21898024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-18 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-23 185896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-04 4344472]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-04 960376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-04 165144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Chris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-03-20 16:46 217544 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 21:56 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 16:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\backup\\Program Files\\Curious Labs\\Poser 6\\Poser.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [8/29/2007 4:04 AM 116264]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [4/20/2009 7:12 AM 10112]
R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\drivers\tdrpm140.sys [4/29/2009 9:37 AM 971168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/11/2010 8:26 PM 135336]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/25/2008 1:31 PM 716272]
S4 asbp2poa;asbp2poa;\??\c:\docume~1\Chris\LOCALS~1\Temp\asbp2poa.sys --> c:\docume~1\Chris\LOCALS~1\Temp\asbp2poa.sys [?]
S4 VFILT;Outpost Firewall Kernel Driver;\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS --> c:\progra~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: JWord でサイト検索 - c:\progra~1\JWord\Plugin2\jwdsrch.dll/300
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
AddRemove-BNSF Scenic Subdivision - c:\program files\Microsoft Games\Train Simulator\\ROUTES\BNSF_Scenic\uninstall.exe
AddRemove-Combat Flight Simulator 3.0 - f:\\UNINSTAL.EXE
AddRemove-DOOM Collector's Edition - c:\doom2\DC.isu
AddRemove-PW Sceneries Volume 2 - The Grenadines, Saint Vincent and Barbados - c:\documents and settings\Chris\Application Data\PW Sceneries Volume 2 - The Grenadines
AddRemove-Rio Grande Cupola Caboose - c:\program files\Microsoft Games\Train Simulator\TRAINS\TRAINSET\RGcupola\Uninstal.exe
AddRemove-Southern Pacific Bay Window C-30-4 - c:\program files\Microsoft Games\Train Simulator\TRAINS\TRAINSET\SPC-30-4\Uninstal.exe
AddRemove-{3A2515B2-3324-46D6-AF39-63397CC1B2CA}}_is1 - c:\program files\Central Park\Sfp\unins000.exe
AddRemove-CN Blackfoot Vegreville v2 Equipment Pack - c:\program files\Microsoft Games\Train Simulator\TRAINS\TRAINSET\UninstCAN99EQ.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 17:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2472)
c:\program files\Logitech\Profiler\LWEHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-04-17 17:36:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-17 23:36

Pre-Run: 57,484,148,736 bytes free
Post-Run: 57,460,473,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 16EDF7BB5838A52592CA7B1882A43A4C

It appears the redirect for the IE browser is gone. I will now test updates for the Spybot and MalwareAntimalwarbytes.

UPDATE: I was able to update both Malware Antimalwarebytes and Spybot. IE browser works like normal. Task Manager list looks normal. System is running normally. thank you very much, i had tried and tried to scan and remove those nasties.

Edited by CrisGer, 17 April 2010 - 06:47 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 17 April 2010 - 07:08 PM

Hello, CrisGer.

We still have a few remaining issues to take care of, but it looks like we broke the back of the rootkit.



Step 1

Go to Start --> Run --> and type the following bold text exactly as shown and press OK.

sc delete asbp2poa




Step 2

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :Files
    c:\docume~1\Chris\LOCALS~1\Temp\asbp2poa.sys
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (UserAccess7) SecuROM User Access Service (V7)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003..\Run: [YVIBBBHA8C] C:\DOCUME~1\Chris\LOCALS~1\Temp\Wvb.exe File not found
    @Alternate Data Stream - 64 bytes -> C:\.Trashes:AFP_AfpInfo
    @Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:09:02 PM

Posted 17 April 2010 - 07:58 PM

I am working on Step 3, it will take a long time as i have a LOT of files on the computer. Steps 1 and 2 completed, did that deletion an ran the scans for step 2: here they are..and i will post the ESET scan as soon as it is done.

========== FILES ==========
File\Folder c:\docume~1\Chris\LOCALS~1\Temp\asbp2poa.sys not found.
========== OTL ==========
Error: No service named UserAccess7) SecuROM User Access Service (V7 was found to stop!
Service\Driver key UserAccess7) SecuROM User Access Service (V7 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C not found.
ADS C:\.Trashes:AFP_AfpInfo deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully.

OTL by OldTimer - Version 3.2.1.1 log created on 04172010_182018

----------------------------------------------------------------------------------------------------------------------------------

New OTL Scan


OTL logfile created on: 4/17/2010 6:26:25 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 53.53 Gb Free Space | 19.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-25CB808AE
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/17 09:23:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/02/23 04:04:34 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/03 22:40:00 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/10/03 22:39:54 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/30 11:34:18 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2007/07/27 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/17 09:23:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/03 22:39:54 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/30 11:34:18 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/29 09:37:20 | 000,971,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm140.sys -- (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140)
DRV - [2009/04/29 09:37:18 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/04/29 09:37:18 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/04/29 09:37:15 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/01/23 01:44:59 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2008/10/23 21:53:47 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/23 21:53:46 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/10/07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/16 01:29:53 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2008/04/25 13:31:48 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/08/29 04:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2007/07/27 06:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/22 09:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ョ 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/08/11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/11/29 12:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/11/25 10:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/10/28 04:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/04/02 16:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/09/04 06:45:44 | 000,055,144 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (si3112)
DRV - [2003/06/09 11:56:40 | 000,010,112 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
DRV - [2003/06/09 11:56:40 | 000,010,112 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003/04/19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2001/08/17 07:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



[2008/08/06 00:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/08/06 00:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\nwy1mmgu.default\extensions
[2010/03/15 13:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/17 17:24:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 11:35:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 12:11:08 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 18:20:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/17 17:48:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/17 15:46:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/17 15:44:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/17 15:44:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/17 15:44:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/17 15:44:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/17 15:44:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/17 15:44:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/17 09:23:28 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/16 13:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\TB Route Update
[2010/04/16 12:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\SKIPTON CARLISLE 2
[2010/04/16 11:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\SKIPTON 1920
[2010/04/15 21:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\MSTSUK+
[2010/04/14 21:19:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2010/04/14 16:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ZEBRA
[2010/04/12 23:07:53 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 23:07:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 22:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\fixes
[2010/04/12 19:53:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/12 19:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Avira
[2010/04/11 20:26:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/04/11 20:26:16 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/04/11 20:26:16 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/04/11 20:26:16 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/04/11 20:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/11 20:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/04/11 12:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\workz
[2010/04/10 08:58:40 | 000,434,688 | ---- | C] (Virtualzone.de) -- C:\WINDOWS\System32\ss2uinst.exe
[2010/04/09 11:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Kosmos
[2010/04/07 17:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2010/04/07 17:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2010/04/05 18:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\SteelIXB
[2010/04/05 17:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\DDS Converter 2
[2010/04/05 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2010/04/05 10:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Taxes 2009
[2010/04/05 02:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Mama Puri1
[2010/04/02 23:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Rail Simulator
[2010/04/02 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\700Tools
[2010/04/02 12:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Steam Era RR
[2010/03/28 19:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\RW_Tools
[2010/03/28 16:15:12 | 000,110,592 | ---- | C] (Kuju) -- C:\WINDOWS\System32\serz.exe
[2010/03/28 16:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\RailWorks
[2010/03/28 13:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010/03/28 13:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Flight Simulator X Files
[2010/03/28 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ART$
[2010/03/27 11:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\FSX
[2010/03/26 14:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ships and harbours
[2010/03/25 18:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ZRegBackups
[2010/03/25 13:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\InstallShield
[2010/03/22 14:45:45 | 000,256,512 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwdlg.dll
[2010/03/22 14:45:45 | 000,237,056 | ---- | C] (MW Publishing) -- C:\WINDOWS\System32\mwgfx24.dll
[2010/03/22 14:45:45 | 000,191,488 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfx.dll
[2010/03/22 14:45:45 | 000,104,960 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwdds.dll
[2010/03/22 14:45:45 | 000,056,832 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwace.dll
[2010/03/22 14:45:45 | 000,053,248 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfxvb.dll
[2010/03/22 14:45:45 | 000,049,152 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwddsvb.dll
[2010/03/22 14:45:45 | 000,028,672 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfxcopy.exe
[2010/03/22 14:45:45 | 000,027,136 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwacevb.dll
[2010/03/22 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Route_Riter
[2010/03/22 14:16:47 | 000,000,000 | ---D | C] -- C:\Programmi
[2010/03/22 02:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\ConBuilder
[2010/03/22 02:04:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/03/22 02:04:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/03/21 22:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\UltimateZip
[2010/03/21 21:31:39 | 000,000,000 | ---D | C] -- C:\MLTtemp
[2010/03/21 21:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Maple Leaf Tracks
[2010/03/21 21:16:33 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun507.exe
[2010/03/21 21:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\MSTS Update
[2010/03/20 14:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\CFToolbox
[2010/03/20 14:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thraex Software
[2010/03/19 18:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\p3a_w_fx
[2010/03/19 14:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ScanAFD
[2010/03/19 13:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\FS Addons Glacier Bay 2.0
[2010/03/19 13:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\LAGO Special
[2010/03/19 12:44:37 | 001,888,232 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\VCL40.BPL
[2010/03/19 12:44:37 | 000,908,800 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\CP3245MT.DLL
[2010/03/19 12:44:37 | 000,252,408 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vclx40.bpl
[2010/03/19 12:44:37 | 000,106,992 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\vcljpg40.bpl
[2010/03/19 12:44:37 | 000,024,064 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\BORLNDMM.DLL
[2010/03/19 12:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\dvdata
[2010/03/19 12:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\CFS2 FX9 ACM
[2010/03/19 01:32:57 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010/03/19 01:32:57 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010/03/19 01:32:57 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/03/19 01:32:57 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/03/19 01:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/03/19 01:32:23 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/03/19 01:32:23 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/03/19 01:32:23 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/03/19 01:32:23 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/03/19 01:32:23 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/03/19 01:32:23 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/03/19 01:32:23 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/03/19 01:32:23 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/03/19 01:32:23 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/03/19 01:32:23 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/03/19 01:32:23 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/03/19 01:32:23 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/03/19 01:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/03/18 18:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Interactive Strip
[2009/04/27 00:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/27 00:38:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/27 00:38:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/27 00:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/07 14:17:45 | 000,233,472 | ---- | C] (Peter Engstrm) -- C:\Program Files\PakScape.exe
[2006/08/11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2000/11/01 18:46:28 | 000,160,256 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/17 18:23:24 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/17 18:23:01 | 000,193,866 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/17 18:22:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/17 18:22:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/17 18:21:35 | 015,990,784 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2010/04/17 18:21:35 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/17 18:21:35 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/17 18:21:35 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/17 18:21:35 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/17 18:21:35 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/17 18:21:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/17 18:21:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/17 17:25:31 | 000,000,283 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/17 17:24:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/17 15:46:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/17 15:42:09 | 003,917,472 | R--- | M] () -- C:\Documents and Settings\Chris\Desktop\CrisGerCF.exe
[2010/04/17 09:23:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2010/04/14 23:32:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/04/11 23:33:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/11 19:40:45 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 08:58:07 | 000,434,688 | ---- | M] (Virtualzone.de) -- C:\WINDOWS\System32\ss2uinst.exe
[2010/04/09 22:40:46 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/04/09 22:40:46 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/04/09 09:45:02 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Shortcut to Train Simulator.lnk
[2010/04/09 00:14:57 | 001,577,778 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/07 17:01:39 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2010/04/07 02:16:45 | 000,154,708 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\BREE.jpg
[2010/04/06 13:56:55 | 002,542,720 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Picture 002.jpg
[2010/04/06 13:56:55 | 002,535,721 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Picture 001.jpg
[2010/04/05 18:33:10 | 000,151,552 | ---- | M] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/04/02 14:23:13 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/04/02 14:23:12 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/04/01 16:43:04 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\My collection of English Translated Hentai-Doujinshi-Manga.url
[2010/03/30 23:05:59 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Anachronox walkthrough - solution.url
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 13:35:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/03/26 15:47:14 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Shortcut to Train Simulator.lnk
[2010/03/26 13:15:06 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Asisbiz.com - Search Engine Optimization and Software Development Company.url
[2010/03/26 13:11:22 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\HyperWar US Army in WWII Northwest Africa Seizing the Initiative In the West.url
[2010/03/22 14:35:16 | 000,969,674 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\trnst322.zip
[2010/03/22 11:02:24 | 001,409,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/22 04:01:14 | 000,017,968 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/21 21:16:24 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun507.exe
[2010/03/21 20:21:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2010/03/21 20:07:47 | 000,000,080 | ---- | M] () -- C:\WINDOWS\CoD.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/17 15:46:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/17 15:46:15 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/17 15:44:57 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/17 15:44:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/17 15:44:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/17 15:44:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/17 15:44:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/17 15:42:09 | 003,917,472 | R--- | C] () -- C:\Documents and Settings\Chris\Desktop\CrisGerCF.exe
[2010/04/09 09:45:02 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Shortcut to Train Simulator.lnk
[2010/04/07 17:01:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2010/04/07 02:16:45 | 000,154,708 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\BREE.jpg
[2010/04/06 11:34:22 | 002,542,720 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Picture 002.jpg
[2010/04/06 11:33:08 | 002,535,721 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Picture 001.jpg
[2010/04/05 23:17:24 | 000,000,000 | ---- | C] () -- C:\FileOut.Cns
[2010/04/05 23:17:24 | 000,000,000 | ---- | C] () -- C:\FileIn.Cns
[2010/04/05 18:33:25 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/04/01 16:43:04 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\My collection of English Translated Hentai-Doujinshi-Manga.url
[2010/03/30 23:05:58 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Anachronox walkthrough - solution.url
[2010/03/28 13:35:15 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/03/26 15:47:14 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Shortcut to Train Simulator.lnk
[2010/03/26 13:14:46 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Asisbiz.com - Search Engine Optimization and Software Development Company.url
[2010/03/26 13:11:21 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\HyperWar US Army in WWII Northwest Africa Seizing the Initiative In the West.url
[2010/03/22 14:35:16 | 000,969,674 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\trnst322.zip
[2010/03/19 12:44:37 | 000,193,536 | ---- | C] () -- C:\WINDOWS\System32\bcbsmp40.bpl
[2010/03/19 01:32:23 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/03/19 01:32:23 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/03/19 01:32:23 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/03/19 01:32:23 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/03/19 01:32:23 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/03/19 01:32:23 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/03/19 01:32:23 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/03/19 01:32:23 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/03/16 16:53:26 | 000,000,742 | ---- | C] () -- C:\WINDOWS\DC.ini
[2010/03/15 15:32:46 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2010/03/15 13:02:36 | 000,000,255 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/14 23:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/04/11 00:43:09 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/03/16 11:44:04 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/02/25 14:57:36 | 000,000,135 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009/02/25 14:55:35 | 000,000,578 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/02/23 06:52:44 | 000,000,218 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/06 15:40:35 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/23 01:45:00 | 000,147,192 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/01/23 01:39:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
[2009/01/02 21:16:07 | 000,000,080 | ---- | C] () -- C:\WINDOWS\CoD.ini
[2008/12/25 16:05:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\fs9configurator.ini
[2008/12/20 14:02:36 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/12/20 14:02:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/11/04 13:53:39 | 000,386,634 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/11/04 13:53:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/10/08 05:18:42 | 015,990,784 | ---- | C] () -- C:\Documents and Settings\Chris\ntuser.dat
[2008/09/26 22:24:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/24 11:46:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Caesar2.ini
[2008/09/20 16:09:40 | 000,000,129 | ---- | C] () -- C:\WINDOWS\WET.INI
[2008/09/20 12:40:18 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/09/20 12:40:18 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/09/17 12:50:36 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/09/13 16:44:52 | 000,000,385 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/09/11 14:18:17 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/08/28 11:15:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\DOSINST.INI
[2008/08/25 16:27:28 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\SMACKW32.DLL
[2008/08/25 16:25:50 | 000,159,232 | ---- | C] () -- C:\WINDOWS\System32\4.1a-smackw32.dll
[2008/08/25 16:25:50 | 000,158,208 | ---- | C] () -- C:\WINDOWS\System32\4.0k-smackw32.dll
[2008/08/25 16:25:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\4.0g-smackw32.dll
[2008/08/25 16:25:50 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\4.0d-smackw32.dll
[2008/08/25 16:25:50 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\4.0b-smackw32.dll
[2008/08/25 16:25:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\3.1c-smackw32.dll
[2008/08/25 16:25:50 | 000,098,304 | R--- | C] () -- C:\WINDOWS\System32\3.1b-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2m-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2h-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2g-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2f-smackw32.dll
[2008/08/25 16:25:50 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\3.2e-smackw32.dll
[2008/08/25 16:25:50 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\3.2b-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | R--- | C] () -- C:\WINDOWS\System32\3.1k-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1s-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1r-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1p-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1n-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1L-smackw32.dll
[2008/08/25 16:25:50 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\3.1h-smackw32.dll
[2008/08/25 16:25:50 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\3.1g-smackw32.dll
[2008/08/25 16:25:50 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\3.1f-smackw32.dll
[2008/08/25 16:25:50 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\3.0r-smackw32.dll
[2008/08/25 16:25:50 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\3.0p-smackw32.dll
[2008/08/25 16:25:50 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\3.0j-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0h-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0g-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0d-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0c-smackw32.dll
[2008/08/25 16:25:50 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\2.2i-smackw32.dll
[2008/08/25 16:25:50 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\2.2c-smackw32.dll
[2008/08/25 16:25:50 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\2.1g-smackw32.dll
[2008/08/25 16:25:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\4.0e-smackw32.dll
[2008/08/25 16:25:50 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\2.1c-smackw32.dll
[2008/08/23 22:44:46 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/08/23 17:02:51 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\launchpad.dll
[2008/08/23 12:26:25 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/08/22 12:14:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/08/22 11:47:25 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Chris\.rnd
[2008/08/21 18:44:15 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Chris\DesktopTomb Raider (Glide).VLP
[2008/08/20 14:17:10 | 000,000,255 | ---- | C] () -- C:\WINDOWS\civ.ini
[2008/08/20 14:09:00 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\ATM.DLL
[2008/08/15 18:28:14 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2008/08/15 18:28:14 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2008/08/04 21:56:30 | 000,003,260 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\glide_wrapper.zbag.ini
[2008/05/26 15:10:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/05/24 18:02:36 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/05/10 13:09:14 | 000,349,696 | ---- | C] () -- C:\WINDOWS\System32\Mss32.dll
[2008/05/04 22:46:36 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/26 15:24:44 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\PnkBstrK.sys
[2008/04/26 12:44:56 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/04/26 12:44:55 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/04/25 20:00:36 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/25 16:00:12 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2008/04/25 15:33:51 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/25 13:58:42 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/04/25 13:58:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/04/25 11:47:30 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Chris\ntuser.dat.LOG
[2008/04/25 11:47:30 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Chris\ntuser.ini
[2008/04/21 20:06:16 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/06 14:17:40 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/08/02 19:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007/08/02 19:11:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007/07/27 16:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 16:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/12/05 21:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 14:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/06 17:01:19 | 000,121,562 | ---- | C] () -- C:\WINDOWS\System32\PicFormat32.dll
[2005/06/19 10:45:22 | 000,258,048 | ---- | C] () -- C:\WINDOWS\glide3x.dll
[2005/06/19 10:45:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\glide2x.dll
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/09/20 14:09:18 | 000,032,872 | ---- | C] () -- C:\WINDOWS\System32\etvdq.dll
[2003/08/15 12:23:11 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\dsucp.dll
[2003/07/12 21:40:28 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\SAWZipNG.dll
[2002/03/12 23:46:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998/06/14 02:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

UPDATE: Sat Night

ESET Report:

C:\Documents and Settings\Chris\Desktop\Apps\EVEREST Ultimate Engineer Edition Portable\EVEREST Ultimate Engineer Edition Portable.exe probably a variant of Win32/Agent trojan deleted - quarantined
C:\Documents and Settings\Chris\Desktop\Shortcuts\EVEREST Ultimate Engineer Edition Portable.rar probably a variant of Win32/Agent trojan deleted - quarantined

ESET found two alerts..see above...and then it stopped running about 1/2 way through my Doccuments, i will start it again and let it run overnight and see if i can get a full report.

thanks again for the help smile.gif

Edited by CrisGer, 17 April 2010 - 11:26 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 18 April 2010 - 05:22 AM

OK, no problem. Once you post the full ESET scan, and it's fairly clean, there's only one minor security hole we need to close then we should be good to go.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:09:02 PM

Posted 18 April 2010 - 11:55 AM

ESET ran all night and completed:

one more trojan but it looks like it was an old one quarenteeded by Qbox from an earlier scan.

C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\000022c4.tmp.vir Win32/Olmarik.WW trojan cleaned by deleting - quarantined

that was all that was in the report, maybe i did it wrong,but that was the only text.

I deleted that install of Everest.

I remember reading about some security hole for older editions of IE..i treid to download one fix when i was trying to fight this bug, but it would not download.

Edited by CrisGer, 18 April 2010 - 03:33 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 19 April 2010 - 05:27 PM

Hello, CrisGer.

Yes, Combofix caught and quarantined that file, so that's a good scan. Java is outdated on this machine and we need to update. You can also update IE if you'd like. It is important to note that this machine is running Windows XP SP2. I do recommend you upgrade to Windows XP SP3, although do NOT do it now. Properly back up the system first, as SP2 to SP3 is a major upgrade and things can go wrong. We do however need to update Java. Then, please post a fresh OTL scan so i can confirm we are good to go.



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 20 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.



Step 2

Please post a fresh OTL scan...this should be the last thing I need to check before we uninstall our tools and purge system restore points so it can't accidentally get reinfected again.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:09:02 PM

Posted 19 April 2010 - 06:44 PM

I removed two entries for Java and now it says Java 6 Update 20.

OTL logfile created on: 4/19/2010 5:28:19 PM - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Chris\Desktop\fixes
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 57.56 Gb Free Space | 20.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-25CB808AE
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/17 09:23:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\fixes\OTL.exe
PRC - [2008/10/03 22:39:54 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/30 11:34:18 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2007/07/27 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/17 09:23:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\fixes\OTL.exe
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2008/10/03 22:39:54 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/30 11:34:18 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)


========== Driver Services (SafeList) ==========

DRV - [2009/04/29 09:37:20 | 000,971,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm140.sys -- (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140)
DRV - [2009/04/29 09:37:18 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/04/29 09:37:18 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/04/29 09:37:15 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/01/23 01:44:59 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2008/10/23 21:53:47 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/23 21:53:46 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/10/07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/16 01:29:53 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2008/04/25 13:31:48 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/08/29 04:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2007/07/27 06:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/22 09:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ョ 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/08/11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/11/29 12:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/11/25 10:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/10/28 04:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/04/02 16:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/09/04 06:45:44 | 000,055,144 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (si3112)
DRV - [2003/06/09 11:56:40 | 000,010,112 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
DRV - [2003/06/09 11:56:40 | 000,010,112 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003/04/19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2001/08/17 07:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



[2008/08/06 00:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2008/08/06 00:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\nwy1mmgu.default\extensions
[2010/03/15 13:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/17 17:24:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 11:35:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 12:11:08 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1482476501-1220945662-725345543-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/19 17:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/19 17:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/19 17:26:22 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/19 17:26:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/19 17:26:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/19 17:26:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/19 17:26:22 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/19 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/19 17:24:02 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Chris\Desktop\jre-6u20-windows-i586.exe
[2010/04/19 12:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\NEW MSTS
[2010/04/17 18:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/17 18:20:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/17 17:48:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/17 15:46:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/17 15:44:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/17 15:44:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/17 15:44:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/17 15:44:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/17 15:44:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/17 15:44:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/15 21:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\MSTSUK+
[2010/04/14 21:19:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2010/04/12 23:07:53 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/12 23:07:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 22:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\fixes
[2010/04/12 19:53:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/10 08:58:40 | 000,434,688 | ---- | C] (Virtualzone.de) -- C:\WINDOWS\System32\ss2uinst.exe
[2010/04/09 11:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Kosmos
[2010/04/07 17:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2010/04/07 17:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2010/04/05 18:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\SteelIXB
[2010/04/05 17:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\DDS Converter 2
[2010/04/05 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2010/04/05 10:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Taxes 2009
[2010/04/05 02:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Mama Puri1
[2010/04/02 23:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Rail Simulator
[2010/04/02 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\700Tools
[2010/04/02 12:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Steam Era RR
[2010/03/28 19:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\RW_Tools
[2010/03/28 16:15:12 | 000,110,592 | ---- | C] (Kuju) -- C:\WINDOWS\System32\serz.exe
[2010/03/28 16:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\RailWorks
[2010/03/28 13:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010/03/28 13:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Flight Simulator X Files
[2010/03/28 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ART$
[2010/03/27 11:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\FSX
[2010/03/26 14:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ships and harbours
[2010/03/25 18:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ZRegBackups
[2010/03/25 13:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\InstallShield
[2010/03/22 14:45:45 | 000,256,512 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwdlg.dll
[2010/03/22 14:45:45 | 000,237,056 | ---- | C] (MW Publishing) -- C:\WINDOWS\System32\mwgfx24.dll
[2010/03/22 14:45:45 | 000,191,488 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfx.dll
[2010/03/22 14:45:45 | 000,104,960 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwdds.dll
[2010/03/22 14:45:45 | 000,056,832 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwace.dll
[2010/03/22 14:45:45 | 000,053,248 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfxvb.dll
[2010/03/22 14:45:45 | 000,049,152 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwddsvb.dll
[2010/03/22 14:45:45 | 000,028,672 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfxcopy.exe
[2010/03/22 14:45:45 | 000,027,136 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwacevb.dll
[2010/03/22 14:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Route_Riter
[2010/03/22 14:16:47 | 000,000,000 | ---D | C] -- C:\Programmi
[2010/03/22 02:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\ConBuilder
[2010/03/22 02:04:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/03/22 02:04:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/03/21 22:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\UltimateZip
[2010/03/21 21:31:39 | 000,000,000 | ---D | C] -- C:\MLTtemp
[2010/03/21 21:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Maple Leaf Tracks
[2010/03/21 21:16:33 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun507.exe
[2010/03/21 21:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\MSTS Update
[2009/04/27 00:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/27 00:38:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/27 00:38:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/27 00:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/07 14:17:45 | 000,233,472 | ---- | C] (Peter Engstrm) -- C:\Program Files\PakScape.exe
[2006/08/11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2000/11/01 18:46:28 | 000,160,256 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/19 17:26:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/19 17:26:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/19 17:26:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/19 17:26:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/19 17:26:08 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/19 17:24:02 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Chris\Desktop\jre-6u20-windows-i586.exe
[2010/04/19 09:45:08 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/19 09:44:48 | 000,193,866 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/19 09:44:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/19 09:44:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/19 09:43:15 | 015,990,784 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2010/04/19 09:43:15 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/19 09:43:15 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/19 09:43:15 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/19 09:43:15 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/19 09:43:15 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000008-00001102-00000004-20021102}.rfx
[2010/04/19 09:43:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/19 09:43:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/19 01:20:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/19 01:19:32 | 000,238,592 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/18 13:55:50 | 000,166,753 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Our Guazrdian AngelsS..jpg
[2010/04/18 13:55:32 | 000,353,699 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Our Guazrdian Angels..jpg
[2010/04/18 13:53:10 | 000,368,623 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Our Guazrdian Angels.jpg
[2010/04/18 13:51:53 | 000,368,623 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\The Computer Angels copy.jpg
[2010/04/18 13:42:01 | 000,321,848 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\The Computer Angels.jpg
[2010/04/17 17:25:31 | 000,000,283 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/17 17:24:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/17 15:46:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/14 23:32:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/04/10 08:58:07 | 000,434,688 | ---- | M] (Virtualzone.de) -- C:\WINDOWS\System32\ss2uinst.exe
[2010/04/09 22:40:46 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/04/09 22:40:46 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/04/09 09:45:02 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Shortcut to Train Simulator.lnk
[2010/04/09 00:14:57 | 001,577,778 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/07 17:01:39 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2010/04/07 02:16:45 | 000,154,708 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\BREE.jpg
[2010/04/06 13:56:55 | 002,542,720 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Picture 002.jpg
[2010/04/06 13:56:55 | 002,535,721 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Picture 001.jpg
[2010/04/05 18:33:10 | 000,151,552 | ---- | M] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/04/02 14:23:13 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/04/02 14:23:12 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/04/01 16:43:04 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\My collection of English Translated Hentai-Doujinshi-Manga.url
[2010/03/30 23:05:59 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Anachronox walkthrough - solution.url
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 13:35:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/03/26 15:47:14 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Shortcut to Train Simulator.lnk
[2010/03/26 13:15:06 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Asisbiz.com - Search Engine Optimization and Software Development Company.url
[2010/03/26 13:11:22 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\HyperWar US Army in WWII Northwest Africa Seizing the Initiative In the West.url
[2010/03/22 14:35:16 | 000,969,674 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\trnst322.zip
[2010/03/22 11:02:24 | 001,409,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/22 04:01:14 | 000,017,968 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/21 21:16:24 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun507.exe
[2010/03/21 20:21:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2010/03/21 20:07:47 | 000,000,080 | ---- | M] () -- C:\WINDOWS\CoD.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/18 13:55:49 | 000,166,753 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Our Guazrdian AngelsS..jpg
[2010/04/18 13:55:30 | 000,353,699 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Our Guazrdian Angels..jpg
[2010/04/18 13:53:09 | 000,368,623 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Our Guazrdian Angels.jpg
[2010/04/18 13:51:52 | 000,368,623 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\The Computer Angels copy.jpg
[2010/04/18 13:42:01 | 000,321,848 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\The Computer Angels.jpg
[2010/04/17 15:46:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/17 15:46:15 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/17 15:44:57 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/17 15:44:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/17 15:44:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/17 15:44:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/17 15:44:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/09 09:45:02 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Shortcut to Train Simulator.lnk
[2010/04/07 17:01:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2010/04/07 02:16:45 | 000,154,708 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\BREE.jpg
[2010/04/06 11:34:22 | 002,542,720 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Picture 002.jpg
[2010/04/06 11:33:08 | 002,535,721 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Picture 001.jpg
[2010/04/05 23:17:24 | 000,000,000 | ---- | C] () -- C:\FileOut.Cns
[2010/04/05 23:17:24 | 000,000,000 | ---- | C] () -- C:\FileIn.Cns
[2010/04/05 18:33:25 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/04/01 16:43:04 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\My collection of English Translated Hentai-Doujinshi-Manga.url
[2010/03/30 23:05:58 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Anachronox walkthrough - solution.url
[2010/03/28 13:35:15 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/03/26 15:47:14 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Shortcut to Train Simulator.lnk
[2010/03/26 13:14:46 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Asisbiz.com - Search Engine Optimization and Software Development Company.url
[2010/03/26 13:11:21 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\HyperWar US Army in WWII Northwest Africa Seizing the Initiative In the West.url
[2010/03/22 14:35:16 | 000,969,674 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\trnst322.zip
[2010/03/16 16:53:26 | 000,000,742 | ---- | C] () -- C:\WINDOWS\DC.ini
[2010/03/15 15:32:46 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2010/03/15 13:02:36 | 000,000,255 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/14 23:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/04/11 00:43:09 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/03/16 11:44:04 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/02/25 14:57:36 | 000,000,135 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009/02/25 14:55:35 | 000,000,578 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/02/23 06:52:44 | 000,000,218 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/06 15:40:35 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/23 01:45:00 | 000,147,192 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/01/23 01:39:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
[2009/01/02 21:16:07 | 000,000,080 | ---- | C] () -- C:\WINDOWS\CoD.ini
[2008/12/25 16:05:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\fs9configurator.ini
[2008/12/20 14:02:36 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/12/20 14:02:36 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/11/04 13:53:39 | 000,386,634 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/11/04 13:53:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/10/08 05:18:42 | 015,990,784 | ---- | C] () -- C:\Documents and Settings\Chris\ntuser.dat
[2008/09/26 22:24:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/24 11:46:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Caesar2.ini
[2008/09/20 16:09:40 | 000,000,129 | ---- | C] () -- C:\WINDOWS\WET.INI
[2008/09/20 12:40:18 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/09/20 12:40:18 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/09/17 12:50:36 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/09/13 16:44:52 | 000,000,385 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/09/11 14:18:17 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/08/28 11:15:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\DOSINST.INI
[2008/08/25 16:27:28 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\SMACKW32.DLL
[2008/08/25 16:25:50 | 000,159,232 | ---- | C] () -- C:\WINDOWS\System32\4.1a-smackw32.dll
[2008/08/25 16:25:50 | 000,158,208 | ---- | C] () -- C:\WINDOWS\System32\4.0k-smackw32.dll
[2008/08/25 16:25:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\4.0g-smackw32.dll
[2008/08/25 16:25:50 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\4.0d-smackw32.dll
[2008/08/25 16:25:50 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\4.0b-smackw32.dll
[2008/08/25 16:25:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\3.1c-smackw32.dll
[2008/08/25 16:25:50 | 000,098,304 | R--- | C] () -- C:\WINDOWS\System32\3.1b-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2m-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2h-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2g-smackw32.dll
[2008/08/25 16:25:50 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\3.2f-smackw32.dll
[2008/08/25 16:25:50 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\3.2e-smackw32.dll
[2008/08/25 16:25:50 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\3.2b-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | R--- | C] () -- C:\WINDOWS\System32\3.1k-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1s-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1r-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1p-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1n-smackw32.dll
[2008/08/25 16:25:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\3.1L-smackw32.dll
[2008/08/25 16:25:50 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\3.1h-smackw32.dll
[2008/08/25 16:25:50 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\3.1g-smackw32.dll
[2008/08/25 16:25:50 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\3.1f-smackw32.dll
[2008/08/25 16:25:50 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\3.0r-smackw32.dll
[2008/08/25 16:25:50 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\3.0p-smackw32.dll
[2008/08/25 16:25:50 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\3.0j-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0h-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0g-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0d-smackw32.dll
[2008/08/25 16:25:50 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\3.0c-smackw32.dll
[2008/08/25 16:25:50 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\2.2i-smackw32.dll
[2008/08/25 16:25:50 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\2.2c-smackw32.dll
[2008/08/25 16:25:50 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\2.1g-smackw32.dll
[2008/08/25 16:25:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\4.0e-smackw32.dll
[2008/08/25 16:25:50 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\2.1c-smackw32.dll
[2008/08/23 22:44:46 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/08/23 17:02:51 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\launchpad.dll
[2008/08/23 12:26:25 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/08/22 12:14:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/08/22 11:47:25 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Chris\.rnd
[2008/08/21 18:44:15 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Chris\DesktopTomb Raider (Glide).VLP
[2008/08/20 14:17:10 | 000,000,255 | ---- | C] () -- C:\WINDOWS\civ.ini
[2008/08/20 14:09:00 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\ATM.DLL
[2008/08/15 18:28:14 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2008/08/15 18:28:14 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2008/08/04 21:56:30 | 000,003,260 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\glide_wrapper.zbag.ini
[2008/05/26 15:10:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/05/24 18:02:36 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/05/10 13:09:14 | 000,349,696 | ---- | C] () -- C:\WINDOWS\System32\Mss32.dll
[2008/05/04 22:46:36 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/26 15:24:44 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\PnkBstrK.sys
[2008/04/26 12:44:56 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/04/26 12:44:55 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/04/25 20:00:36 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/25 16:00:12 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2008/04/25 15:33:51 | 000,238,592 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/25 13:58:42 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/04/25 13:58:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/04/25 11:47:30 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Chris\ntuser.dat.LOG
[2008/04/25 11:47:30 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Chris\ntuser.ini
[2008/04/21 20:06:16 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/06 14:17:40 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/08/02 19:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007/08/02 19:11:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007/07/27 16:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 16:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/12/05 21:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 14:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/11/06 17:01:19 | 000,121,562 | ---- | C] () -- C:\WINDOWS\System32\PicFormat32.dll
[2005/06/19 10:45:22 | 000,258,048 | ---- | C] () -- C:\WINDOWS\glide3x.dll
[2005/06/19 10:45:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\glide2x.dll
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/09/20 14:09:18 | 000,032,872 | ---- | C] () -- C:\WINDOWS\System32\etvdq.dll
[2003/08/15 12:23:11 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\dsucp.dll
[2003/07/12 21:40:28 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\SAWZipNG.dll
[2002/03/12 23:46:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998/06/14 02:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

Scan Completed and included above.

If i am ok, let me know .....

I want to thank you so much for the help, i cant believe in this day and age of so much selfishness you and the other helpers here do so much for us all...it is literally beyond words. As you may know for many of us, our computers function in many important ways in our lives and mine is one of them, due to illness and life circumstances it has been a life line and a constant help and companion through years of recovery. I am an artist and there fore as a token of my appreciation, i have created an image of thanks for you and the other helpers here which you are welcome to share with them as a sign of apreciation from all of us out here who you have all helped so much. I have included a link to a larger version for you as well.

I do thank you all so very much.

The Image is:



Our Guardian Angels - Bleeping Computer

All Rights Given with thanks to Bleeping Computer and our friends there who help us so much.
C Gerlach
April 2010

Larger version:

http://www.filefront.com/16175629/Our-Guazrdian-Angels..jpg/

Edited by CrisGer, 19 April 2010 - 06:50 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 20 April 2010 - 05:11 PM

Hello, CrisGer.

You are indeed clean. There are a few things left to ensure you don't accidentally get reinfected from this infection. Please do Step 1 below, and I did list some optional items that are completely up to you.

I also notice AntiVir antivirus was not running in this last scan. AntiVir is a great and free antivirus. If you only turned it off for this OTL scan, please don't forget to keep it on and updated. If not, I strongly urge you to install AntiVir, Avast! or another free antivirus with real time scanning to protect yourself. Let me know if you need any download links. I'm guessing you turned it off for the scan, but I need to mention it just in case. smile.gif

Thanks for the artwork! It's beautiful. I will share with the other helpers right after I click post to this message. We're always more than happy to help. I wish you the best.

If there's anything else, please let me know, if not you are good to go.



Step 1

Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites
Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:09:02 PM

Posted 20 April 2010 - 09:27 PM

Thank you, Combofix removed without issue. Antivirus re installed and running, yes i had removed it so it would not interfere with the cleaning.

I will update it every day. I also have Malware Antimalwarebytes installed, the free version and use it regularly and Spybot too. Thanks a lot. I really appreicate the help and i am glad you liked the Angel. She will be there to protect you and the rest of the team as you do your good works for all of us. All the best and thanks to all.



Warm regards
Chris

Edited by CrisGer, 20 April 2010 - 09:41 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 25 April 2010 - 06:51 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 27 April 2010 - 06:18 PM

reopened due to issues popping back up.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users