Thinkpoint - Snuck past MalwareBytes and several other attempts.

View previous topic View next topic Go down

Thinkpoint - Snuck past MalwareBytes and several other attempts.

Post by Nancelot on Mon 18 Oct 2010, 9:20 am

So I was running my desktop just fine last night when suddenly I get an assault of viral spam warnings and all that fun stuff. Then I notice a bogus virus scanning service pop up so I immediately tried to stop the processes but failed. Now whenever I turn my computer on I get a nice text box from Thinkpoint saying it stopped certain processes, and then a black screen. I have logged into safe mode with command prompt and run MalwareBytes and removed several infections, but the problem persists. I have been scouring the net these past 24 hours trying to find a single solution, but it seems everyone just feels that MalwareBytes is going to fix the problem instantaneously. I'm desperate here folks, I've tried MalwareBytes, Spybot Search and Destroy, and Spyware Doctor, but this program keeps going. I suppose I should also point out I'm a college student so I don't have a lot of resources at hand to fix my computer easily, and our IT department is notorious for just reformatting and ignoring our requests for a real fix.

To those of you that respond: thank you very much, even if your answer doesn't help, at least you gave the effort.

To those of you with this virus: let's hope there's a solution here soon.

Nancelot

Unborn
Unborn

Posts : 3
Joined : 2010-10-18
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint - Snuck past MalwareBytes and several other attempts.

Post by Belahzur on Mon 18 Oct 2010, 10:02 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Thinkpoint - Snuck past MalwareBytes and several other attempts.

Post by Nancelot on Mon 18 Oct 2010, 10:29 am

Alright here's the OTL log, Extras Log will be next

OTL logfile created on: 10/17/2010 6:23:01 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = F:\
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 128.74 Gb Free Space | 27.64% Space Free | Partition Type: NTFS
Drive D: | 111.78 Gb Total Space | 15.08 Gb Free Space | 13.49% Space Free | Partition Type: NTFS
Drive E: | 268.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 249.72 Mb Total Space | 213.10 Mb Free Space | 85.33% Space Free | Partition Type: FAT
Drive G: | 3.77 Gb Total Space | 3.34 Gb Free Space | 88.62% Space Free | Partition Type: FAT32

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 17:14:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\OTL.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 17:14:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010/10/14 08:53:35 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/15 09:05:17 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/22 10:24:44 | 000,715,400 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/05 23:31:38 | 000,110,692 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/06/05 23:31:36 | 000,262,246 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/06/05 23:31:12 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Stopped] -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2007/10/29 23:34:58 | 000,352,338 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Belkin\F5D7000v8\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/15 09:05:21 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/15 09:04:45 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/02 09:25:53 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/24 18:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/24 18:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/11/13 19:20:13 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/08/31 17:34:10 | 000,581,120 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2007/08/31 14:13:48 | 000,054,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 30 72 7C 6D E3 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..network.proxy.http: "128.208.004.199"
FF - prefs.js..network.proxy.http_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/23 12:46:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/22 13:53:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/12 19:57:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/12 19:57:58 | 000,000,000 | ---D | M]

[2009/08/25 18:45:24 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2010/01/22 01:44:55 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2mvdqpti.default\extensions
[2010/01/22 01:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2mvdqpti.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}
[2010/01/14 17:41:10 | 000,001,849 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2mvdqpti.default\searchplugins\wowarmorysk.xml
[2010/01/14 17:41:15 | 000,001,561 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\2mvdqpti.default\searchplugins\wowhead.xml
[2010/06/03 11:59:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/03 11:59:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CMCService] C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] G:\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe ()
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} [You must be registered and logged in to see this link.] (Cisco NAC Web Agent Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.174.140.3 209.174.140.2
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Nick\AppData\Roaming\hotfix.exe) - C:\Users\Nick\AppData\Roaming\hotfix.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 10:42:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/08 09:42:55 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/01/09 19:00:02 | 000,000,961 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\ar32e301\command - "" = E:\GOODIES\AR32E301.EXE -- [1998/07/30 13:29:20 | 004,018,104 | R--- | M] ()
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AOESETUP.EXE -- [1999/01/09 19:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\directx\command - "" = E:\DIRECTX\DXSETUP.EXE -- [1998/07/29 20:00:06 | 000,086,528 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\dplay\command - "" = E:\DIRECTX\DPLAY60A.EXE -- [1998/09/01 14:37:02 | 000,255,744 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\dxdiag\command - "" = E:\DIRECTX\DXDIAG.EXE -- [1998/07/29 20:00:06 | 000,286,480 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\dxinfo\command - "" = E:\DIRECTX\DXINFO.EXE -- [1998/07/29 20:00:06 | 000,309,760 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\dxtest\command - "" = E:\GOODIES\DIRECTX\DX5TEST.EXE -- [1998/09/03 15:00:02 | 000,106,496 | R--- | M] ()
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\dxtool\command - "" = E:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997/07/14 12:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\msinfo\command - "" = E:\GOODIES\MSINFO\MSINFO32.EXE -- [1996/08/08 13:40:06 | 000,452,096 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\sampler\command - "" = E:\SAMPLER\SAMPLER.EXE -- [1997/06/30 16:11:52 | 000,014,403 | R--- | M] ()
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\setup\command - "" = E:\AOESETUP.EXE -- [1999/01/09 19:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{53d4b221-91df-11de-bfea-806e6f6e6963}\Shell\zone\command - "" = E:\SAMPLER\DEMOS\ZONE\ZONEA501.EXE -- [1998/08/28 15:55:26 | 009,795,972 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/16 19:36:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Tuwap
[2010/10/16 19:36:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Poos
[2010/10/16 19:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/10/13 16:59:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Anamanaguchi - Scott Pilgrim vs The World The Game OST [2010]
[2010/10/13 04:56:54 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 04:56:52 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 04:56:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 04:56:51 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/13 04:56:49 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 04:56:47 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/13 04:56:47 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 04:56:45 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 04:56:45 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 04:56:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/13 04:56:41 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 04:56:39 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 04:56:38 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 04:56:37 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 04:56:29 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 04:56:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 04:56:28 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 04:56:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 04:56:27 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 04:56:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 04:56:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 04:56:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 04:56:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 04:56:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 04:56:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 04:56:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 04:56:25 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 04:56:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/12 19:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/12 19:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/12 19:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/10/12 19:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/12 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/12 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/12 19:56:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/09 16:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2010/10/09 16:19:04 | 000,143,872 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iacenc.dll
[2010/10/09 16:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/01/20 02:37:01 | 1155,007,768 | ---- | C] (Nexon) -- C:\Program Files (x86)\DFOSetup13S.exe

========== Files - Modified Within 30 Days ==========

[2010/10/17 16:11:10 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/17 16:11:10 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/17 16:11:10 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/17 04:51:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 04:51:13 | 3220,774,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/16 19:41:06 | 000,000,010 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\install
[2010/10/16 19:36:42 | 000,594,432 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\hotfix.exe
[2010/10/16 19:36:42 | 000,000,178 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7648.bat
[2010/10/16 19:36:42 | 000,000,178 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4710.bat
[2010/10/16 19:14:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-731254435-2999667593-2136031052-1000UA.job
[2010/10/16 17:24:38 | 066,482,599 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/16 01:14:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-731254435-2999667593-2136031052-1000Core.job
[2010/10/14 08:53:35 | 000,000,004 | ---- | M] () -- C:\Users\Nick\tray.pid
[2010/10/14 03:30:01 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/14 03:30:01 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/14 03:24:22 | 000,422,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 01:50:50 | 000,017,188 | ---- | M] () -- C:\Users\Nick\Documents\roommates rough draft.docx
[2010/10/13 13:37:38 | 000,016,642 | ---- | M] () -- C:\Users\Nick\Documents\John Wilmot.docx
[2010/10/13 00:26:22 | 000,012,373 | ---- | M] () -- C:\Users\Nick\Documents\Nick Nance - Nonfiction Recommendations 1.docx
[2010/10/11 14:32:00 | 000,002,006 | -H-- | M] () -- C:\Windows\tasks\y'all niggas don't know me.job
[2010/10/09 16:20:39 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/06 04:25:55 | 000,025,201 | ---- | M] () -- C:\Users\Nick\Documents\Nick Nance - Narrative.docx
[2010/10/06 04:25:43 | 000,025,210 | ---- | M] () -- C:\Users\Nick\Documents\Springheel.docx
[2010/09/29 11:34:11 | 000,012,131 | ---- | M] () -- C:\Users\Nick\Documents\10 facts - Nick Nance.docx
[2010/09/28 17:04:19 | 000,021,189 | ---- | M] () -- C:\Users\Nick\Documents\Germany and Japan.docx
[2010/09/28 16:57:04 | 000,025,592 | ---- | M] () -- C:\Users\Nick\Documents\IN 197 Nance - Nicholas.docx
[2010/09/28 14:38:52 | 000,016,444 | ---- | M] () -- C:\Users\Nick\Documents\D&D scheduling.docx
[2010/09/25 21:52:18 | 396,878,327 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/24 13:57:19 | 000,013,693 | ---- | M] () -- C:\Users\Nick\Documents\10 facts.docx
[2010/09/22 22:47:50 | 000,023,414 | ---- | M] () -- C:\Users\Nick\Documents\Magua.docx
[2010/09/22 11:37:18 | 000,013,609 | ---- | M] () -- C:\Users\Nick\Documents\1945 comparisoons.docx
[2010/09/21 10:02:26 | 000,012,284 | ---- | M] () -- C:\Users\Nick\Documents\interview questions.docx
[2010/09/19 19:12:53 | 000,015,133 | ---- | M] () -- C:\Users\Nick\Documents\Clement Grashall.docx

========== Files Created - No Company Name ==========

[2010/10/16 19:41:06 | 000,000,010 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\install
[2010/10/16 19:36:42 | 000,594,432 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\hotfix.exe
[2010/10/16 19:36:42 | 000,000,178 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7648.bat
[2010/10/16 19:36:42 | 000,000,178 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4710.bat
[2010/10/13 18:04:52 | 000,017,188 | ---- | C] () -- C:\Users\Nick\Documents\roommates rough draft.docx
[2010/10/13 00:26:22 | 000,012,373 | ---- | C] () -- C:\Users\Nick\Documents\Nick Nance - Nonfiction Recommendations 1.docx
[2010/10/11 21:03:37 | 000,016,642 | ---- | C] () -- C:\Users\Nick\Documents\John Wilmot.docx
[2010/10/09 16:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/09 16:19:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2010/09/30 14:53:03 | 000,025,201 | ---- | C] () -- C:\Users\Nick\Documents\Nick Nance - Narrative.docx
[2010/09/29 18:48:39 | 000,025,210 | ---- | C] () -- C:\Users\Nick\Documents\Springheel.docx
[2010/09/29 11:34:10 | 000,012,131 | ---- | C] () -- C:\Users\Nick\Documents\10 facts - Nick Nance.docx
[2010/09/28 16:57:03 | 000,025,592 | ---- | C] () -- C:\Users\Nick\Documents\IN 197 Nance - Nicholas.docx
[2010/09/28 14:38:52 | 000,016,444 | ---- | C] () -- C:\Users\Nick\Documents\D&D scheduling.docx
[2010/09/25 17:39:43 | 000,021,189 | ---- | C] () -- C:\Users\Nick\Documents\Germany and Japan.docx
[2010/09/24 13:56:36 | 000,013,693 | ---- | C] () -- C:\Users\Nick\Documents\10 facts.docx
[2010/09/21 16:08:55 | 000,013,609 | ---- | C] () -- C:\Users\Nick\Documents\1945 comparisoons.docx
[2010/09/21 00:55:27 | 000,012,284 | ---- | C] () -- C:\Users\Nick\Documents\interview questions.docx
[2010/08/27 23:29:03 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010/08/27 23:29:02 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2010/07/03 07:54:21 | 000,000,000 | ---- | C] () -- C:\Users\Nick\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock
[2010/06/03 12:01:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/27 19:49:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/24 22:24:25 | 000,009,728 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/20 21:22:31 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/08/25 21:18:16 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

< End of report >

Nancelot

Unborn
Unborn

Posts : 3
Joined : 2010-10-18
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint - Snuck past MalwareBytes and several other attempts.

Post by Nancelot on Mon 18 Oct 2010, 10:31 am

... And here's that Extras Log, I honestly can't thank you enough for taking some time to look this over. Thank you so much for this.


OTL Extras logfile created on: 10/17/2010 6:23:01 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = F:\
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 128.74 Gb Free Space | 27.64% Space Free | Partition Type: NTFS
Drive D: | 111.78 Gb Total Space | 15.08 Gb Free Space | 13.49% Space Free | Partition Type: NTFS
Drive E: | 268.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 249.72 Mb Total Space | 213.10 Mb Free Space | 85.33% Space Free | Partition Type: FAT
Drive G: | 3.77 Gb Total Space | 3.34 Gb Free Space | 88.62% Space Free | Partition Type: FAT32

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1EB8079C-2F30-3A6E-A76A-9758C4F1CD21}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3BA774DD-AD58-6B15-B020-14CDB6DFFFA4}" = ATI Catalyst Install Manager
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{62577E41-C350-3D07-97C8-2B6CDB4BAD60}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E68D1DBB-8C8C-4A18-766F-976C86949824}" = ATI AVIVO64 Codecs
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"1B8C0FE57993F0D33DD0A689D44B5B3D8954B0F7" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"Explorer Suite_is1" = Explorer Suite III
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.0 (Platformer)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.0 (Redists)
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Catalyst Media Center
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3AE76A6A-DE52-4920-9814-905CA5551C2D}" = Cisco NAC Agent
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.0 (VCSExpress)
"{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1" = OGG to MP3 Converter 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.0 Documentation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90C43C31-862C-46AD-92A5-2D29E1B68179}" = Belkin Wireless G PCI Adapter
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AC3F9FEE-1A44-4FCE-BD72-BD27D4BC6279}" = Microsoft XNA Game Studio Platform Tools
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.0 (Shared Components)
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.0 (ARP entry)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{FC4F90EC-B1DA-11D9-9D77-000129760D75}" = Catalyst Media Center DVD Authoring Module
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"avast!" = avast! Antivirus
"AVG9Uninstall" = AVG Free 9.0
"Bookworm Adventures Deluxe 1.0" = Bookworm Adventures Deluxe 1.0
"Digsby" = Digsby
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{90C43C31-862C-46AD-92A5-2D29E1B68179}" = Belkin Wireless G PCI Adapter
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Pidgin" = Pidgin
"Rainmeter" = Rainmeter (remove only)
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.0.1
"XNA Game Studio 3.0" = Microsoft XNA Game Studio 3.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2010 4:07:23 AM | Computer Name = Nick-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/10/2010 4:08:15 AM | Computer Name = Nick-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/10/2010 1:31:54 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/11/2010 7:12:26 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = send_msg ERROR: failed to write 84 of 84 bytes to fd 216 errno 10053
(An established connection was aborted by the software in your host machine.)

Error - 10/11/2010 7:12:26 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = 216: Could not write data to client because of error - aborting connection

Error - 10/11/2010 7:12:26 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = 216: DNSServiceCreateConnection

Error - 10/12/2010 2:04:38 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = send_msg ERROR: failed to write 76 of 76 bytes to fd 496 errno 10053
(An established connection was aborted by the software in your host machine.)

Error - 10/12/2010 2:04:38 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = 496: Could not write data to client because of error - aborting connection

Error - 10/12/2010 2:04:38 PM | Computer Name = Nick-PC | Source = Bonjour Service | ID = 100
Description = 496: DNSServiceCreateConnection

Error - 10/14/2010 4:24:47 AM | Computer Name = Nick-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NACAgent.exe, version: 4.6.2113.0, time
stamp: 0x4a3c01bd Faulting module name: NACAgent.exe, version: 4.6.2113.0, time
stamp: 0x4a3c01bd Exception code: 0xc00000fd Fault offset: 0x00038a27 Faulting process
id: 0x79c Faulting application start time: 0x01cb6b793e0de173 Faulting application
path: C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe Faulting module
path: C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe Report Id: 81099e0e-d76c-11df-b513-001d922e3d72

[ System Events ]
Error - 8/24/2010 5:43:56 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/24/2010 5:43:56 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/24/2010 5:48:56 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/24/2010 5:48:56 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/24/2010 5:48:56 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/24/2010 5:51:02 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/24/2010 5:51:02 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/24/2010 5:51:02 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/24/2010 5:53:30 PM | Computer Name = Nick-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 8/24/2010 5:53:30 PM | Computer Name = Nick-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

Nancelot

Unborn
Unborn

Posts : 3
Joined : 2010-10-18
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint - Snuck past MalwareBytes and several other attempts.

Post by Belahzur on Tue 19 Oct 2010, 10:17 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2010/10/16 19:36:42 | 000,594,432 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\hotfix.exe
    [2010/10/16 19:36:42 | 000,000,178 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7648.bat
    [2010/10/16 19:36:42 | 000,000,178 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4710.bat


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Thinkpoint - Snuck past MalwareBytes and several other attempts.

Post by Sponsored content Today at 7:59 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum