Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engines Redirect Constantly


  • This topic is locked This topic is locked
16 replies to this topic

#1 Asterothstrife

Asterothstrife

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 18 June 2011 - 11:10 PM

Hello! My current problem and the topic is that any search engines I use online will redirect any links that I click after a search. I've looked around the forums and found that you have many other people with this issue. I resisted the urge to try a self Combofix because I hate blaming myself.

Situations leading up to this:
Originally had lots of malware, downloaded MBAM, SuperAnitspyware. Used them and found several malware that were cleaned but then had the problem of Search engines (and ONLY them) were taking 1minute + to complete their searches. Google is how I internet so this was very troubling.

Attempted to fix:
With a hunch online I found. I backed up my registry and deleted some keys from Startupreg. That worked.
It was soon after that I seemed to catch the Redirect malware. I attempted reloading the registry, but it only halfway completed stating that some registry keys are currently running and unable to replace. Later downloaded RegistryBooster and Pagedefrag, no help but seemed to catch some things.

Other symptoms:
Now internet crashes at seemingly completely random intervals. Sometimes lasting hours, or minutes, crashing 1 time or 4 times.
Computer after left on for several hours and playing a game will shutdown suddenly. I never had this problem before.
Computer takes notably 40seconds longer to finish start up after the welcoming screen.

I've attached the DDS copy/pasted report
Also the RKunhooker copy/pasted report
Standing by with combofix and hijack this at your request.

Thanks in advance for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 AM

Posted 27 June 2011 - 11:09 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Asterothstrife

Asterothstrife
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 27 June 2011 - 01:19 PM

Hello and Thanks for replying ST!

While sitting back and enjoying my homemade blueberry banana smoothy I got these results!!

#############################################################################################################################################################

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xBF1CC000 C:\WINDOWS\System32\ati3duag.dll 3887104 bytes (ATI Technologies Inc. , ati3duag.dll)
0xB99C1000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3817472 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF9C6000 C:\WINDOWS\System32\ativvaxx.dll 2646016 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAB308000 C:\WINDOWS\system32\drivers\monfilt.sys 1392640 bytes (Creative Technology Ltd., Creative WDM Audio Driver (32-bit))
0xAB45C000 C:\WINDOWS\system32\drivers\viahduaa.sys 995328 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0xBF065000 C:\WINDOWS\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB9E32000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 536576 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAB05F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9818000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAB1B4000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7AD3000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF181000 C:\WINDOWS\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBF581000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA7682000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB97DD000 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0xAB240000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9DEF000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x96080000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAB0CF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9985000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAB166000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAB279000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xAB18E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAB5EF000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9961000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9876000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAB144000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAB122000 C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EE8000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F20000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAB041000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xAB63B000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 110592 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xB9DD5000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F08000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EBF000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB994A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9E1C000 inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xA887B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB99AD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAB20D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9ED6000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9899000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB991A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA278000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA248000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAB58F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA318000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA118000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 53248 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113 PCI-E Ethernet Controller ndis miniport driver)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0F8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2E8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA0E8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0D8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA228000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA2F8000 C:\WINDOWS\System32\Drivers\nx6000.sys 40960 bytes (Microsoft Corporation, Microsoft® LifeCam NX-6000 driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA70A8000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA108000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA188000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA128000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA490000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA4A0000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 24576 bytes (COMODO, COMODO Internet Security Helper Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0x96986000 c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C4F1A5B-C0D6-486B-866F-BE55A9E0E698}\MpKsl69e9c8e0.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA358000 C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA470000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA480000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA408000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA338000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA438000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA564000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAB633000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAB2B4000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7698000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA56C000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0xBA5B2000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xBA5E4000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xBA5D2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5CE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5D6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5C8000 C:\WINDOWS\system32\drivers\MSPCLOCK.sys 8192 bytes (Microsoft Corporation, MS Proxy Clock)
0xBA660000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xBA5AC000 PenClass.sys 8192 bytes (Wacom Technology Corporation, Pen Class Driver)
0xBA5DA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5B8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5BE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7BE000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA728000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6EB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A110AF1 ?_empty_? 1295 bytes
!!!!!!!!!!!Hidden driver: 0x8A149A38 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9F08000 WARNING: suspicious driver modification [atapi.sys::0x8A110AF1]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


OTL REPORTS
Extra.txt is #1
OTL.txt is #2

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

OTL Extras logfile created on: 6/27/2011 11:07:00 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Matthew Hanley\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.52% Memory free
9.09 Gb Paging File | 8.30 Gb Available in Paging File | 91.41% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 7.73 Gb Free Space | 5.19% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 8.47 Gb Free Space | 3.64% Space Free | Partition Type: NTFS
Drive F: | 37.27 Gb Total Space | 37.20 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: GLITCH3 | User Name: Matthew Hanley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-329068152-1364589140-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"1031:TCP" = 1031:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Gaming Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Gaming Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Gaming Files\World of Warcraft\Launcher.exe" = C:\Gaming Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Gaming Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Gaming Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Gaming Files\World of Warcraft\BackgroundDownloader.exe" = C:\Gaming Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Matthew Hanley\Local Settings\Apps\2.0\CHBV169A.0AP\HYOZO8OJ.KM8\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\Matthew Hanley\Local Settings\Apps\2.0\CHBV169A.0AP\HYOZO8OJ.KM8\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Documents and Settings\Matthew Hanley\Desktop\Terraria\terr..tion_b4cf2e620fc4ef7b_0000.0007_2658d8a65906595c\Terraria.exe" = C:\Documents and Settings\Matthew Hanley\Desktop\Terraria\terr..tion_b4cf2e620fc4ef7b_0000.0007_2658d8a65906595c\Terraria.exe:*:Enabled:Terraria
"C:\Program Files\Terraria\Terraria.exe" = C:\Program Files\Terraria\Terraria.exe:*:Enabled:Terraria -- (Teh Gamez)
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\magic the gathering dotp 2012\Magic_2012.exe" = C:\Program Files\Steam\steamapps\common\magic the gathering dotp 2012\Magic_2012.exe:*:Enabled:Magic: The Gathering — Duels of the Planeswalkers 2012 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0863885D-E64B-9E5A-9747-03321A2D2A49}" = CCC Help Korean
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C40E716-2558-01E2-4797-484E4CCB2500}" = Catalyst Control Center Localization All
"{10FDD69C-2428-0FFB-12A2-2A6907D6282F}" = CCC Help Japanese
"{139DEC1F-D380-EB76-B0DF-88BC99B3B7BB}" = Catalyst Control Center Graphics Light
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2347E903-6299-A99F-C46C-05EB55912539}" = CCC Help Chinese Traditional
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2B3A996D-CCBF-3D62-B0AD-EA05553D3CEE}" = CCC Help Chinese Standard
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{300D2ECE-DA75-1623-871F-935A205FC450}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4BF8A8A5-B3EA-6073-0457-669CC1E929C8}" = CCC Help Hungarian
"{501C0FDB-DCA5-E211-956C-26ADC4C54B66}" = Catalyst Control Center Core Implementation
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{57F85CF9-B9EF-6C77-8095-A2CF95738099}" = CCC Help Danish
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{63A17691-ABC0-E86F-5D7A-A2F7EE36145E}" = CCC Help Dutch
"{6501E9B8-77C7-7D81-7F1A-4C2D7E36B403}" = CCC Help Italian
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A5824D-08E9-9A96-2104-19E4FE86E5FA}" = CCC Help Spanish
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7907CAB0-6C4F-C554-34EA-93EAC98B42F9}" = CCC Help Turkish
"{79A65475-2F7F-491C-BF2F-8D5C0AF0775C}" = DUNGEONS
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82982D26-D60E-27D8-361F-F14A8F6440E7}" = Catalyst Control Center HydraVision Full
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87934EAD-CE6F-16C6-6004-73E092AA15A6}" = Catalyst Control Center Graphics Previews Common
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89B80F72-CCD0-95C3-21CB-89BA03D98155}" = CCC Help Finnish
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{906D95BA-4515-59A5-F2E4-072B1E73BB75}" = CCC Help English
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8BE52A-2C9A-91F2-310E-560CCE4FD247}" = CCC Help Russian
"{A0D62771-4353-8D52-44B8-0FCFF07D5FF1}" = ccc-core-preinstall
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3AE78AD-093F-57F1-280D-A31B0C1C1425}" = CCC Help Greek
"{A41A9C99-0029-783E-40C3-3AA0D1A6535D}" = CCC Help Polish
"{A680CE58-7B2C-9A45-D05F-5AC22DFA2F76}" = CCC Help Portuguese
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A97B911E-8B1F-3B0F-F3D1-63B04084CC0F}" = Skins
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AD3AE2EE-E0DB-7818-3F05-7E8B2FB22C49}" = CCC Help Norwegian
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B414174C-97E4-9E8B-018E-AC77055D0107}" = CCC Help Thai
"{B6D0AACC-1F01-A901-5348-FF3599EFE70D}" = CCC Help French
"{B98604A2-5229-CBE6-98A4-A6D7C63B7458}" = ccc-utility
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CBD1A47D-691E-56C2-AC6A-1B3F80E3EC14}" = CCC Help Swedish
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D34313F7-B5E2-D3AF-FBB1-EF3ED1DEF5AB}" = CCC Help Czech
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E3A6437F-DE5B-6F3E-7BB3-39185D0BBDCE}" = ccc-core-static
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EB1446FB-A3EF-D04D-C224-EEC74F11805F}" = Catalyst Control Center Graphics Full New
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE931AAE-B6D9-8A02-60C7-EF4862306F58}" = Catalyst Control Center Graphics Full Existing
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"Anime Studio Pro_is1" = Anime Studio Pro 5.6
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BootSkin" = BootSkin
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO GeekBuddy" = COMODO GeekBuddy
"DAEMON Tools Lite" = DAEMON Tools Lite
"Doom 3v1.3.0" = Doom 3
"Drakensang_TRoT_is1" = Drakensang - The River of Time
"DungeonSiege2" = Dungeon Siege 2
"Fallout New Vegas_is1" = Fallout New Vegas
"FL Studio 9" = FL Studio 9
"GetFLV Pro_is1" = GetFLV Pro 9.0.0.7
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IconPackager" = IconPackager
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Kings Bounty Armored Princess_is1" = Kings Bounty Armored Princess
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"MediaInfo" = MediaInfo 0.7.34
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Steam App 440" = Team Fortress 2
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Two Worlds II" = Two Worlds II
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"VLMC" = VideoLAN Movie Creator
"Wacom Tablet Driver" = Wacom Tablet
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-1364589140-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2011 3:53:02 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

Error - 6/15/2011 1:52:43 PM | Computer Name = GLITCH3 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8107.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 6/16/2011 12:57:58 AM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application magic_2012.exe, version 0.0.0.0, faulting module
magic_2012.exe, version 0.0.0.0, fault address 0x00420aee.

Error - 6/17/2011 3:56:35 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application twoworlds2.exe, version 1.0.0.0, faulting module
twoworlds2.exe, version 1.0.0.0, fault address 0x006c94fa.

Error - 6/17/2011 5:16:45 PM | Computer Name = GLITCH3 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8107.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 6/17/2011 5:29:01 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application twoworlds2.exe, version 1.0.0.0, faulting module
twoworlds2.exe, version 1.0.0.0, fault address 0x006f25f3.

Error - 6/18/2011 4:00:57 AM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application twoworlds2.exe, version 1.0.0.0, faulting module
twoworlds2.exe, version 1.0.0.0, fault address 0x00674d6c.

Error - 6/20/2011 9:44:13 AM | Computer Name = GLITCH3 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 6/25/2011 1:23:53 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

Error - 6/25/2011 1:24:37 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

[ Application Events ]
Error - 6/13/2011 3:53:02 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

Error - 6/15/2011 1:52:43 PM | Computer Name = GLITCH3 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8107.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 6/16/2011 12:57:58 AM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application magic_2012.exe, version 0.0.0.0, faulting module
magic_2012.exe, version 0.0.0.0, fault address 0x00420aee.

Error - 6/17/2011 3:56:35 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application twoworlds2.exe, version 1.0.0.0, faulting module
twoworlds2.exe, version 1.0.0.0, fault address 0x006c94fa.

Error - 6/17/2011 5:16:45 PM | Computer Name = GLITCH3 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8107.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 6/17/2011 5:29:01 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application twoworlds2.exe, version 1.0.0.0, faulting module
twoworlds2.exe, version 1.0.0.0, fault address 0x006f25f3.

Error - 6/18/2011 4:00:57 AM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application twoworlds2.exe, version 1.0.0.0, faulting module
twoworlds2.exe, version 1.0.0.0, fault address 0x00674d6c.

Error - 6/20/2011 9:44:13 AM | Computer Name = GLITCH3 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 6/25/2011 1:23:53 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

Error - 6/25/2011 1:24:37 PM | Computer Name = GLITCH3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

[ System Events ]
Error - 6/25/2011 8:47:13 PM | Computer Name = GLITCH3 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/25/2011 8:47:25 PM | Computer Name = GLITCH3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 6/25/2011 8:48:13 PM | Computer Name = GLITCH3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 6/25/2011 8:48:24 PM | Computer Name = GLITCH3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 6/25/2011 8:48:54 PM | Computer Name = GLITCH3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 6/25/2011 8:49:05 PM | Computer Name = GLITCH3 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 6/26/2011 3:52:22 AM | Computer Name = GLITCH3 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/26/2011 3:52:25 AM | Computer Name = GLITCH3 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/26/2011 3:52:31 AM | Computer Name = GLITCH3 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/26/2011 10:32:58 AM | Computer Name = GLITCH3 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929

Name:
VirTool:Win32/Obfuscator.XZ ID: 2147625929 Severity: Severe Category: Tool Path: containerfile:_D:\New
Downloads\Two.Worlds.II-RELOADED\rld-tww2.iso;file:_D:\New Downloads\Two.Worlds.II-RELOADED\rld-tww2.iso->Crack\rld-tw2k.exe

Detection
Origin: %%845 Detection Type: %%821 Detection Source: %%820 User: NT AUTHORITY\NETWORK
SERVICE Process Name: Unknown Action: %%809 Action Status: No additional actions
required Error Code: 0x800700df Error description: Signature Version: AV: 1.107.455.0,
AS: 1.107.455.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7000.0, NIS: 0.0.0.0


< End of report >

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

OTL logfile created on: 6/27/2011 11:07:00 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Matthew Hanley\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.52% Memory free
9.09 Gb Paging File | 8.30 Gb Available in Paging File | 91.41% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 7.73 Gb Free Space | 5.19% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 8.47 Gb Free Space | 3.64% Space Free | Partition Type: NTFS
Drive F: | 37.27 Gb Total Space | 37.20 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: GLITCH3 | User Name: Matthew Hanley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/27 11:00:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Hanley\Desktop\OTL.exe
PRC - [2011/06/24 16:16:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2011/05/09 23:17:34 | 002,552,648 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/04/30 23:49:21 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/04/11 17:45:30 | 000,107,520 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/08/15 01:23:20 | 000,086,016 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/06/27 11:00:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Hanley\Desktop\OTL.exe
MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/11/18 12:12:06 | 000,070,960 | ---- | M] (Stardock.net, Inc) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/14 10:40:40 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/11/15 11:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) [On_Demand | Stopped] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/15 01:23:20 | 000,086,016 | R--- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/06/26 15:08:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C4F1A5B-C0D6-486B-866F-BE55A9E0E698}\MpKsl69e9c8e0.sys -- (MpKsl69e9c8e0)
DRV - [2011/06/25 15:03:15 | 000,164,096 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2011/06/06 16:29:49 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/11/02 16:07:54 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/13 17:06:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/21 16:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/03 23:27:20 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/18 20:39:30 | 000,993,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/10/31 10:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/02/13 23:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/02/13 21:27:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/12/17 02:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/04/09 14:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-329068152-1364589140-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 16:16:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/05 13:02:18 | 000,000,000 | ---D | M]

[2010/05/25 19:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Hanley\Application Data\Mozilla\Extensions
[2011/06/13 13:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Hanley\Application Data\Mozilla\Firefox\Profiles\zdj1m5ux.default\extensions
[2010/09/15 22:46:19 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Mozilla\Firefox\Profiles\zdj1m5ux.default\searchplugins\bing-zugo.xml
[2011/06/14 10:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/09 04:57:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/24 16:16:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Startup\Video game music.m3u ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew Hanley\Application Data\JugglerWallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/15 14:27:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 11:00:28 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Hanley\Desktop\OTL.exe
[2011/06/25 14:47:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew Hanley\Recent
[2011/06/18 19:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Desktop\Analysis Programs
[2011/06/18 08:39:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/15 11:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\My Documents\Wizards of the Coast
[2011/06/14 15:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\Help
[2011/06/14 15:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\Help
[2011/06/14 13:25:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Administrative Tools
[2011/06/14 12:37:17 | 000,215,928 | ---- | C] (Sysinternals) -- C:\Documents and Settings\Matthew Hanley\Desktop\pagedfrg.exe
[2011/06/14 12:27:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/14 12:16:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/06/14 11:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Desktop\Registry backups
[2011/06/14 10:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/06/14 10:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Steam
[2011/06/13 19:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\COMODO
[2011/06/13 19:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
[2011/06/13 19:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/06/13 16:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Uniblue
[2011/06/13 16:52:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2011/06/13 16:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/06/13 16:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\Uniblue
[2011/06/13 16:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/06/13 01:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\COMODO
[2011/06/12 09:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\Malwarebytes
[2011/06/12 09:17:32 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/12 09:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 09:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/06/12 09:17:28 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/12 09:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/12 09:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\SUPERAntiSpyware.com
[2011/06/12 09:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/06/11 12:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\My Documents\Two Worlds II
[2011/06/11 12:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\Two Worlds II
[2011/06/11 08:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Reality Pump
[2011/06/11 07:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/06/11 07:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\My Documents\Drakensang_TRoT
[2011/06/11 06:34:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\SecuROM
[2011/06/11 06:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\1C Company
[2011/06/11 05:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\1C Company
[2011/06/10 14:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Drakensang - The River of Time
[2011/06/10 14:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\Drakensang - The River of Time
[2011/06/10 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/06/10 12:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Paradox Interactive
[2011/06/09 11:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\FFSJ
[2011/06/08 20:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\mG28321AlJkJ28321
[2011/06/08 03:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Doom 3
[2011/06/08 02:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Doom 3
[2011/06/07 22:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dungeon Siege 2
[2011/06/07 22:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/06/07 17:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\Kalypso Media
[2011/06/07 17:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Kalypso Media
[2011/06/07 17:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso Media
[2011/06/07 17:29:59 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/06/07 17:29:59 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/06/07 17:29:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/06/07 17:29:58 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/06/07 17:29:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/06/07 17:29:57 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/06/07 17:29:57 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/06/07 17:29:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/06/07 16:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Desktop\Games
[2011/06/07 16:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\iWin
[2011/06/07 16:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin
[2011/06/06 16:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\FalloutNV
[2011/06/06 16:41:17 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/06/06 16:41:16 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/06/06 16:41:14 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/06/06 16:41:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/06/06 16:41:13 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/06/06 16:41:12 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/06/06 16:41:12 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/06/06 16:41:10 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/06/06 16:41:10 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/06/06 16:41:09 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/06/06 16:41:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/06/06 16:41:08 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/06/06 16:41:08 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/06/06 16:41:08 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/06/06 16:41:07 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/06/06 16:41:07 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/06/06 16:41:07 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/06/06 16:41:06 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/06/06 16:41:06 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/06/06 16:41:06 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/06/06 16:41:05 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/06/06 16:41:05 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/06/06 16:41:05 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/06/06 16:41:04 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/06/06 16:41:04 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/06/06 16:41:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/06/06 16:41:04 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/06/06 16:41:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/06/06 16:41:02 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/06/06 16:41:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/06/06 16:41:02 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/06/06 16:41:01 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/06/06 16:41:01 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/06/06 16:41:01 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/06/06 16:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Bethesda Softworks
[2011/06/06 16:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/06/06 16:26:26 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/06/06 16:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DAEMON Tools Lite
[2011/06/06 16:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/06/05 13:18:04 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2011/06/05 13:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/06/05 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\LogMeIn Hamachi
[2011/06/05 13:12:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wacom Tablet
[2011/05/29 00:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Terraria
[2011/05/29 00:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Terraria
[2011/05/29 00:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\My Documents\Terraria 1.0.2
[2011/05/28 18:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\LogMeIn Hamachi
[2011/05/28 18:14:48 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/05/28 18:14:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/05/28 18:14:48 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/05/28 18:14:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/05/28 18:14:47 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/05/28 18:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/05/28 17:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/28 12:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\go
[2011/05/28 12:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Easybits GO
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/27 11:04:54 | 000,030,016 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\Report rootkit UH
[2011/06/27 11:00:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Hanley\Desktop\OTL.exe
[2011/06/26 06:25:44 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 01:30:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/25 18:18:58 | 000,121,808 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/06/25 15:06:35 | 000,494,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/25 15:06:35 | 000,084,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/25 15:03:15 | 000,164,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/06/25 15:02:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 15:01:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 15:01:34 | 3488,665,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 16:21:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/21 11:37:37 | 000,078,093 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\PassportApplicationComplete.pdf
[2011/06/18 19:57:55 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\defogger_reenable
[2011/06/18 00:40:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/14 15:12:47 | 000,008,628 | -H-- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\pagedfrg.GID
[2011/06/13 19:45:47 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/06/13 16:53:31 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RegistryBooster.lnk
[2011/06/12 21:14:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/12 09:17:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 09:05:07 | 015,624,448 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\SAS_58702.COM
[2011/06/11 06:03:29 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Kings Bounty Armored Princess.lnk
[2011/06/10 14:07:36 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2011/06/08 11:18:12 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Application Data\JugglerWallpaper.bmp
[2011/06/07 17:13:21 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/06 16:29:49 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/06/06 16:26:17 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\DAEMON Tools Lite.lnk
[2011/05/30 15:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/27 11:04:54 | 000,030,016 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\Report rootkit UH
[2011/06/21 11:38:14 | 000,078,093 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\PassportApplicationComplete.pdf
[2011/06/18 20:27:56 | 3488,665,600 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/18 19:57:45 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\defogger_reenable
[2011/06/14 15:11:20 | 000,008,628 | -H-- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\pagedfrg.GID
[2011/06/13 19:45:47 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/06/13 16:53:31 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RegistryBooster.lnk
[2011/06/12 09:17:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 09:04:47 | 015,624,448 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\SAS_58702.COM
[2011/06/11 15:41:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/11 06:03:29 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Kings Bounty Armored Princess.lnk
[2011/06/10 14:07:36 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2011/06/07 17:13:21 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/06 16:26:17 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\DAEMON Tools Lite.lnk
[2011/06/04 20:58:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/22 20:14:46 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/04/30 21:52:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2011/04/30 21:37:33 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Application Data\JugglerWallpaper.bmp
[2011/04/30 21:05:28 | 000,129,095 | ---- | C] () -- C:\WINDOWS\logo.sys
[2011/04/30 01:34:53 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2011/04/30 01:34:48 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2011/04/30 00:18:36 | 000,164,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/04/29 23:48:01 | 000,000,008 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2011/04/02 00:18:59 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dll
[2011/04/02 00:18:59 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dat
[2010/08/24 17:36:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/22 13:56:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010/06/25 16:07:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 13:15:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2010/06/13 13:10:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2010/06/13 13:09:31 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010/06/13 13:09:00 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/05/25 19:16:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/15 17:19:51 | 000,001,738 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2010/03/18 17:25:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\prvlcl.dat
[2010/02/02 14:47:12 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2010/01/05 21:30:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2009/11/28 22:18:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/30 13:53:22 | 000,116,935 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2009/09/30 13:53:22 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2009/09/30 13:28:24 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/09/30 13:22:27 | 000,117,152 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/09/01 14:01:11 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/09/01 14:01:11 | 000,000,816 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/08/31 16:48:04 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/08/31 16:48:04 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/08/31 16:42:31 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/08/31 16:42:10 | 000,048,524 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/08/31 16:41:49 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/31 16:41:41 | 000,037,217 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/31 16:41:41 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/31 16:38:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/08/31 16:32:54 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/08/31 16:32:41 | 000,002,091 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009/08/31 16:13:32 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 16:09:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/31 16:06:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/31 08:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/31 08:55:15 | 000,328,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/03 20:13:20 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/03 20:13:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/10/29 14:13:32 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/21 09:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 09:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,494,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,084,918 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/05 16:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Startup\Video game music.m3u:SummaryInformation

< End of report >
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-OTHER SYMPTOMS I RECENTLY NOTICED
Not able to finish an antivirus scan of my computer using Microsoft essentials
And defragmenter takes 10 seconds to complete successfully moving 1 file or none at all.

################################################################################################################################################################

Thanks again for your assistance!!

You can call me Astro! (Like the Jetson's dog haha!)

=D

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 AM

Posted 27 June 2011 - 01:50 PM

Hi Astro!

No problem!

Looks like you maybe infected with a rootkit infection.

Do you recognize this file?

C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Startup\Video game music.m3u

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab (Reg Error: Key error.)
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Startup\Video game music.m3u:SummaryInformation
    
    :Reg
    
    :Files
    C:\Documents and Settings\All Users.WINDOWS\Application Data\mG28321AlJkJ28321
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Edited by SweetTech, 27 June 2011 - 01:50 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Asterothstrife

Asterothstrife
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 27 June 2011 - 02:26 PM

Wow Lightning fast reply ST!

Yes the file Video Game Music.m3u is my music radio station. I set it up so that it starts when my computer boots. It's perfectly harmless file that just links to an internet radio and plays~~ Video game music! =D

#######################################################################################################################################################################################################################

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0C8413C1-FAD1-446C-8584-BE50576F863E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1}
C:\WINDOWS\Downloaded Program Files\MILive.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1}\ not found.
Starting removal of ActiveX control {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Startup\Video game music.m3u:SummaryInformation deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users.WINDOWS\Application Data\mG28321AlJkJ28321 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matthew Hanley\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matthew Hanley\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 41044 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: Matthew Hanley
->Flash cache emptied: 42338 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Owner
->Flash cache emptied: 42062 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06272011_121350

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

2011/06/27 12:17:32.0169 3028 TDSS rootkit removing tool 2.5.6.0 Jun 27 2011 15:22:52
2011/06/27 12:17:32.0748 3028 ================================================================================
2011/06/27 12:17:32.0748 3028 SystemInfo:
2011/06/27 12:17:32.0748 3028
2011/06/27 12:17:32.0748 3028 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/27 12:17:32.0748 3028 Product type: Workstation
2011/06/27 12:17:32.0748 3028 ComputerName: GLITCH3
2011/06/27 12:17:32.0748 3028 UserName: Matthew Hanley
2011/06/27 12:17:32.0748 3028 Windows directory: C:\WINDOWS
2011/06/27 12:17:32.0748 3028 System windows directory: C:\WINDOWS
2011/06/27 12:17:32.0748 3028 Processor architecture: Intel x86
2011/06/27 12:17:32.0748 3028 Number of processors: 4
2011/06/27 12:17:32.0748 3028 Page size: 0x1000
2011/06/27 12:17:32.0748 3028 Boot type: Normal boot
2011/06/27 12:17:32.0748 3028 ================================================================================
2011/06/27 12:17:34.0404 3028 Initialize success
2011/06/27 12:17:38.0669 3096 ================================================================================
2011/06/27 12:17:38.0669 3096 Scan started
2011/06/27 12:17:38.0669 3096 Mode: Manual;
2011/06/27 12:17:38.0669 3096 ================================================================================
2011/06/27 12:17:39.0998 3096 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/27 12:17:40.0044 3096 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/27 12:17:40.0107 3096 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/27 12:17:40.0123 3096 AFD (aa2e09e8529dab013b3a00fe4864eb37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/27 12:17:40.0138 3096 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: aa2e09e8529dab013b3a00fe4864eb37, Fake md5: 7618d5218f2a614672ec61a80d854a37
2011/06/27 12:17:40.0138 3096 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/27 12:17:40.0263 3096 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/27 12:17:40.0326 3096 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2011/06/27 12:17:40.0357 3096 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/27 12:17:40.0388 3096 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/27 12:17:40.0498 3096 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/27 12:17:40.0591 3096 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/06/27 12:17:40.0623 3096 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/27 12:17:40.0638 3096 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/27 12:17:40.0669 3096 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/27 12:17:40.0779 3096 BootScreen (e1af56467502137ee099735591ed808e) C:\WINDOWS\System32\drivers\vidstub.sys
2011/06/27 12:17:40.0810 3096 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/27 12:17:40.0888 3096 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/27 12:17:40.0919 3096 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/27 12:17:40.0951 3096 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/27 12:17:41.0013 3096 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/27 12:17:41.0076 3096 cmdGuard (cc56fa45ba18904cb04382ae9f52b1a5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2011/06/27 12:17:41.0123 3096 cmdHlp (3a70948ab6e966bdaef2baec1f8ef9d1) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2011/06/27 12:17:41.0216 3096 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/27 12:17:41.0248 3096 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/27 12:17:41.0294 3096 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/27 12:17:41.0326 3096 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/27 12:17:41.0404 3096 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/27 12:17:41.0482 3096 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/27 12:17:41.0544 3096 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
2011/06/27 12:17:41.0591 3096 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/27 12:17:41.0623 3096 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/27 12:17:41.0623 3096 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/27 12:17:41.0638 3096 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/27 12:17:41.0685 3096 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/27 12:17:41.0748 3096 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/27 12:17:41.0763 3096 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/27 12:17:41.0779 3096 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/27 12:17:41.0841 3096 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/06/27 12:17:41.0873 3096 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/27 12:17:41.0951 3096 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/27 12:17:42.0029 3096 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/27 12:17:42.0091 3096 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/27 12:17:42.0138 3096 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/27 12:17:42.0185 3096 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/27 12:17:42.0263 3096 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/27 12:17:42.0294 3096 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/27 12:17:42.0373 3096 Inspect (28c95218d0c19db3a86bb4e53d6586e9) C:\WINDOWS\system32\DRIVERS\inspect.sys
2011/06/27 12:17:42.0419 3096 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/27 12:17:42.0451 3096 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/27 12:17:42.0482 3096 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/27 12:17:42.0513 3096 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/27 12:17:42.0544 3096 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/27 12:17:42.0560 3096 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/27 12:17:42.0591 3096 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/27 12:17:42.0638 3096 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/27 12:17:42.0669 3096 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/27 12:17:42.0732 3096 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/27 12:17:42.0763 3096 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/27 12:17:42.0794 3096 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/27 12:17:42.0826 3096 L1e (fb8efeef40e079b479d83d86f6a3b614) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2011/06/27 12:17:42.0904 3096 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/27 12:17:42.0919 3096 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/27 12:17:42.0998 3096 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2011/06/27 12:17:43.0076 3096 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/27 12:17:43.0138 3096 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/27 12:17:43.0169 3096 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/27 12:17:43.0185 3096 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/27 12:17:43.0482 3096 MpKsl69e9c8e0 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C4F1A5B-C0D6-486B-866F-BE55A9E0E698}\MpKsl69e9c8e0.sys
2011/06/27 12:17:43.0591 3096 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/27 12:17:43.0638 3096 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/27 12:17:43.0669 3096 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/27 12:17:43.0716 3096 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
2011/06/27 12:17:43.0779 3096 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/27 12:17:43.0826 3096 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/27 12:17:43.0873 3096 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/27 12:17:43.0904 3096 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/27 12:17:43.0951 3096 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/27 12:17:44.0013 3096 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/06/27 12:17:44.0060 3096 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/27 12:17:44.0107 3096 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/27 12:17:44.0154 3096 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/27 12:17:44.0185 3096 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/27 12:17:44.0201 3096 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/27 12:17:44.0216 3096 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/27 12:17:44.0248 3096 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/27 12:17:44.0310 3096 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/27 12:17:44.0341 3096 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/27 12:17:44.0388 3096 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/27 12:17:44.0435 3096 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/27 12:17:44.0451 3096 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/27 12:17:44.0482 3096 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/27 12:17:44.0544 3096 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/27 12:17:44.0576 3096 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/27 12:17:44.0591 3096 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/27 12:17:44.0607 3096 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/27 12:17:44.0638 3096 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/27 12:17:44.0638 3096 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/27 12:17:44.0669 3096 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/27 12:17:44.0701 3096 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/27 12:17:44.0732 3096 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/27 12:17:44.0779 3096 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/27 12:17:44.0873 3096 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/06/27 12:17:44.0951 3096 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/27 12:17:44.0982 3096 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/27 12:17:44.0998 3096 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/27 12:17:45.0044 3096 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/27 12:17:45.0138 3096 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/27 12:17:45.0154 3096 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/27 12:17:45.0169 3096 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/27 12:17:45.0201 3096 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/27 12:17:45.0232 3096 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/27 12:17:45.0263 3096 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/27 12:17:45.0310 3096 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/27 12:17:45.0341 3096 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/27 12:17:45.0529 3096 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2011/06/27 12:17:45.0544 3096 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2011/06/27 12:17:45.0591 3096 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/27 12:17:45.0623 3096 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/27 12:17:45.0638 3096 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/27 12:17:45.0685 3096 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/27 12:17:45.0763 3096 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/27 12:17:45.0826 3096 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/27 12:17:45.0888 3096 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
2011/06/27 12:17:45.0951 3096 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/27 12:17:46.0029 3096 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/27 12:17:46.0060 3096 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/27 12:17:46.0091 3096 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/27 12:17:46.0154 3096 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/27 12:17:46.0263 3096 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/27 12:17:46.0326 3096 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/27 12:17:46.0357 3096 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/27 12:17:46.0373 3096 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/27 12:17:46.0388 3096 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/27 12:17:46.0451 3096 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/27 12:17:46.0482 3096 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/27 12:17:46.0544 3096 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/27 12:17:46.0576 3096 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/27 12:17:46.0638 3096 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/27 12:17:46.0669 3096 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/27 12:17:46.0716 3096 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/27 12:17:46.0732 3096 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/27 12:17:46.0794 3096 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/27 12:17:46.0794 3096 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/27 12:17:46.0873 3096 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/27 12:17:46.0904 3096 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/27 12:17:46.0982 3096 VIAHdAudAddService (1422f65bcec926077f541025c40cf93a) C:\WINDOWS\system32\drivers\viahduaa.sys
2011/06/27 12:17:47.0044 3096 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/27 12:17:47.0138 3096 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/06/27 12:17:47.0216 3096 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/06/27 12:17:47.0263 3096 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/06/27 12:17:47.0326 3096 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/27 12:17:47.0388 3096 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/27 12:17:47.0498 3096 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/27 12:17:47.0560 3096 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/27 12:17:47.0576 3096 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/27 12:17:47.0638 3096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/27 12:17:47.0654 3096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/27 12:17:47.0669 3096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/06/27 12:17:47.0794 3096 Boot (0x1200) (f65e22d0b45c60362ef35b57902351e6) \Device\Harddisk0\DR0\Partition0
2011/06/27 12:17:47.0810 3096 Boot (0x1200) (f0e498af52fe31d69590887a192a50bf) \Device\Harddisk1\DR1\Partition0
2011/06/27 12:17:47.0826 3096 Boot (0x1200) (1a76c2557e53f9e9fad926adb5c57dc7) \Device\Harddisk2\DR2\Partition0
2011/06/27 12:17:47.0826 3096 ================================================================================
2011/06/27 12:17:47.0826 3096 Scan finished
2011/06/27 12:17:47.0826 3096 ================================================================================
2011/06/27 12:17:47.0841 0184 Detected object count: 1
2011/06/27 12:17:47.0841 0184 Actual detected object count: 1
2011/06/27 12:18:11.0888 0184 AFD (aa2e09e8529dab013b3a00fe4864eb37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/27 12:18:11.0888 0184 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: aa2e09e8529dab013b3a00fe4864eb37, Fake md5: 7618d5218f2a614672ec61a80d854a37
2011/06/27 12:18:12.0107 0184 Backup copy found, using it..
2011/06/27 12:18:12.0216 0184 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot
2011/06/27 12:18:12.0216 0184 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
2011/06/27 12:18:27.0841 2032 Deinitialize success

###################################################################################################################################################################################################

Thanks! Wow Google doesn't redirect when I click on the searches anymore!!
By the way I LOVE your cute Smiley Icon it's HILARIOUS!! haha

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 AM

Posted 27 June 2011 - 05:00 PM

Hi!

Yes the file Video Game Music.m3u is my music radio station. I set it up so that it starts when my computer boots. It's perfectly harmless file that just links to an internet radio and plays~~ Video game music! =D

Okay. Thanks for the confirmation on that.


By the way I LOVE your cute Smiley Icon it's HILARIOUS!! haha

Thanks. :)

Glad to hear that things seem to be working better.

Please yield this warning:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



The main infection that you were infected with is called TDL3.

See the snippet of text below:

2011/06/27 12:17:47.0841 0184 Detected object count: 1
2011/06/27 12:17:47.0841 0184 Actual detected object count: 1
2011/06/27 12:18:11.0888 0184 AFD (aa2e09e8529dab013b3a00fe4864eb37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/27 12:18:11.0888 0184 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: aa2e09e8529dab013b3a00fe4864eb37, Fake md5: 7618d5218f2a614672ec61a80d854a37
2011/06/27 12:18:12.0107 0184 Backup copy found, using it..
2011/06/27 12:18:12.0216 0184 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot
2011/06/27 12:18:12.0216 0184 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
2011/06/27 12:18:27.0841 2032 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Asterothstrife

Asterothstrife
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 27 June 2011 - 07:56 PM

I'm sorry it's taking me so long to reply. I've read all the materials you suggested to me and the ESET scan has taken over 2 hours and is still ongoing.

I plan do go with just a cleanup as this is just my recreation computer and in the future whenever I get a business computer I will NEVER connect the two of them or in anyway transfer any data between them. And I feel that I'm not at high risk for theft considering I have no valuable assets to steal and 0 credit to begin with haha. Actually my computer is probably my most valuable thing! (Sad I know but I'm working on that ;) haha)

I'll get back to you as soon as I've finished the ESET scan and the Security check. ESET has detected 1 item so far, MBAM didn't find anything.

Get back to you soon!

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 AM

Posted 28 June 2011 - 08:00 AM

Okay. Thanks for the update.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Asterothstrife

Asterothstrife
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 28 June 2011 - 11:43 AM

Okay! Finally finished the Online scanner which took 8 HOURS!

Here is MBAM

Then ESET Online scanner

Then Security check

##########################################################################################################################################################

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6963

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/27/2011 3:49:36 PM
mbam-log-2011-06-27 (15-49-36).txt

Scan type: Quick scan
Objects scanned: 245350
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

############################################################################################################################################################

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\XXO892TL\f[1].pdf PDF/Exploit.Gen trojan
D:\New Downloads\Two.Worlds.II-RELOADED\rld-tww2.iso probably a variant of Win32/Obfuscated.CNYLSSL trojan

############################################################################################################################################################

Results of screen317's Security Check version 0.99.16
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
Kings Bounty Armored Princess
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Adobe Flash Player 10.3.181.26
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

###################################################################################################################################################

I know that my firewall is turned off but that's because I have comodo the free firewall which Rox!
I have Automatic updates turned off because there is a security update that just continually tries to install and makes my computer restart over and over.

The file "D:\New Downloads\Two.Worlds.II-RELOADED\rld-tww2.iso" Is an image of a CD for the video Game "Two worlds II" I don't think it's harmful. It's just an image of a CD. But I could be wrong. I have other Images of CD's and they didn't come up on the search. Do you think I should delete this file? I think I can still play the game without the image now because it's already installed.

Sorry for the long awaited reply! That ESET was a dusy! =D

#10 Asterothstrife

Asterothstrife
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 28 June 2011 - 11:46 AM

P.S. I don't know how "King's Bounty Armored Princess" Came up under the firewall check. It's a video game!! To which I haven't even installed or played yet!

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 AM

Posted 28 June 2011 - 05:20 PM

Hi!

P.S. I don't know how "King's Bounty Armored Princess" Came up under the firewall check. It's a video game!! To which I haven't even installed or played yet!

That is a little weird.

I am not going to touch this file:

D:\New Downloads\Two.Worlds.II-RELOADED\rld-tww2.iso probably a variant of Win32/Obfuscated.CNYLSSL trojan

If you know what it is, and can trust the source it came from, then okay.

These threat(s) below will be removed very shortly:

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\XXO892TL\f[1].pdf PDF/Exploit.Gen trojan


____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\XXO892TL\f[1].pdf
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Edited by SweetTech, 28 June 2011 - 05:21 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Asterothstrife

Asterothstrife
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 28 June 2011 - 06:10 PM

Hey Again!

Here is the custom fix log:

Followed by the custom scan log:


##############################################################################################################################################################
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\XXO892TL\f[1].pdf not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matthew Hanley\Desktop\Analysis Programs\cmd.bat deleted successfully.
C:\Documents and Settings\Matthew Hanley\Desktop\Analysis Programs\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 486262 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: Matthew Hanley
->Temp folder emptied: 173376847 bytes
->Temporary Internet Files folder emptied: 3264687 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43670596 bytes
->Flash cache emptied: 689 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 258342 bytes
->Temporary Internet Files folder emptied: 1409786 bytes

User: Owner
->Temp folder emptied: 1157523 bytes
->Temporary Internet Files folder emptied: 590875439 bytes
->Java cache emptied: 7630335 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 213274 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 24984168 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 90530972 bytes
RecycleBin emptied: 21938858 bytes

Total Files Cleaned = 921.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: Matthew Hanley
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06282011_154827

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#############################################################################################################################################################

OTL logfile created on: 6/28/2011 3:58:18 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Matthew Hanley\Desktop\Analysis Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 81.10% Memory free
9.09 Gb Paging File | 8.60 Gb Available in Paging File | 94.63% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 8.35 Gb Free Space | 5.60% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 5.23 Gb Free Space | 2.24% Space Free | Partition Type: NTFS
Drive F: | 37.27 Gb Total Space | 37.20 Gb Free Space | 99.83% Space Free | Partition Type: NTFS

Computer Name: GLITCH3 | User Name: Matthew Hanley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/27 11:00:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Hanley\Desktop\Analysis Programs\OTL.exe
PRC - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/08/15 01:23:20 | 000,086,016 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/06/27 11:00:31 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Hanley\Desktop\Analysis Programs\OTL.exe
MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/11/18 12:12:06 | 000,070,960 | ---- | M] (Stardock.net, Inc) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/14 10:40:40 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/25 20:43:20 | 000,154,424 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/11/15 11:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) [On_Demand | Stopped] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/08/15 01:23:20 | 000,086,016 | R--- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 15:57:06 | 000,164,096 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2011/06/28 15:43:05 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06A0D5EC-7903-441B-9F13-998E2F16A4C3}\MpKsl00531d33.sys -- (MpKsl00531d33)
DRV - [2011/06/06 16:29:49 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/11/02 16:07:54 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/02/13 17:06:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/21 16:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/03 23:27:20 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/18 20:39:30 | 000,993,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/10/31 10:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/02/13 23:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/02/13 21:27:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/12/17 02:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/04/09 14:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 16:16:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/05 13:02:18 | 000,000,000 | ---D | M]

[2010/05/25 19:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Hanley\Application Data\Mozilla\Extensions
[2011/06/13 13:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew Hanley\Application Data\Mozilla\Firefox\Profiles\zdj1m5ux.default\extensions
[2010/09/15 22:46:19 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Mozilla\Firefox\Profiles\zdj1m5ux.default\searchplugins\bing-zugo.xml
[2011/06/14 10:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/09 04:57:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/24 16:16:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/28 15:48:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Startup\Video game music.m3u ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew Hanley\Application Data\JugglerWallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/15 14:27:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 15:37:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/28 14:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\Auslogics
[2011/06/28 14:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\SKIDROW
[2011/06/28 14:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Auslogics
[2011/06/28 14:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/06/28 09:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2011/06/28 09:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/27 16:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/25 14:47:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew Hanley\Recent
[2011/06/18 19:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Desktop\Analysis Programs
[2011/06/18 08:39:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/06/15 11:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\My Documents\Wizards of the Coast
[2011/06/14 15:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\Help
[2011/06/14 15:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\Help
[2011/06/14 13:25:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Administrative Tools
[2011/06/14 12:37:17 | 000,215,928 | ---- | C] (Sysinternals) -- C:\Documents and Settings\Matthew Hanley\Desktop\pagedfrg.exe
[2011/06/14 12:16:26 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/06/14 11:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Desktop\Registry backups
[2011/06/14 10:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/06/14 10:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Steam
[2011/06/13 19:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\COMODO
[2011/06/13 19:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
[2011/06/13 19:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/06/13 16:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Uniblue
[2011/06/13 16:52:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2011/06/13 16:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/06/13 16:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\Uniblue
[2011/06/13 16:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/06/13 01:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\COMODO
[2011/06/12 09:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\Malwarebytes
[2011/06/12 09:17:32 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/12 09:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 09:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/06/12 09:17:28 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/12 09:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/12 09:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\SUPERAntiSpyware.com
[2011/06/12 09:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/06/11 12:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\My Documents\Two Worlds II
[2011/06/11 12:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\Two Worlds II
[2011/06/11 08:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Reality Pump
[2011/06/11 07:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/06/11 07:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\My Documents\Drakensang_TRoT
[2011/06/11 06:34:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\SecuROM
[2011/06/11 06:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\1C Company
[2011/06/11 05:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\1C Company
[2011/06/10 14:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Drakensang - The River of Time
[2011/06/10 14:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\Drakensang - The River of Time
[2011/06/10 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/06/10 12:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Paradox Interactive
[2011/06/09 11:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\FFSJ
[2011/06/08 03:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Start Menu\Programs\Doom 3
[2011/06/08 02:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Doom 3
[2011/06/07 22:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dungeon Siege 2
[2011/06/07 22:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/06/07 17:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\Kalypso Media
[2011/06/07 17:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Kalypso Media
[2011/06/07 17:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso Media
[2011/06/07 16:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Desktop\Games
[2011/06/07 16:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Application Data\iWin
[2011/06/07 16:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin
[2011/06/06 16:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\FalloutNV
[2011/06/06 16:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Bethesda Softworks
[2011/06/06 16:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/06/06 16:26:26 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/06/06 16:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DAEMON Tools Lite
[2011/06/06 16:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/06/05 13:18:04 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2011/06/05 13:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/06/05 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\LogMeIn Hamachi
[2011/06/05 13:12:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Wacom Tablet

========== Files - Modified Within 30 Days ==========

[2011/06/28 16:01:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/28 16:00:46 | 000,494,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/28 16:00:46 | 000,084,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/28 15:57:06 | 000,164,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/06/28 15:56:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 15:55:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 15:55:40 | 000,121,808 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/06/28 15:55:35 | 3488,665,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/28 15:48:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/28 14:16:52 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\Auslogics Disk Defrag.lnk
[2011/06/28 09:51:26 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/28 09:49:01 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/27 11:04:54 | 000,030,016 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\Report rootkit UH
[2011/06/26 06:25:44 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 11:37:37 | 000,078,093 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\PassportApplicationComplete.pdf
[2011/06/18 19:57:55 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\defogger_reenable
[2011/06/14 15:12:47 | 000,008,628 | -H-- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\pagedfrg.GID
[2011/06/13 19:45:47 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/06/13 16:53:31 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RegistryBooster.lnk
[2011/06/12 21:14:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/12 09:17:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 09:05:07 | 015,624,448 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\SAS_58702.COM
[2011/06/11 06:03:29 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Kings Bounty Armored Princess.lnk
[2011/06/10 14:07:36 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2011/06/08 11:18:12 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Application Data\JugglerWallpaper.bmp
[2011/06/07 17:13:21 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/06 16:29:49 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011/06/06 16:26:17 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\Matthew Hanley\Desktop\DAEMON Tools Lite.lnk

========== Files Created - No Company Name ==========

[2011/06/28 14:16:51 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\Auslogics Disk Defrag.lnk
[2011/06/28 09:49:01 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/27 11:04:54 | 000,030,016 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\Report rootkit UH
[2011/06/21 11:38:14 | 000,078,093 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\PassportApplicationComplete.pdf
[2011/06/18 20:27:56 | 3488,665,600 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/18 19:57:45 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\defogger_reenable
[2011/06/14 15:11:20 | 000,008,628 | -H-- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\pagedfrg.GID
[2011/06/13 19:45:47 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/06/13 16:53:31 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RegistryBooster.lnk
[2011/06/12 09:17:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 09:04:47 | 015,624,448 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\SAS_58702.COM
[2011/06/11 15:41:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/11 06:03:29 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Kings Bounty Armored Princess.lnk
[2011/06/10 14:07:36 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2011/06/07 17:13:21 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/06 16:26:17 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Desktop\DAEMON Tools Lite.lnk
[2011/06/04 20:58:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/22 20:14:46 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/04/30 21:52:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2011/04/30 21:37:33 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Application Data\JugglerWallpaper.bmp
[2011/04/30 21:05:28 | 000,129,095 | ---- | C] () -- C:\WINDOWS\logo.sys
[2011/04/30 01:34:53 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2011/04/30 01:34:48 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2011/04/30 00:18:36 | 000,164,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/04/29 23:48:01 | 000,000,008 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2011/04/02 00:18:59 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dll
[2011/04/02 00:18:59 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dat
[2010/08/24 17:36:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/22 13:56:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010/06/25 16:07:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 13:15:41 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2010/06/13 13:10:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2010/06/13 13:09:31 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010/06/13 13:09:00 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/05/25 19:16:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/15 17:19:51 | 000,001,738 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2010/03/18 17:25:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\prvlcl.dat
[2010/02/02 14:47:12 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2010/01/05 21:30:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2009/11/28 22:18:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/30 13:53:22 | 000,116,935 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2009/09/30 13:53:22 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2009/09/30 13:28:24 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/09/30 13:22:27 | 000,117,152 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/09/01 14:01:11 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/09/01 14:01:11 | 000,000,816 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/08/31 16:48:04 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/08/31 16:48:04 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/08/31 16:42:31 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/08/31 16:42:10 | 000,048,524 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/08/31 16:41:49 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/31 16:41:41 | 000,037,217 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/31 16:41:41 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/31 16:38:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/08/31 16:32:54 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/08/31 16:32:41 | 000,002,091 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009/08/31 16:13:32 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 16:09:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/31 16:06:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/31 08:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/31 08:55:15 | 000,328,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/03 20:13:20 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/03 20:13:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/10/29 14:13:32 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/21 09:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 09:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,494,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,084,918 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/05 16:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/10/07 16:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2009/08/31 16:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ASUS OC Profiles
[2011/05/22 21:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2011/04/24 00:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/05/25 16:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BioWare
[2011/03/14 13:48:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2010/02/13 17:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2011/06/28 15:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Easybits GO
[2010/03/07 09:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts Inc
[2011/06/07 16:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin
[2010/06/13 13:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MAGIX
[2011/05/22 21:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2010/07/08 15:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS
[2009/10/11 15:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tencent
[2010/09/15 22:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Toolbar4
[2011/05/23 11:00:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
[2011/06/13 16:53:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2011/06/13 16:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2009/10/07 16:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\acccore
[2010/08/08 17:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\Audacity
[2011/06/28 14:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\Auslogics
[2011/04/24 08:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\AVG10
[2009/10/25 18:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\BitZipper
[2010/03/07 09:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\Command and Conquer 4 Beta
[2010/02/15 12:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\DAEMON Tools Lite
[2011/06/09 11:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\FFSJ
[2010/05/19 12:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\fltk.org
[2011/06/28 11:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\go
[2011/06/07 16:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\iWin
[2011/06/07 17:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\Kalypso Media
[2009/09/02 17:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\Lost Marble
[2010/06/13 13:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\MAGIX
[2009/09/06 07:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\OpenOffice.org
[2009/10/23 16:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\Tencent
[2011/06/13 16:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\Uniblue
[2011/06/28 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Hanley\Application Data\uTorrent
[2011/06/28 16:01:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/24 16:16:28 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/24 16:16:28 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/24 16:16:28 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/24 16:16:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/24 16:16:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/24 16:16:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-17 17:33:14

< End of report >
#################################################################################################################################################################

Thank you so much for this much help!

I have only 2 minor things that you might be able to help me with.

#1)
That Windows update that keeps trying to install but doesn't seem to be doing it. and so I either disable automatic updates or my computer continues to restart and try to install it.

#2)
Also, from about 3 months ago until now. Somehow my computer has slowed down it's startup from the welcome screen by about 30+seconds. I liked it when it just clicked on very fast. But now It holds for a long time on the welcome screen and slowly begins to show everything turn on. It could be Comodo firewall, skype, and that video game music.m3u file. All of which I recently installed and setup to start on boot. But I just have the feeling that's not it. Because all through the welcome screen I know none of those programs are starting, they start later only after explorer loads.

Any ideas?

If not I'm still positively elated! You've helped me so much!

You've got mad skills!

Thanks ST !!!

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 AM

Posted 28 June 2011 - 06:42 PM

Hi!

That Windows update that keeps trying to install but doesn't seem to be doing it. and so I either disable automatic updates or my computer continues to restart and try to install it.

What's the Window Update that keeps on trying to install?

Also, from about 3 months ago until now. Somehow my computer has slowed down it's startup from the welcome screen by about 30+seconds. I liked it when it just clicked on very fast. But now It holds for a long time on the welcome screen and slowly begins to show everything turn on. It could be Comodo firewall, skype, and that video game music.m3u file. All of which I recently installed and setup to start on boot. But I just have the feeling that's not it. Because all through the welcome screen I know none of those programs are starting, they start later only after explorer loads.

This is probably going to be something that you want to post about in the Windows forum.

You may also find this thread useful: http://www.bleepingcomputer.com/forums/topic87058.html

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2010/03/18 17:25:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\prvlcl.dat
    [2011/05/22 21:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
    [2011/04/24 00:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Asterothstrife

Asterothstrife
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 28 June 2011 - 08:47 PM

Yeah I thought the slow startup might need to go in another section. No problem! It's minor. I might not even post it! (but I will haha)

Regarding the update, well I couldn't remember so I turned on the updates and downloaded any (There were 3) and rebooted.
Upon startup it showed 1 update and I thought for certain that would be it! But when I clicked "Install" It minimized itself and then...
Disappeared? So I suppose there's no more problem with the automatic updates, I don't have that annoying exclamation mark in the bottom right
corner so I'm happy.

Here is what OTL said:

##############################################################################################################################################################
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
C:\Documents and Settings\Matthew Hanley\Local Settings\Application Data\prvlcl.dat moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9 folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matthew Hanley\Desktop\Analysis Programs\cmd.bat deleted successfully.
C:\Documents and Settings\Matthew Hanley\Desktop\Analysis Programs\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthew Hanley
->Temp folder emptied: 1275076 bytes
->Temporary Internet Files folder emptied: 1291699 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37955694 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 3534 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1610 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1757214 bytes

Total Files Cleaned = 40.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: Matthew Hanley
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06282011_181914

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
#######################################################################################################################################################

Am I cured Doctor ST???

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:26 AM

Posted 29 June 2011 - 09:21 AM

Hi!

Regarding the update, well I couldn't remember so I turned on the updates and downloaded any (There were 3) and rebooted.
Upon startup it showed 1 update and I thought for certain that would be it! But when I clicked "Install" It minimized itself and then...
Disappeared? So I suppose there's no more problem with the automatic updates, I don't have that annoying exclamation mark in the bottom right
corner so I'm happy.

Great!

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.




NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users