i think i have a virus help plz and thank you

View previous topic View next topic Go down

i think i have a virus help plz and thank you

Post by igotviruses on Thu 13 Jan 2011, 9:22 pm

I was playing some game which shows an IP address while logging in and i noticed it wasnt my ip address 3 times and 3 different ips. after that i just continued on being a nerd playing my game and then it just froze and then a blue screen with words came up for not even a second and my laptop just shut off just like that. This happened right after i updated my anti virus software i dont know if it is a good one avast is it tho. i turned it on and it was going really slow any help? much appreciated.

igotviruses

Unborn
Unborn

Posts : 4
Joined : 2011-01-13
Operating System : xp

View user profile

Back to top Go down

Re: i think i have a virus help plz and thank you

Post by Sneakyone on Thu 13 Jan 2011, 9:25 pm

Hi,

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-09
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: i think i have a virus help plz and thank you

Post by igotviruses on Fri 14 Jan 2011, 11:45 pm

OTL Extras logfile created on: 1/13/2011 7:43:17 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 9.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.86 Gb Free Space | 85.79% Space Free | Partition Type: NTFS

Computer Name: THE-E54D7EC9FF1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A960A6-0CAC-4EBB-9D7E-199545391033}" = Nero 7 Essentials
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}" = Workspace Macro Pro 6.5
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{94A61BF7-F8EE-46D1-944B-C765A7FF117A}" = STOPzilla
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ASIO4ALL" = ASIO4ALL
"avast5" = avast! Free Antivirus
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Drumaxx" = Drumaxx
"FL Studio 9" = FL Studio 9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"IconArt" = IconArt
"IL Download Manager" = IL Download Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Notepad++" = Notepad++
"PoiZone" = PoiZone
"Sakura" = Sakura
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.6
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2011 10:43:53 PM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3344

Error - 1/12/2011 12:29:03 AM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/12/2011 12:29:03 AM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2188

Error - 1/12/2011 12:29:03 AM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2188

Error - 1/12/2011 12:29:06 AM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/12/2011 12:29:06 AM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4719

Error - 1/12/2011 12:29:06 AM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4719

Error - 1/12/2011 11:09:00 PM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/12/2011 11:09:00 PM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2500

Error - 1/12/2011 11:09:00 PM | Computer Name = THE-E54D7EC9FF1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2500

[ System Events ]
Error - 12/23/2010 11:31:52 AM | Computer Name = THE-E54D7EC9FF1 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 5C:59:48:A5:D4:91. Network operations
on this system may be disrupted as a result.

Error - 12/23/2010 11:31:52 AM | Computer Name = THE-E54D7EC9FF1 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 5C:59:48:A5:D4:91. Network operations
on this system may be disrupted as a result.

Error - 12/27/2010 8:13:58 PM | Computer Name = THE-E54D7EC9FF1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 00242C15A285.

Error - 12/27/2010 8:14:27 PM | Computer Name = THE-E54D7EC9FF1 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +86369 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.104:123->207.46.232.182:123) is working
properly.

Error - 12/28/2010 1:33:02 AM | Computer Name = THE-E54D7EC9FF1 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 12/28/2010 2:39:21 PM | Computer Name = THE-E54D7EC9FF1 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 12/28/2010 4:08:53 PM | Computer Name = THE-E54D7EC9FF1 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +86368 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.104:123->207.46.232.182:123) is working
properly.

Error - 12/28/2010 10:37:36 PM | Computer Name = THE-E54D7EC9FF1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 00242C15A285 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/28/2010 11:52:31 PM | Computer Name = THE-E54D7EC9FF1 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 12/29/2010 5:24:34 AM | Computer Name = THE-E54D7EC9FF1 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.


< End of report >
This is the extras.txt

igotviruses

Unborn
Unborn

Posts : 4
Joined : 2011-01-13
Operating System : xp

View user profile

Back to top Go down

Re: i think i have a virus help plz and thank you

Post by igotviruses on Fri 14 Jan 2011, 11:48 pm

OTL logfile created on: 1/13/2011 7:43:17 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 9.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.86 Gb Free Space | 85.79% Space Free | Partition Type: NTFS

Computer Name: THE-E54D7EC9FF1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 11:25:04 | 000,501,200 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\SZOptions.exe
PRC - [2011/01/13 11:25:00 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/01/13 11:24:54 | 000,263,632 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
PRC - [2011/01/13 11:24:54 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/12 22:27:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/01/07 22:35:52 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/12/17 20:39:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
PRC - [2010/12/17 20:39:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2010/11/09 16:06:01 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/07/03 12:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/04 20:40:06 | 000,065,536 | ---- | M] (Solutions) -- C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011/01/12 22:27:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/13 11:24:54 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/12 17:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/10/30 21:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/17 09:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 08:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/12/13 05:21:56 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 B5 8A EA C7 AE CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [JagexGames] C:\Documents and Settings\Administrator\Application Data\DJagex\Jagex.jar ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk = C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe (Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/09 15:47:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {D87EE4B6-D77B-C97B-A959-00F343B0E15F} - cmd /q /c start "" /i /b javaw -classpath "C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache6089389328892915712.tmp" a
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS [You must be registered and logged in to see this link.]
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308606093492224)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 11:24:48 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/01/13 11:24:48 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/01/13 11:24:48 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/01/13 11:24:48 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/01/13 11:24:48 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/01/13 11:24:46 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/01/13 11:24:46 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/01/13 11:24:46 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/01/13 11:24:46 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/01/13 11:24:46 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/01/13 11:24:46 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/01/13 11:24:44 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/01/12 22:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/01/12 22:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/01/12 22:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/01/12 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/01/12 22:27:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/12 21:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/01/10 08:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/01/07 23:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/01/07 23:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/07 23:46:20 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/01/07 23:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/07 23:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/07 23:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/07 23:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/07 23:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/07 23:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/01/07 23:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2011/01/07 23:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/07 23:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/01/07 23:42:18 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/01/07 23:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/07 23:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/07 23:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/01/07 23:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/12/31 16:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AutoGDK_Settings
[2010/12/28 12:27:45 | 000,000,000 | ---D | C] -- C:\Chaotic PKz
[2010/12/23 01:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cheat Engine 5.6.1
[2010/12/23 01:04:35 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2010/12/23 01:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010/12/20 00:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2010/12/20 00:22:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/12/20 00:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Toolbar4
[2010/12/20 00:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam Toolbar
[2010/12/20 00:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HyperCam 2
[2010/12/20 00:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2010/12/18 21:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DJagex
[2010/12/17 20:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/17 20:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/17 20:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/12/17 20:39:24 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/17 20:39:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/17 20:39:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/17 20:39:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/17 20:39:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/13 11:24:48 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/01/13 11:24:48 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/01/13 11:24:48 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/01/13 11:24:48 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/01/13 11:24:48 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/01/13 11:24:46 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/01/13 11:24:46 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/01/13 11:24:46 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/01/13 11:24:46 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/01/13 11:24:46 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/01/13 11:24:46 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/01/13 11:24:44 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/01/13 07:33:03 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/13 07:33:03 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/13 07:29:39 | 000,001,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/01/13 07:29:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/13 07:28:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 06:52:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1897051121-1614895754-500UA.job
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/12 22:55:38 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/01/12 22:55:38 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/12 22:44:48 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2011/01/12 22:44:48 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2011/01/12 22:27:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/12 21:54:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/12 21:38:20 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\RSBot_Accounts.ini
[2011/01/12 21:33:14 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/12 21:18:47 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\UFletch.ini
[2011/01/12 15:52:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1897051121-1614895754-500Core.job
[2011/01/10 08:06:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/09 22:25:35 | 000,000,026 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\ArbiAuth.ini
[2011/01/07 23:46:24 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/07 23:43:59 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/02 07:05:42 | 000,980,146 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RSBot-220.jar
[2010/12/22 00:22:06 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/20 12:14:34 | 000,935,033 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RSBot-219.jar
[2010/12/17 20:39:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/17 20:39:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/17 20:39:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/17 20:39:07 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/17 20:39:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/15 03:20:47 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 03:04:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/13 07:29:30 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/01/08 11:56:18 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\UFletch.ini
[2011/01/07 23:46:24 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/07 23:43:59 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/07 23:43:03 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/02 07:05:33 | 000,980,146 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RSBot-220.jar
[2010/12/23 01:04:35 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/12/20 12:14:23 | 000,935,033 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RSBot-219.jar
[2010/12/01 18:36:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/01 18:35:59 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/19 16:18:34 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ArbiAuth.ini
[2010/11/14 22:30:01 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\RSBot_Accounts.ini
[2010/11/10 15:42:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/11/09 18:18:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/09 18:13:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/11/09 15:40:22 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2010/11/09 15:40:22 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2010/11/09 15:40:22 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/11/09 18:12:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/11/09 18:12:04 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/11/09 18:12:03 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/14 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2008/04/14 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/14 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/14 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/14 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/14 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/14 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/14 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/14 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/14 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 13:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/10/26 08:27:10 | 001,862,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/11/09 15:47:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/09 15:36:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/09 15:47:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/09 15:47:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/09 15:47:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/13 07:28:15 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/11/10 22:24:37 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/01/07 23:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/11/23 17:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2011/01/07 23:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/12/23 01:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Cheat Engine
[2011/01/12 22:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/11/09 15:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/11/16 17:00:31 | 000,000,000 | ---D | M] -- C:\Program Files\ConWare
[2010/11/10 10:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/12/20 00:13:07 | 000,000,000 | ---D | M] -- C:\Program Files\HyCam2
[2011/01/12 23:03:04 | 000,000,000 | ---D | M] -- C:\Program Files\HyperCam Toolbar
[2010/11/23 17:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2010/11/10 10:07:53 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/01/07 23:44:14 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/01/07 23:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/01/07 23:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/17 20:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/11/09 15:39:12 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/11/10 22:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/11/09 15:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/12/19 16:35:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/09 16:40:37 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/11/09 15:50:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/09 15:38:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/11/09 15:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/11/09 15:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/11/10 09:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/11/09 15:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/11/21 10:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2010/11/09 15:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 03:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/23 17:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2011/01/07 23:44:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/11/09 15:50:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/01/12 22:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\STOPzilla!
[2010/12/17 20:39:36 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/11/12 15:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2010/11/09 16:05:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/24 09:42:09 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/11/09 16:10:22 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/11/23 17:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2010/11/09 16:52:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/11/10 22:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/11/10 22:08:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/11/09 15:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/11/09 15:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/11/09 15:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/11/09 15:45:18 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/11/10 21:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\Workspace Macro Pro 6.5
[2010/11/09 15:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2011/01/09 22:25:35 | 000,000,026 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\ArbiAuth.ini
[2010/11/09 18:18:07 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2011/01/12 21:38:20 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\RSBot_Accounts.ini


< MD5 for: ATAPI.SYS >
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/05/07 12:12:10 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=47B6AAEC570F2C11D8BAD80A064D8ED1 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/04/18 21:52:05 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\NLDRV\001\iastor.sys

< MD5 for: NETLOGON.DLL >
[2009/02/06 19:37:59 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 19:37:59 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 13:00:00 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-12 12:40:42

< End of report >
DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/12 17:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 16:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/10/30 21:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/17 09:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 08:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/12/13 05:21:56 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 B5 8A EA C7 AE CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
_____________________________________________________________to be continued______________

igotviruses

Unborn
Unborn

Posts : 4
Joined : 2011-01-13
Operating System : xp

View user profile

Back to top Go down

Re: i think i have a virus help plz and thank you

Post by igotviruses on Fri 14 Jan 2011, 11:50 pm

O3 - HKLM\..\Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [JagexGames] C:\Documents and Settings\Administrator\Application Data\DJagex\Jagex.jar ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk = C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe (Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/09 15:47:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 11:24:48 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/01/13 11:24:48 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/01/13 11:24:48 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/01/13 11:24:48 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/01/13 11:24:48 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/01/13 11:24:46 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/01/13 11:24:46 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/01/13 11:24:46 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/01/13 11:24:46 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/01/13 11:24:46 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/01/13 11:24:46 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/01/13 11:24:44 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/01/12 22:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/01/12 22:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/01/12 22:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/01/12 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/01/12 22:27:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/12 21:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/01/10 08:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/01/07 23:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/01/07 23:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/07 23:46:20 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/01/07 23:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/07 23:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/07 23:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/07 23:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/07 23:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/07 23:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/01/07 23:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2011/01/07 23:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/07 23:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/01/07 23:42:18 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/01/07 23:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/07 23:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/07 23:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/01/07 23:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/12/31 16:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AutoGDK_Settings
[2010/12/28 12:27:45 | 000,000,000 | ---D | C] -- C:\Chaotic PKz
[2010/12/23 01:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cheat Engine 5.6.1
[2010/12/23 01:04:35 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2010/12/23 01:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010/12/20 00:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2010/12/20 00:22:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/12/20 00:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Toolbar4
[2010/12/20 00:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam Toolbar
[2010/12/20 00:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HyperCam 2
[2010/12/20 00:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2010/12/18 21:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DJagex
[2010/12/17 20:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/17 20:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/17 20:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/12/17 20:39:24 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/17 20:39:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/17 20:39:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/17 20:39:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/17 20:39:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/13 11:24:48 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/01/13 11:24:48 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/01/13 11:24:48 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/01/13 11:24:48 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/01/13 11:24:48 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/01/13 11:24:46 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/01/13 11:24:46 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/01/13 11:24:46 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/01/13 11:24:46 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/01/13 11:24:46 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/01/13 11:24:46 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/01/13 11:24:44 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/01/13 07:52:06 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1897051121-1614895754-500UA.job
[2011/01/13 07:33:03 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/13 07:33:03 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/13 07:29:39 | 000,001,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/01/13 07:29:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/13 07:28:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/12 22:55:38 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/01/12 22:55:38 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/12 22:44:48 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2011/01/12 22:44:48 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2011/01/12 22:27:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/12 21:54:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/12 21:38:20 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\RSBot_Accounts.ini
[2011/01/12 21:33:14 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/12 21:18:47 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\UFletch.ini
[2011/01/12 15:52:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1897051121-1614895754-500Core.job
[2011/01/10 08:06:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/09 22:25:35 | 000,000,026 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\ArbiAuth.ini
[2011/01/07 23:46:24 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/07 23:43:59 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/02 07:05:42 | 000,980,146 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RSBot-220.jar
[2010/12/22 00:22:06 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/20 12:14:34 | 000,935,033 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RSBot-219.jar
[2010/12/17 20:39:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/17 20:39:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/17 20:39:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/17 20:39:07 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/17 20:39:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/15 03:20:47 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 03:04:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/13 07:29:30 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/01/08 11:56:18 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\UFletch.ini
[2011/01/07 23:46:24 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/07 23:43:59 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/07 23:43:03 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/02 07:05:33 | 000,980,146 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RSBot-220.jar
[2010/12/23 01:04:35 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/12/20 12:14:23 | 000,935,033 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RSBot-219.jar
[2010/12/01 18:36:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/01 18:35:59 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/19 16:18:34 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ArbiAuth.ini
[2010/11/14 22:30:01 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\RSBot_Accounts.ini
[2010/11/10 15:42:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/11/09 18:18:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/09 18:13:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/11/09 15:40:22 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2010/11/09 15:40:22 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2010/11/09 15:40:22 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/11/09 18:12:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/11/09 18:12:04 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/11/09 18:12:03 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/14 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2008/04/14 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/14 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/14 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/14 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/14 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/14 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/14 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/14 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/14 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 13:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/10/26 08:27:10 | 001,862,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/11/09 15:47:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/09 15:36:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/09 15:47:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/09 15:47:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/09 15:47:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/13 07:28:15 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/11/10 22:24:37 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/01/07 23:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/11/23 17:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2011/01/07 23:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/12/23 01:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Cheat Engine
[2011/01/12 22:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/11/09 15:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/11/16 17:00:31 | 000,000,000 | ---D | M] -- C:\Program Files\ConWare
[2010/11/10 10:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/12/20 00:13:07 | 000,000,000 | ---D | M] -- C:\Program Files\HyCam2
[2011/01/12 23:03:04 | 000,000,000 | ---D | M] -- C:\Program Files\HyperCam Toolbar
[2010/11/23 17:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2010/11/10 10:07:53 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/01/07 23:44:14 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/01/07 23:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/01/07 23:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/17 20:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/11/09 15:39:12 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/11/10 22:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/11/09 15:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/12/19 16:35:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/09 16:40:37 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/11/09 15:50:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/09 15:38:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/11/09 15:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/11/09 15:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/11/10 09:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/11/09 15:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/11/21 10:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2010/11/09 15:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 03:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/23 17:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2011/01/07 23:44:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/11/09 15:50:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/01/12 22:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\STOPzilla!
[2010/12/17 20:39:36 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/11/12 15:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2010/11/09 16:05:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/24 09:42:09 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/11/09 16:10:22 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/11/23 17:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2010/11/09 16:52:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/11/10 22:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/11/10 22:08:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/11/09 15:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/11/09 15:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/11/09 15:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/11/09 15:45:18 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/11/10 21:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\Workspace Macro Pro 6.5
[2010/11/09 15:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2011/01/09 22:25:35 | 000,000,026 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\ArbiAuth.ini
[2010/11/09 18:18:07 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2011/01/12 21:38:20 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\RSBot_Accounts.ini


< MD5 for: ATAPI.SYS >
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/05/07 12:12:10 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=47B6AAEC570F2C11D8BAD80A064D8ED1 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/04/18 21:52:05 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\NLDRV\001\iastor.sys

< MD5 for: NETLOGON.DLL >
[2009/02/06 19:37:59 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 19:37:59 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/14 13:00:00 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-12 12:40:42

< End of report >
This is the OTL.txt


i am very sorry cause i doubled posted and it wasnt allowed the message was too long

igotviruses

Unborn
Unborn

Posts : 4
Joined : 2011-01-13
Operating System : xp

View user profile

Back to top Go down

Re: i think i have a virus help plz and thank you

Post by Sneakyone on Sun 16 Jan 2011, 12:03 am

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-09
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: i think i have a virus help plz and thank you

Post by Sponsored content Today at 9:58 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum