GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

My computer is infected with Security Tool

View previous topic View next topic Go down

My computer is infected with Security Tool

Post by xb1m4lx on Mon Dec 20, 2010 6:24 pm

My computer is infected with Security Tool. I cannot run any av scans like malwarebytes or spybot... please help!

OTL logfile created on: 10/22/2010 4:48:53 PM - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\jmosora\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.50 Gb Total Space | 51.99 Gb Free Space | 38.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.45 Gb Free Space | 14.49% Space Free | Partition Type: NTFS
Drive G: | 3.68 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32
Drive I: | 485.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JMOSORA-LAPTOP | User Name: jmosora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

== Processes (SafeList) ==

PRC - [2010/10/22 10:10:43 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\jmosora\Desktop\OTH.scr
PRC - [2010/10/21 19:26:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jmosora\Desktop\OTL.scr
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

== Modules (SafeList) ==

MOD - [2010/10/21 19:26:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jmosora\Desktop\OTL.scr
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/05/05 02:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2010/03/18 13:16:28 | 006,730,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MOD - [2010/03/18 13:16:28 | 000,771,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll
MOD - [2010/03/18 13:16:28 | 000,413,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MOD - [2009/07/13 21:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/07/13 21:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/07/13 21:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009/07/13 21:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009/07/13 21:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

== Win32 Services (SafeList) ==

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/05/08 10:03:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

== Driver Services (SafeList) ==

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jmosora\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2010/09/23 13:11:28 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/16 20:01:53 | 011,597,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/08 03:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

== Standard Registry (SafeList) ==

== Internet Explorer ==

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 3B 2B 16 74 71 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/09/23 13:07:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/24 03:01:07 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [yyy45] C:\Documents and Settings\Kaleena\Application Data\svchost.exe ()
O4 - HKCU..\Run: [MSWUpdate] "C:\Documents and Settings\Kaleena\Application Data\lsass.exe" ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [winlog.exe] C:\Documents and Settings\Kaleena\Application Data\Microsoft\winlog.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\RunOnce: [871286548] C:\Users\jmosora\AppData\Local\871286548.exe ()
O4 - Startup: C:\Users\jmosora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/04/18 11:23:00 | 000,000,041 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d29dd15c-c735-11df-9293-f13dd50e5bab}\Shell - "" = AutoRun
O33 - MountPoints2\{d29dd15c-c735-11df-9293-f13dd50e5bab}\Shell\AutoRun\command - "" = I:\Setup.exe -- [2001/04/30 13:33:00 | 000,032,768 | R--- | M] ()
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

== Files/Folders - Created Within 90 Days ==

[2010/10/22 10:10:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\jmosora\Desktop\OTL.exe
[2010/10/21 20:22:29 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/10/21 19:26:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\jmosora\Desktop\OTL.scr
[2010/10/21 19:26:16 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\jmosora\Desktop\OTH.scr
[2010/10/20 12:58:06 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jmosora\Desktop\Explorer.exe.exe
[2010/10/02 00:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/09/26 21:21:38 | 000,000,000 | ---D | C] -- C:\Eastern Sun Saves
[2010/09/24 03:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/09/23 13:17:29 | 000,000,000 | ---D | C] -- C:\Users\jmosora\AppData\Local\Nero
[2010/09/23 13:17:17 | 000,000,000 | ---D | C] -- C:\Users\jmosora\AppData\Roaming\Nero
[2010/09/23 13:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010/09/23 13:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/23 13:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/09/23 13:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Mender
[2010/09/23 13:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/09/23 12:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\NeroInstall.bak
[2010/09/23 12:55:00 | 000,000,000 | ---D | C] -- C:\Users\jmosora\AppData\Local\Ahead
[2010/09/23 12:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/09/23 12:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/09/23 12:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/09/23 12:28:46 | 000,000,000 | ---D | C] -- C:\Users\jmosora\AppData\Roaming\AVS4YOU
[2010/09/23 12:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/09/23 02:03:54 | 000,557,568 | ---- | C] (Ikysasoft s.r.l. uninominale) -- C:\Windows\System32\B4FM.dll
[2010/09/23 02:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/09/23 02:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/09/23 02:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Burn4Free
[2010/09/15 21:24:51 | 000,000,000 | ---D | C] -- C:\D2LOD-1.12A-enUS
[2010/09/15 21:24:27 | 000,000,000 | ---D | C] -- C:\D2-1.12A-enUS
[2010/09/13 17:29:07 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/08/29 13:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/08/29 13:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\FFmpeg for Audacity
[2010/08/23 02:03:17 | 000,000,000 | ---D | C] -- C:\RiP
[2010/08/20 17:17:36 | 000,000,000 | ---D | C] -- C:\homm5 exp2
[2010/08/20 17:08:19 | 000,000,000 | ---D | C] -- C:\Users\jmosora\Documents\My Games
[2010/08/20 17:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/08/20 17:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/08/20 16:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/08/20 06:45:52 | 000,000,000 | ---D | C] -- C:\Heroes Of Might And Magic V Hammers Of Fate
[2010/08/20 06:41:54 | 000,000,000 | ---D | C] -- C:\HoM&M V - Tribes of the East
[2010/08/20 06:39:23 | 000,000,000 | ---D | C] -- C:\Heroes.of.Might.and.Magic.V WITH NoDVD Crack
[2010/08/18 08:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\3DO Shared
[2010/08/18 08:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\3DO
[2010/08/18 08:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/08/18 08:51:04 | 000,000,000 | ---D | C] -- C:\Users\jmosora\AppData\Roaming\DAEMON Tools Lite
[2010/08/18 08:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/08/18 08:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/08/18 08:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/08/18 08:30:43 | 000,000,000 | ---D | C] -- C:\Users\jmosora\AppData\Roaming\uTorrent
[2010/08/12 17:35:48 | 000,000,000 | ---D | C] -- C:\Crack
[2010/08/12 17:28:22 | 000,000,000 | ---D | C] -- C:\StarCraft II
[2010/08/12 17:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2010/08/12 16:44:59 | 000,000,000 | ---D | C] -- C:\Users\jmosora\Documents\StarCraft II
[2010/08/12 16:39:26 | 000,000,000 | ---D | C] -- C:\sc2install
[2010/07/30 12:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/30 12:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/07/30 12:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/30 12:16:21 | 000,000,000 | ---D | C] -- C:\Users\jmosora\AppData\Local\Apple
[2010/07/30 12:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/30 12:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

== Files - Modified Within 90 Days ==

[2010/10/22 16:48:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/22 16:48:16 | 2414,395,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/22 16:31:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1082374700-3016570216-2219112506-1001UA.job
[2010/10/22 16:11:08 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/22 16:11:08 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/22 10:10:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jmosora\Desktop\OTL.exe
[2010/10/22 10:10:43 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\jmosora\Desktop\OTH.scr
[2010/10/22 10:09:38 | 000,364,032 | ---- | M] () -- C:\Users\jmosora\Desktop\rkill.com
[2010/10/21 19:26:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jmosora\Desktop\OTL.scr
[2010/10/20 13:07:12 | 000,000,252 | ---- | M] () -- C:\Users\jmosora\Documents\ax_files.xml
[2010/10/20 12:59:07 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jmosora\Desktop\Explorer.exe.exe
[2010/10/17 00:49:25 | 000,973,312 | ---- | M] () -- C:\Users\jmosora\AppData\Local\871286548.exe
[2010/10/16 17:52:41 | 000,570,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/16 17:52:41 | 000,092,532 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/16 09:31:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1082374700-3016570216-2219112506-1001Core.job
[2010/10/14 12:58:03 | 000,403,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/13 15:57:06 | 000,061,440 | ---- | M] () -- C:\Users\jmosora\Desktop\JMosora CV.doc
[2010/10/12 10:30:24 | 000,131,583 | ---- | M] () -- C:\Users\jmosora\Desktop\acmd-report-agonists.pdf
[2010/10/02 00:12:49 | 000,000,698 | -H-- | M] () -- C:\IPH.PH
[2010/10/02 00:12:48 | 000,001,887 | ---- | M] () -- C:\Users\jmosora\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/02 00:12:48 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/09/28 09:47:44 | 000,001,107 | ---- | M] () -- C:\Users\jmosora\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/09/26 15:27:27 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/26 12:13:56 | 000,002,431 | ---- | M] () -- C:\Users\jmosora\Desktop\Google Chrome.lnk
[2010/09/25 02:05:30 | 004,481,291 | ---- | M] () -- C:\Users\jmosora\Desktop\07 Day Dreamin.mp3
[2010/09/25 01:37:58 | 014,802,024 | ---- | M] () -- C:\Users\jmosora\Desktop\40oz.mp3
[2010/09/23 13:25:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/23 13:25:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/23 13:17:28 | 000,001,024 | ---- | M] () -- C:\Users\jmosora\.rnd
[2010/09/23 13:16:41 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 52%.lnk
[2010/09/23 13:11:28 | 000,436,792 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/09/23 12:54:33 | 000,002,707 | ---- | M] () -- C:\Users\jmosora\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/09/23 12:54:33 | 000,002,683 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/09/23 12:54:33 | 000,002,609 | ---- | M] () -- C:\Users\jmosora\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2010/09/23 12:54:33 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010/09/23 02:04:29 | 000,001,255 | ---- | M] () -- C:\Users\jmosora\Desktop\AVS4YOU Software Navigator.lnk
[2010/09/23 02:04:22 | 000,001,115 | ---- | M] () -- C:\Users\jmosora\Desktop\AVS DVD Copy.lnk
[2010/09/23 02:03:54 | 000,000,951 | ---- | M] () -- C:\Users\jmosora\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
[2010/09/23 02:03:54 | 000,000,927 | ---- | M] () -- C:\Users\jmosora\Desktop\Burn4Free.lnk
[2010/09/21 03:03:46 | 549,480,964 | ---- | M] () -- C:\Users\jmosora\Desktop\EXPANSION.daa
[2010/09/16 15:34:57 | 014,014,990 | ---- | M] () -- C:\Users\jmosora\Desktop\05 Black Mama (Beatport Extended Bonus Version).mp3
[2010/09/16 15:21:16 | 000,001,126 | ---- | M] () -- C:\Users\jmosora\Desktop\ES 3.00 R full screen.lnk
[2010/09/09 18:16:07 | 016,497,187 | ---- | M] () -- C:\Users\jmosora\Desktop\MAD.mp3
[2010/08/29 19:12:10 | 000,059,904 | ---- | M] () -- C:\Users\jmosora\Desktop\Jon Mosora CV.doc
[2010/08/20 17:26:47 | 000,001,327 | ---- | M] () -- C:\Users\jmosora\Desktop\Heroes of Might & Magic V - Tribes of the East.lnk
[2010/08/20 17:14:55 | 000,001,323 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might & Magic V - Hammers of Fate.lnk
[2010/08/20 17:03:25 | 000,001,307 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might and Magic V.lnk
[2010/08/20 17:01:21 | 000,000,001 | ---- | M] () -- C:\Windows\System32\SI.bin
[2010/08/18 09:07:28 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might and Magic IV Winds of War.lnk
[2010/08/18 08:51:42 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/08/18 08:31:18 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/12 17:26:03 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/10 14:15:50 | 000,029,184 | ---- | M] () -- C:\Users\jmosora\Desktop\CoverLetter.doc
[2010/08/10 14:15:46 | 000,025,088 | ---- | M] () -- C:\Users\jmosora\Desktop\Cover_Letter.doc
[2010/08/10 14:15:41 | 000,026,536 | ---- | M] () -- C:\Users\jmosora\Desktop\CoverLetter.pdf
[2010/08/06 15:13:47 | 000,305,978 | ---- | M] () -- C:\Users\jmosora\Desktop\30 Rock Theme Song (Season 2).mp3
[2010/08/04 21:21:36 | 000,059,904 | ---- | M] () -- C:\Users\jmosora\Desktop\JMosora CV1.doc
[2010/08/04 02:45:59 | 000,174,420 | ---- | M] () -- C:\Users\jmosora\Desktop\musiccomp.jpg
[2010/08/04 02:45:22 | 000,141,804 | ---- | M] () -- C:\Users\jmosora\Desktop\deathpandas.jpg

== Files Created - No Company Name ==

[2010/10/20 13:01:35 | 000,364,032 | ---- | C] () -- C:\Users\jmosora\Desktop\rkill.com
[2010/10/17 00:49:25 | 000,973,312 | ---- | C] () -- C:\Users\jmosora\AppData\Local\871286548.exe
[2010/10/12 10:30:24 | 000,131,583 | ---- | C] () -- C:\Users\jmosora\Desktop\acmd-report-agonists.pdf
[2010/09/28 09:47:44 | 000,001,107 | ---- | C] () -- C:\Users\jmosora\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/09/25 02:03:11 | 014,014,990 | ---- | C] () -- C:\Users\jmosora\Desktop\05 Black Mama (Beatport Extended Bonus Version).mp3
[2010/09/25 01:59:05 | 016,497,187 | ---- | C] () -- C:\Users\jmosora\Desktop\MAD.mp3
[2010/09/25 01:38:29 | 014,802,024 | ---- | C] () -- C:\Users\jmosora\Desktop\40oz.mp3
[2010/09/25 01:33:46 | 004,481,291 | ---- | C] () -- C:\Users\jmosora\Desktop\07 Day Dreamin.mp3
[2010/09/24 15:20:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/09/23 13:25:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/09/23 13:25:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/09/23 13:24:13 | 000,000,252 | ---- | C] () -- C:\Users\jmosora\Documents\ax_files.xml
[2010/09/23 13:23:33 | 000,376,320 | ---- | C] () -- C:\Users\jmosora\Desktop\Diablo II LOD MiniCD.mdf
[2010/09/23 13:23:33 | 000,000,486 | ---- | C] () -- C:\Users\jmosora\Desktop\Diablo II LOD MiniCD.MDS
[2010/09/23 13:16:41 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 52%.lnk
[2010/09/23 12:54:33 | 000,002,707 | ---- | C] () -- C:\Users\jmosora\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/09/23 12:54:33 | 000,002,683 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/09/23 12:54:33 | 000,002,609 | ---- | C] () -- C:\Users\jmosora\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2010/09/23 12:54:33 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010/09/23 12:52:14 | 000,001,024 | ---- | C] () -- C:\Users\jmosora\.rnd
[2010/09/23 02:04:29 | 000,001,255 | ---- | C] () -- C:\Users\jmosora\Desktop\AVS4YOU Software Navigator.lnk
[2010/09/23 02:04:22 | 000,001,115 | ---- | C] () -- C:\Users\jmosora\Desktop\AVS DVD Copy.lnk
[2010/09/23 02:03:54 | 000,000,951 | ---- | C] () -- C:\Users\jmosora\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
[2010/09/23 02:03:54 | 000,000,927 | ---- | C] () -- C:\Users\jmosora\Desktop\Burn4Free.lnk
[2010/09/21 02:59:43 | 549,480,964 | ---- | C] () -- C:\Users\jmosora\Desktop\EXPANSION.daa
[2010/09/16 15:20:53 | 000,001,126 | ---- | C] () -- C:\Users\jmosora\Desktop\ES 3.00 R full screen.lnk
[2010/08/20 17:26:47 | 000,001,327 | ---- | C] () -- C:\Users\jmosora\Desktop\Heroes of Might & Magic V - Tribes of the East.lnk
[2010/08/20 17:14:55 | 000,001,323 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might & Magic V - Hammers of Fate.lnk
[2010/08/20 17:03:25 | 000,001,307 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might and Magic V.lnk
[2010/08/20 17:01:21 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010/08/18 09:07:28 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might and Magic IV Winds of War.lnk
[2010/08/18 08:51:42 | 000,436,792 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/08/18 08:51:42 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010/08/18 08:31:18 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/12 16:44:59 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/10 15:08:30 | 000,059,904 | ---- | C] () -- C:\Users\jmosora\Desktop\Jon Mosora CV.doc
[2010/08/10 14:15:50 | 000,029,184 | ---- | C] () -- C:\Users\jmosora\Desktop\CoverLetter.doc
[2010/08/10 14:15:45 | 000,025,088 | ---- | C] () -- C:\Users\jmosora\Desktop\Cover_Letter.doc
[2010/08/10 14:15:40 | 000,026,536 | ---- | C] () -- C:\Users\jmosora\Desktop\CoverLetter.pdf
[2010/08/06 15:13:47 | 000,305,978 | ---- | C] () -- C:\Users\jmosora\Desktop\30 Rock Theme Song (Season 2).mp3
[2010/08/04 21:21:35 | 000,059,904 | ---- | C] () -- C:\Users\jmosora\Desktop\JMosora CV1.doc
[2010/08/04 02:50:55 | 000,174,420 | ---- | C] () -- C:\Users\jmosora\Desktop\musiccomp.jpg
[2010/08/04 02:45:36 | 000,141,804 | ---- | C] () -- C:\Users\jmosora\Desktop\deathpandas.jpg
[2010/06/04 22:14:51 | 000,000,664 | ---- | C] () -- C:\Users\jmosora\AppData\Roaming\myMPQ.ini
[2010/05/20 22:28:04 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

== LOP Check ==

[2010/06/06 23:04:22 | 000,000,000 | ---D | M] -- C:\Users\jmosora\AppData\Roaming\acccore
[2010/08/29 13:31:08 | 000,000,000 | ---D | M] -- C:\Users\jmosora\AppData\Roaming\Audacity
[2010/05/08 09:13:18 | 000,000,000 | ---D | M] -- C:\Users\jmosora\AppData\Roaming\CiscoCAA
[2010/08/18 08:55:01 | 000,000,000 | ---D | M] -- C:\Users\jmosora\AppData\Roaming\DAEMON Tools Lite
[2010/05/08 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\jmosora\AppData\Roaming\runic games
[2010/09/13 18:57:36 | 000,000,000 | ---D | M] -- C:\Users\jmosora\AppData\Roaming\uTorrent
[2010/10/22 16:02:08 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

== Purity Check ==

== Custom Scans ==

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/05/07 23:25:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/22 16:48:16 | 2414,395,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 13:25:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/02 00:12:49 | 000,000,698 | -H-- | M] () -- C:\IPH.PH
[2010/09/23 13:25:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/22 16:48:16 | 3219,193,856 | -HS- | M] () -- C:\pagefile.sys
[2010/10/22 10:12:18 | 000,000,425 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-22 20:07:52

xb1m4lx
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2010-12-15
OS : Window xp
Points : 21829
# Likes : 0

View user profile

Back to top Go down

Re: My computer is infected with Security Tool

Post by Belahzur on Mon Dec 20, 2010 10:51 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKCU..\Run: [yyy45] C:\Documents and Settings\Kaleena\Application Data\svchost.exe ()
    O4 - HKCU..\Run: [MSWUpdate] "C:\Documents and Settings\Kaleena\Application Data\lsass.exe" ()
    O4 - HKCU..\Run: [winlog.exe] C:\Documents and Settings\Kaleena\Application Data\Microsoft\winlog.exe ()
    O4 - HKCU..\RunOnce: [871286548] C:\Users\jmosora\AppData\Local\871286548.exe ()



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum