Failed OTL Scan

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Failed OTL Scan

Post by Nightspawn on Mon 31 Oct 2011, 8:13 am

I downloaded OTL, copy and pasted the scan information into the custom scan, and hit "run scan." It begins and then immediately stops and the program terminates. I've been having the same problem with my antivirus software as well, they don't seem to be scanning. Before my antivirus stuff stopped working, I did discover that my computer is infected with a rootkit, and ADWARE/Gen. Any help would be appreciated.

Nightspawn

Newbie Surfer
Newbie Surfer

Posts : 35
Joined : 2011-10-31
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Failed OTL Scan

Post by Belahzur on Mon 31 Oct 2011, 12:30 pm

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Failed OTL Scan

Post by Nightspawn on Mon 31 Oct 2011, 5:13 pm

Ok, I ran rkill.com and I kept getting error messages. I tried what you said about running it with the error messages active and I got a notepad listing of this:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/31/2011 at 2:03:56.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\NightSpawn\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\NightSpawn\AppData\Local\Apps\2.0\4THZWA8A.3TJ\G9E2YK39.YLJ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
C:\Windows\System32\grpconv.exe


Rkill completed on 10/31/2011 at 2:03:57.


Yes, I tried running it a couple more times, and I'm still getting error messages. And I still cannot use OTL to do a scan. Any other suggestions. Also, thank you for your help so far. I do want you to know it is greatly appreciated.

Nightspawn

Newbie Surfer
Newbie Surfer

Posts : 35
Joined : 2011-10-31
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Failed OTL Scan

Post by Belahzur on Thu 03 Nov 2011, 12:46 pm

Were you able to run aswMBR?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Failed OTL Scan

Post by Nightspawn on Thu 03 Nov 2011, 10:31 pm

I downloaded aswMBR and ran it. It ran for about 5 seconds before it stopped running. THe desktop icon has become this generic icon like the one for OTL, and Rkill. When I attempt to run it now, I get a box that says: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Not sure what my next step is.

Nightspawn

Newbie Surfer
Newbie Surfer

Posts : 35
Joined : 2011-10-31
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Failed OTL Scan

Post by Belahzur on Sat 05 Nov 2011, 2:31 am


  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

    • Download Win32kDiag (Win32kDiag.exe) - #1
    • Download Win32kDiag (Win32kDiag.exe) - #2
    • Download Win32kDiag (Win32kDiag.exe) - #3

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


  • @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Sat 05 Nov 2011, 3:22 am

    Here's the scan as per your request.



    Running from: C:\Users\NightSpawn\Desktop\Win32kDiag.exe

    Log file at : C:\Users\NightSpawn\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\Windows'...



    Cannot access: C:\Windows\bthservsdp.dat

    [1] 2011-11-01 13:06:44 12 C:\Windows\bthservsdp.dat ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

    [1] 2011-11-01 22:07:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

    [1] 2011-11-01 13:16:52 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

    [1] 2011-11-01 22:07:55 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

    [1] 2011-11-01 22:07:53 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



    Cannot access: C:\Windows\System32\mrt.exe

    [1] 2011-10-21 23:11:39 48324552 C:\Windows\System32\mrt.exe ()

    [1] 2008-01-20 22:24:53 52696 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe (Microsoft Corporation)



    Cannot access: C:\Windows\Temp\~DF87D0.tmp

    [1] 2011-10-26 01:02:13 0 C:\Windows\Temp\~DF87D0.tmp ()



    Cannot access: C:\Windows\Temp\~DF89E9.tmp

    [1] 2011-10-26 01:02:02 16384 C:\Windows\Temp\~DF89E9.tmp ()



    Cannot access: C:\Windows\Temp\~DF9B62.tmp

    [1] 2011-10-26 01:02:02 16384 C:\Windows\Temp\~DF9B62.tmp ()



    Cannot access: C:\Windows\Temp\~DFAF80.tmp

    [1] 2011-10-26 01:02:02 16384 C:\Windows\Temp\~DFAF80.tmp ()





    Finished!


    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Tue 08 Nov 2011, 5:19 pm

    Bump.

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Wed 09 Nov 2011, 3:01 am

    I'm not experiencing another problem upon reboot. I have a program that begins running called Privacy Protection, that tells me my computer is infected with a W.32/BlasterWorm, and I manage to disable it, however, it tends to lock out my desktop icons afterwards. Any further help would this new additional problem would be appreciated. Thank you.

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Wed 09 Nov 2011, 6:22 am

    Disregard my last post, as I managed to manually find a way to remove the privacy protection .exe and have restored my desktop function. By using Rkill, I managed to stop the process, reboot into safe mode, conduct a scan, find the program and manually removed it. However, I'm still experiencing problems with my Antivirus software, it doesn't want to run complete scans, and something is interrupting it. I've posted the log you asked for, and awaiting further instructions as to what action(s) you'd like me to take next.

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Belahzur on Wed 09 Nov 2011, 12:00 pm

    Hello.

    Please download TDSSKiller from here and save it to your Desktop.

    • Doubleclick TDSSKiller.exe to run the tool
    • Click the Start Scan button
    • After the scan has finished, click the Close button
    • Click the Report button and copy/paste the contents of it into your next reply
    Note:It will also create a log in the C:\ directory.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Fri 11 Nov 2011, 8:16 pm

    I attempted to run TDSSKiller, but it wouldn't run. Now, all of my desktop icons have disappeared, and my desktop has gone black. When I reload, a BS program called System Restore attempts to run and scans for viruses. Rkill doesn't seem to be terminating the processes of said Malware.

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Sat 12 Nov 2011, 3:29 pm

    Ok, I've managed to restore my desktop to some level of functionality. Whatever this malware is, it is creating false copies of programs, and is preventing certain adminstrator functions of Vista. Rkill doesn't seem to always solve the problem with the active Malware programs, I'm not even sure what the problem is anymore. Whilst all I can do is make a general plea for assistance, I appreciate any recommendations moving forward. I have managed to get OTL to attempt to scan, but it freezes and locks up when it begins scanning modules. Don't know if this information is any help at all, but it is all I know. If you have any further questions please feel free to post them and I'll do my best to answer them with my limited knowledge. Sincerely, all my thanks for your efforts with my problem.

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Sun 13 Nov 2011, 7:57 am

    I finally manged to get OTL to scan. Here's the post:


    OTL logfile created on: 11/12/2011 3:42:07 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\NightSpawn\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19120)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 50.54% Memory free
    7.18 Gb Paging File | 5.61 Gb Available in Paging File | 78.04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 285.50 Gb Total Space | 168.32 Gb Free Space | 58.96% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.14 Gb Free Space | 51.39% Space Free | Partition Type: NTFS

    Computer Name: NIGHTSPAWN-PC | User Name: NightSpawn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/11 23:15:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\NightSpawn\Desktop\OTL.exe
    PRC - [2011/04/15 12:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/06/23 12:25:17 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2008/01/01 23:37:16 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    PRC - [2008/01/01 23:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2008/01/01 23:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2007/12/11 12:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2007/12/03 00:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
    PRC - [2007/11/01 19:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
    PRC - [2007/10/11 09:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
    PRC - [2007/09/24 04:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2007/09/24 04:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/09/24 04:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/09/24 04:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/16 02:40:12 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
    MOD - [2011/08/16 02:40:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
    MOD - [2011/08/16 02:23:51 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
    MOD - [2011/06/28 02:25:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
    MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2008/05/19 01:25:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
    MOD - [2007/11/26 10:46:10 | 000,324,936 | ---- | M] () -- c:\Program Files\McAfee\MSK\mcapbho.dll
    MOD - [2006/11/03 17:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2006/11/03 17:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/04/15 12:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/06/23 12:43:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/06/23 12:25:17 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2008/01/01 23:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2008/01/01 23:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/12/11 12:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
    SRV - [2007/11/07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2007/10/11 09:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
    SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)


    ========== Driver Services (SafeList) ==========

    DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008/01/01 23:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/12/03 00:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2007/12/03 00:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2007/09/24 04:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/08/23 18:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\datunidr.sys -- (datunidr)
    DRV - [2007/07/13 06:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2007/06/25 04:13:14 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2006/11/27 02:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/11/27 02:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/27 02:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/21 07:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
    DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


    [2011/06/08 23:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NightSpawn\AppData\Roaming\Mozilla\Extensions
    [2010/09/05 21:02:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\NightSpawn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Shop to Win 9) - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files\Shop to Win 9\ShoppingBHO.dll (Freecause Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
    O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
    O2 - BHO: (LivingPlay Text) - {4A0BA746-D4D6-41a6-81EF-413E52B5F8D6} - C:\Program Files\LivingPlay\lplaytl.dll File not found
    O2 - BHO: (LivingPlay) - {5BE1ED16-E6DD-4c4e-A596-6CFD5EE7C1EE} - C:\Program Files\LivingPlay\livingplaylib32.dll File not found
    O2 - BHO: (Facetheme) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files\Object\bho_project.dll (InternetEngine)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
    O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E87F34-34E8-433C-91B3-68FFDB7937FC}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: rpcnet - Service
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SafeBootNet: HelpSvc - Service
    SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SafeBootNet: Messenger - Service
    SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: rpcnet - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfPf - Driver
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Sun 13 Nov 2011, 7:57 am

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/12 03:50:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/11/12 03:01:13 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2011/11/11 23:14:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\NightSpawn\Desktop\OTL.exe
    [2011/11/10 11:16:03 | 000,000,000 | -H-D | C] -- C:\e
    [2011/11/08 23:29:31 | 000,000,000 | ---D | C] -- C:\Users\NightSpawn\AppData\Local\ElevatedDiagnostics
    [2011/11/08 22:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2011/11/08 20:35:32 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\NightSpawn\Desktop\tdsskiller.exe
    [2011/11/08 18:54:41 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\AppData\Roaming\RTXqjUCekBzNx0
    [2011/11/08 18:19:01 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\AppData\Roaming\fF3pnG5aQ6W7R9T
    [2011/11/08 17:43:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\bdddWKK7fRL9TX
    [2011/11/08 17:43:54 | 000,000,000 | -H-D | C] -- C:\hnGG55aQH
    [2011/11/08 17:43:50 | 000,000,000 | -H-D | C] -- C:\bWWKK7ffRLg
    [2011/11/08 12:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
    [2011/11/08 12:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2011/11/01 12:13:22 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\Documents\RKill
    [2011/10/27 22:38:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVAST Software
    [2011/10/27 21:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/10/25 23:55:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\STOPzilla!

    ========== Files - Modified Within 30 Days ==========

    [2011/11/12 15:39:42 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2011/11/12 15:33:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/12 14:03:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/12 14:03:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/12 03:51:12 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/12 03:51:11 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/11 23:15:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\NightSpawn\Desktop\OTL.exe
    [2011/11/11 11:55:58 | 000,032,483 | ---- | M] () -- C:\Windows\System32\Config.MPF
    [2011/11/11 11:54:41 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/11 03:58:40 | 000,001,356 | -H-- | M] () -- C:\Users\NightSpawn\AppData\Local\d3d9caps.dat
    [2011/11/11 03:48:34 | 000,000,408 | -H-- | M] () -- C:\ProgramData\VdbHm9Y4Q1mKtf
    [2011/11/11 03:47:34 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~VdbHm9Y4Q1mKtf
    [2011/11/11 03:47:33 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~VdbHm9Y4Q1mKtfr
    [2011/11/11 03:43:55 | 000,049,106 | -H-- | M] () -- C:\Users\NightSpawn\AppData\Roaming\nvModes.001
    [2011/11/10 11:43:20 | 000,049,106 | -H-- | M] () -- C:\Users\NightSpawn\AppData\Roaming\nvModes.dat
    [2011/11/08 22:57:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/11/08 20:44:19 | 032,160,136 | ---- | M] () -- C:\Users\NightSpawn\Desktop\WoW-4.0.0-WOW-enUS-Installer.exe
    [2011/11/08 20:36:07 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\NightSpawn\Desktop\tdsskiller.exe
    [2011/11/08 19:39:56 | 001,008,092 | ---- | M] () -- C:\Users\NightSpawn\Desktop\rkill.com
    [2011/11/08 18:48:54 | 000,000,001 | ---- | M] () -- C:\ProgramData\Y4mnMrHV.exe_.b
    [2011/11/08 18:48:54 | 000,000,001 | ---- | M] () -- C:\ProgramData\Y4mnMrHV.exe.b
    [2011/11/08 03:15:10 | 000,000,112 | ---- | M] () -- C:\ProgramData\rXKjxfx0.dat

    ========== Files Created - No Company Name ==========

    [2011/11/11 04:02:07 | 3756,044,288 | -HS- | C] () -- C:\hiberfil.sys
    [2011/11/11 03:47:33 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~VdbHm9Y4Q1mKtf
    [2011/11/11 03:47:33 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~VdbHm9Y4Q1mKtfr
    [2011/11/11 03:47:28 | 000,000,408 | -H-- | C] () -- C:\ProgramData\VdbHm9Y4Q1mKtf
    [2011/11/08 20:44:19 | 032,160,136 | ---- | C] () -- C:\Users\NightSpawn\Desktop\WoW-4.0.0-WOW-enUS-Installer.exe
    [2011/11/08 19:39:56 | 001,008,092 | ---- | C] () -- C:\Users\NightSpawn\Desktop\rkill.com
    [2011/11/08 18:48:54 | 000,000,001 | ---- | C] () -- C:\ProgramData\Y4mnMrHV.exe_.b
    [2011/11/08 18:48:54 | 000,000,001 | ---- | C] () -- C:\ProgramData\Y4mnMrHV.exe.b
    [2011/11/08 03:10:43 | 000,000,112 | ---- | C] () -- C:\ProgramData\rXKjxfx0.dat
    [2011/09/16 02:10:52 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2011/08/15 10:34:34 | 000,009,572 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\bfr5u4oop1cs102h1t0
    [2011/08/15 10:34:34 | 000,009,572 | -HS- | C] () -- C:\ProgramData\bfr5u4oop1cs102h1t0
    [2011/08/07 09:30:29 | 000,010,128 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\75pg32uc86hns2rqtr4c
    [2011/08/07 09:30:29 | 000,010,128 | -HS- | C] () -- C:\ProgramData\75pg32uc86hns2rqtr4c
    [2011/06/25 16:59:22 | 000,011,996 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\22500634ug8u87c8e64k6l3sf3v
    [2011/06/25 16:59:22 | 000,011,996 | -HS- | C] () -- C:\ProgramData\22500634ug8u87c8e64k6l3sf3v
    [2011/01/11 08:17:59 | 000,001,356 | -H-- | C] () -- C:\Users\NightSpawn\AppData\Local\d3d9caps.dat
    [2010/10/17 10:26:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/10/17 10:26:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/09/05 02:13:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010/09/03 23:23:45 | 000,049,106 | -H-- | C] () -- C:\Users\NightSpawn\AppData\Roaming\nvModes.001
    [2010/09/03 23:21:50 | 000,049,106 | -H-- | C] () -- C:\Users\NightSpawn\AppData\Roaming\nvModes.dat
    [2010/09/03 21:30:17 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/09/03 12:57:27 | 000,001,844 | -H-- | C] () -- C:\Users\NightSpawn\AppData\Roaming\install.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2008/06/23 15:02:15 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/06/23 12:36:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/06/23 12:28:39 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2008/06/23 12:28:39 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2008/06/23 12:28:09 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2008/06/23 12:25:48 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
    [2008/06/23 12:25:48 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
    [2008/06/23 12:25:48 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
    [2008/06/23 07:08:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2008/02/03 18:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,292,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== Custom Scans ==========


    < %APPDATA%\Microsoft\*.* >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/26 17:11:14 | 000,270,142 | ---- | M] () -- C:\Users\NightSpawn\Desktop\Minecraft.exe
    [2011/11/11 23:15:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\NightSpawn\Desktop\OTL.exe
    [2011/11/08 20:36:07 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\NightSpawn\Desktop\tdsskiller.exe
    [2011/11/08 20:44:19 | 032,160,136 | ---- | M] () -- C:\Users\NightSpawn\Desktop\WoW-4.0.0-WOW-enUS-Installer.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\winn32\*.* >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.exe >

    < %ProgramFiles%\TinyProxy. >

    < %systemroot%\system32\*.* /lockedfiles >
    [2011/11/12 14:03:30 | 000,003,616 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/12 14:03:30 | 000,003,616 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.* /lockedfiles >

    < %PROGRAMFILES%\*. >
    [2011/06/08 23:12:37 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
    [2008/06/23 12:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2008/06/23 12:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Install
    [2010/09/05 18:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2010/12/21 21:59:54 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
    [2008/06/23 12:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
    [2008/06/23 12:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
    [2008/06/23 12:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
    [2011/11/08 15:12:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2008/06/23 07:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
    [2008/06/23 12:27:57 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
    [2008/06/23 12:26:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
    [2008/06/23 12:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
    [2008/06/23 12:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
    [2008/06/23 12:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
    [2008/06/23 12:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
    [2008/06/23 12:37:36 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
    [2008/06/23 12:40:33 | 000,000,000 | ---D | M] -- C:\Program Files\DellAutomatedPCTuneUp
    [2008/06/23 15:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
    [2008/06/23 12:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
    [2008/06/23 12:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink Setup
    [2011/08/28 16:09:40 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
    [2011/10/27 21:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
    [2010/09/03 13:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2011/11/08 13:06:03 | 000,000,000 | ---D | M] -- C:\Program Files\GridinSoft Trojan Killer
    [2011/04/27 17:02:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2011/11/11 11:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2011/02/12 19:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
    [2011/02/12 19:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
    [2011/06/21 09:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2011/05/29 22:15:34 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Company
    [2010/09/04 21:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\LFLInstall
    [2010/10/18 07:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
    [2011/10/04 08:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
    [2008/06/23 12:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
    [2008/06/23 12:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
    [2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2008/06/23 12:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2011/11/08 22:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2008/06/23 12:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
    [2011/08/29 02:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2010/09/08 02:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2008/06/23 12:24:13 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
    [2010/12/08 21:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2008/06/23 12:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
    [2008/06/23 12:30:17 | 000,000,000 | ---D | M] -- C:\Program Files\NetZeroInstallers
    [2011/06/08 23:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Object
    [2011/11/08 19:16:25 | 000,000,000 | ---D | M] -- C:\Program Files\Oldgames
    [2010/12/21 22:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2011/06/29 23:42:28 | 000,000,000 | ---D | M] -- C:\Program Files\RosettaStoneLtdServices
    [2008/06/23 12:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
    [2011/11/08 19:16:25 | 000,000,000 | ---D | M] -- C:\Program Files\Shop to Win 9
    [2008/06/23 07:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
    [2011/04/27 16:47:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
    [2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2010/09/03 21:30:20 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
    [2011/01/31 20:11:42 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
    [2008/06/23 12:29:10 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
    [2010/12/08 21:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
    [2010/12/08 21:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
    [2010/12/08 21:49:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2010/12/08 21:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2011/09/16 02:11:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2010/12/08 21:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2010/12/08 21:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
    [2010/12/10 03:16:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2010/12/08 21:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2010/09/05 20:59:45 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


    < MD5 for: AGP440.SYS >
    [2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
    [2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
    [2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
    [2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
    [2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
    [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
    [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    [2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

    < MD5 for: DISK.SYS >
    [2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
    [2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
    [2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
    [2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
    [2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
    [2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

    < MD5 for: IASTOR.SYS >
    [2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
    [2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
    [2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
    [2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

    < MD5 for: NETLOGON.DLL >
    [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
    [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
    [2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
    [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
    [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
    [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-12 08:55:12

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

    < End of report >

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Sun 13 Nov 2011, 8:09 am

    OTL Extras logfile created on: 11/12/2011 3:42:07 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\NightSpawn\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19120)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 50.54% Memory free
    7.18 Gb Paging File | 5.61 Gb Available in Paging File | 78.04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 285.50 Gb Total Space | 168.32 Gb Free Space | 58.96% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.14 Gb Free Space | 51.39% Space Free | Partition Type: NTFS

    Computer Name: NIGHTSPAWN-PC | User Name: NightSpawn | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{166EA3D9-5B7D-4773-BE4F-44827C19C440}" = lport=139 | protocol=6 | dir=in | app=system |
    "{1954E6B6-6992-4351-A2EF-5B79D13905EC}" = rport=139 | protocol=6 | dir=out | app=system |
    "{282FD8D0-7EEF-4104-97F9-CFFD792E1FE6}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2A94369A-0809-4797-994A-8CDC31B1123B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{3C46886B-0523-4E0F-9A24-B3DE572C6828}" = rport=445 | protocol=6 | dir=out | app=system |
    "{7ED2C593-B94B-401C-9BB0-1E094D88C5B1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{888F71E6-8FE6-4629-A272-A0EDA36A4B41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A3A99473-C909-4437-AC7B-94F22AFEEB35}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E2BE2DD1-47A4-43B7-AF5D-7B1F839D5AE2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F3AED853-4191-477C-8F32-60CCDE590D64}" = lport=137 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00AA3A53-FD29-42F1-9875-63830FC13DFB}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{08CF8FB2-2412-4DAB-8AB6-325036F7391D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1D90D81B-C771-469D-BE41-6673D9E77E82}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{1EE6F427-0FFD-4487-8808-7FDEDC4C5B2B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{315BCF02-79AD-4BE8-B15C-564BC51FE31A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{32243DE9-92C1-49F6-A63D-EB37859B0C2E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{38AE0C72-7DCB-4D8A-8A91-20474D6BFFE5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{41770299-9FCE-4E83-965D-44A4308841B2}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{421DE393-9D68-4993-A98D-ECE7194AC8F8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6DEFE6F9-4758-420B-A760-BAB51698D4ED}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{75FFB968-CA7F-4C70-9D8A-3B789A63280C}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
    "{775CFE70-0AAA-42D5-A20E-9C2A7A786933}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{80517C28-F7D7-4C04-90A0-376C5F929AC2}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{817EEE49-2561-4390-A8EE-A9EB4DDCB410}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
    "{91912682-0F83-48B9-A27B-2C9F2655120F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{AA9ECFAE-8801-4C55-A662-A78FAB797E76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{B27A4B01-ACD0-4F52-A738-A78C508B62A0}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
    "{D3B41CCA-E3F8-4DFF-96DB-A5BCDABC2238}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{E0CA940F-0337-4799-89AA-ADF1D1F84724}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E6B32CF4-5FFD-4BA4-B339-8A55AEC76ABF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{F27E6BF5-1F84-4DC4-BD80-B6B305245221}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{FA23CD31-5AEF-4F00-BD13-55544B605E4E}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
    "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
    "{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter and the Order of the Phoenix™
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
    "{FFF186B6-4D02-4D8D-A776-C43E062E01A9}" = Rosetta Stone Ltd Services
    "7-Zip" = 7-Zip 4.65
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "facetheme" = Facetheme
    "GoToAssist" = GoToAssist 8.0.0.514
    "LimeWire" = LimeWire 5.5.16
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MightandMagicWorldofXeen66" = DJ OldGames Package: World of Xeen
    "MSC" = McAfee SecurityCenter
    "New LEGO Digital Designer" = LEGO Digital Designer
    "NVIDIA Drivers" = NVIDIA Drivers
    "Shop to Win 9" = Shop to Win 9
    "Warcraft III" = Warcraft III
    "World of Warcraft" = World of Warcraft
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/12/2011 7:03:10 AM | Computer Name = NightSpawn-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3506591

    Error - 11/12/2011 1:03:32 PM | Computer Name = NightSpawn-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/12/2011 1:03:32 PM | Computer Name = NightSpawn-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 25129265

    Error - 11/12/2011 1:03:32 PM | Computer Name = NightSpawn-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 25129265

    Error - 11/12/2011 1:20:17 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
    0x4e2a9406, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
    exception code 0xc0000005, fault offset 0x00066579, process id 0x1c7c, application
    start time 0x01cca15ed36d1180.

    Error - 11/12/2011 1:22:57 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
    0x4e2a9406, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
    exception code 0xc0000005, fault offset 0x00066579, process id 0x1a2c, application
    start time 0x01cca15f61cc1700.

    Error - 11/12/2011 1:44:34 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
    0x4e2a9406, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
    exception code 0xc0000005, fault offset 0x00066579, process id 0x19ec, application
    start time 0x01cca1617eaa6e60.

    Error - 11/12/2011 1:55:36 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
    0x4e2a9406, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
    exception code 0xc0000005, fault offset 0x0003dae0, process id 0x1c88, application
    start time 0x01cca162c1305960.

    Error - 11/12/2011 2:27:20 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
    0x4e2a9406, faulting module mshtml.dll, version 8.0.6001.19120, time stamp 0x4e2aaa35,
    exception code 0xc0000005, fault offset 0x000da88f, process id 0x4e4, application
    start time 0x01cca168617af2e0.

    Error - 11/12/2011 4:41:50 PM | Computer Name = NightSpawn-PC | Source = Application Hang | ID = 1002
    Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1548 Start Time: 01cca17b72597380 Termination Time: 0

    [ System Events ]
    Error - 11/12/2011 4:33:42 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/12/2011 4:33:43 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/12/2011 4:33:44 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/12/2011 4:33:45 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/12/2011 4:33:46 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/12/2011 4:33:50 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/12/2011 4:33:52 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/12/2011 4:33:53 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/12/2011 4:33:54 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/12/2011 4:33:55 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Belahzur on Mon 14 Nov 2011, 11:18 am

    Hello.

    Please run OTL.exe.

    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


      :OTL
      [2011/11/08 18:54:41 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\AppData\Roaming\RTXqjUCekBzNx0
      [2011/11/08 18:19:01 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\AppData\Roaming\fF3pnG5aQ6W7R9T
      [2011/11/08 17:43:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\bdddWKK7fRL9TX
      [2011/11/08 17:43:54 | 000,000,000 | -H-D | C] -- C:\hnGG55aQH
      [2011/11/08 17:43:50 | 000,000,000 | -H-D | C] -- C:\bWWKK7ffRLg
      [2011/11/11 03:48:34 | 000,000,408 | -H-- | M] () -- C:\ProgramData\VdbHm9Y4Q1mKtf
      [2011/11/11 03:47:34 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~VdbHm9Y4Q1mKtf
      [2011/11/11 03:47:33 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~VdbHm9Y4Q1mKtfr
      [2011/11/08 18:48:54 | 000,000,001 | ---- | M] () -- C:\ProgramData\Y4mnMrHV.exe_.b
      [2011/11/08 18:48:54 | 000,000,001 | ---- | M] () -- C:\ProgramData\Y4mnMrHV.exe.b
      [2011/11/08 03:15:10 | 000,000,112 | ---- | M] () -- C:\ProgramData\rXKjxfx0.dat
      [2011/08/15 10:34:34 | 000,009,572 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\bfr5u4oop1cs102h1t0
      [2011/08/15 10:34:34 | 000,009,572 | -HS- | C] () -- C:\ProgramData\bfr5u4oop1cs102h1t0
      [2011/08/07 09:30:29 | 000,010,128 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\75pg32uc86hns2rqtr4c
      [2011/08/07 09:30:29 | 000,010,128 | -HS- | C] () -- C:\ProgramData\75pg32uc86hns2rqtr4c
      [2011/06/25 16:59:22 | 000,011,996 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\22500634ug8u87c8e64k6l3sf3v
      [2011/06/25 16:59:22 | 000,011,996 | -HS- | C] () -- C:\ProgramData\22500634ug8u87c8e64k6l3sf3v


    • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Mon 14 Nov 2011, 4:54 pm

    ========== OTL ==========
    C:\Users\NightSpawn\AppData\Roaming\RTXqjUCekBzNx0 folder moved successfully.
    C:\Users\NightSpawn\AppData\Roaming\fF3pnG5aQ6W7R9T folder moved successfully.
    C:\Windows\System32\bdddWKK7fRL9TX folder moved successfully.
    C:\hnGG55aQH folder moved successfully.
    C:\bWWKK7ffRLg folder moved successfully.
    C:\ProgramData\VdbHm9Y4Q1mKtf moved successfully.
    C:\ProgramData\~VdbHm9Y4Q1mKtf moved successfully.
    C:\ProgramData\~VdbHm9Y4Q1mKtfr moved successfully.
    C:\ProgramData\Y4mnMrHV.exe_.b moved successfully.
    C:\ProgramData\Y4mnMrHV.exe.b moved successfully.
    C:\ProgramData\rXKjxfx0.dat moved successfully.
    C:\Users\NightSpawn\AppData\Local\bfr5u4oop1cs102h1t0 moved successfully.
    C:\ProgramData\bfr5u4oop1cs102h1t0 moved successfully.
    C:\Users\NightSpawn\AppData\Local\75pg32uc86hns2rqtr4c moved successfully.
    C:\ProgramData\75pg32uc86hns2rqtr4c moved successfully.
    C:\Users\NightSpawn\AppData\Local\22500634ug8u87c8e64k6l3sf3v moved successfully.
    C:\ProgramData\22500634ug8u87c8e64k6l3sf3v moved successfully.

    OTL by OldTimer - Version 3.2.31.0 log created on 11142011_005355

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Belahzur on Tue 15 Nov 2011, 9:56 am

    Hello.

    Please download ComboFix from BleepingComputer.com

    Alternate link: GeeksToGo.com


    Rename ComboFix.exe to commy.exe before you save it to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
    • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Wed 16 Nov 2011, 10:23 am

    ComboFix 11-11-14.03 - NightSpawn 11/15/2011 6:54.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2801 [GMT -5:00]
    Running from: c:\users\NightSpawn\Desktop\ComboFix.exe
    AV: McAfee VirusScan *Disabled/Updated* {2A28CCAF-2E53-0F80-A82C-9572D1C24D8C}
    FW: McAfee Personal Firewall *Disabled* {12134D8A-643C-0ED8-8373-3C472F110AF7}
    SP: McAfee VirusScan *Disabled/Updated* {91492D4B-0869-000E-929C-AE00AA450731}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\program files\LP
    c:\program files\LP\4CE1\FE1.exe
    c:\program files\Object
    c:\program files\Object\bho_project.dll
    c:\program files\Object\ChromeAddon.pem
    c:\program files\Object\chromeaddon\._included.js
    c:\program files\Object\chromeaddon\background.html
    c:\program files\Object\chromeaddon\included.js
    c:\program files\Object\chromeaddon\manifest.json
    c:\program files\Object\config.ini
    c:\program files\Object\facetheme_uninstall.exe
    c:\program files\Object\status.txt
    c:\program files\Object\status2.txt
    c:\programdata\LoJackNotifier.txt
    c:\programdata\ntuser.dat
    c:\users\NightSpawn\AppData\Roaming\iexplore.exe
    c:\users\NightSpawn\AppData\Roaming\Install.dat
    c:\users\NightSpawn\AppData\Roaming\Microsoft\4CE1\FE1.exe
    c:\windows\$NtUninstallKB27470$
    c:\windows\$NtUninstallKB27470$\3514210862
    c:\windows\System32\config\systemprofile\AppData\Local\3beeaf5f
    c:\windows\System32\config\systemprofile\AppData\Local\3beeaf5f\@
    c:\windows\system32\config\systemprofile\AppData\Local\3beeaf5f\X
    c:\windows\system32\config\systemprofile\AppData\Local\6Nxsyk.com
    c:\windows\Tasks\At1.job
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-15 19:24 . 2011-11-15 19:34 -------- d-----w- c:\users\NightSpawn\AppData\Local\temp
    2011-11-15 19:24 . 2011-11-15 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-14 05:55 . 2011-11-14 05:55 98816 ----a-w- c:\users\NightSpawn\AppData\Roaming\Microsoft\4CE1\437E.tmp
    2011-11-14 05:55 . 2011-11-14 05:55 -------- d-----w- c:\users\NightSpawn\AppData\Roaming\A1939
    2011-11-14 05:54 . 2011-11-14 05:55 -------- d-----w- c:\users\NightSpawn\AppData\Roaming\106A1
    2011-11-14 05:53 . 2011-11-14 05:53 -------- d-----w- C:\_OTL
    2011-11-12 08:01 . 2011-11-12 08:01 -------- d-----w- c:\windows\CheckSur
    2011-11-11 17:11 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-11 17:09 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-10 16:16 . 2011-11-10 16:16 -------- d-----w- C:\e
    2011-11-09 04:29 . 2011-11-09 04:29 -------- d-----w- c:\users\NightSpawn\AppData\Local\ElevatedDiagnostics
    2011-11-08 17:21 . 2011-11-08 18:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer
    2011-10-28 03:38 . 2011-10-30 17:41 -------- d--h--w- c:\programdata\AVAST Software
    2011-10-28 02:51 . 2011-10-28 02:51 -------- d-----w- c:\program files\ESET
    2011-10-26 04:55 . 2011-10-30 17:45 -------- d--h--w- c:\programdata\STOPzilla!
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-13 22:28 . 2011-08-22 16:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2011-09-30 11081728]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
    .
    [HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2011-01-21 1389880]
    .
    [HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
    [HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YToolbarBand]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]
    "VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "MRT"="c:\windows\system32\MRT.exe" [2011-10-28 50295240]
    .
    c:\users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-9-3 0]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - [N/A]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-23 50688]
    QuickSet.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-06-23 17:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-143357251-2404659723-3031534349-1001]
    "EnableNotificationsRef"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
    S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-04-15 1646056]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
    .
    2011-07-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = [You must be registered and logged in to see this link.]
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:63899
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    HKCU-Run-FE1.exe - c:\users\NightSpawn\AppData\Roaming\Microsoft\4CE1\FE1.exe
    HKLM-Run-FE1.exe - c:\program files\LP\4CE1\FE1.exe
    SafeBoot-rpcnet
    AddRemove-facetheme - c:\program files\Object\facetheme_uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
    Rootkit scan 2011-11-15 14:32
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5584)
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\McAfee\MSK\MskSrver.exe
    c:\windows\system32\STacSV.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\System32\rundll32.exe
    c:\windows\System32\rundll32.exe
    c:\windows\System32\rundll32.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\progra~1\mcafee\msc\mcuimgr.exe
    c:\windows\system32\wermgr.exe
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\WerFault.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-15 14:53:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-15 19:52
    .
    Pre-Run: 180,095,315,968 bytes free
    Post-Run: 179,947,458,560 bytes free
    .
    - - End Of File - - 4161ED8C13CE378C8366016CD231C62A

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Thu 17 Nov 2011, 8:16 am

    After combofix completed and my computer rebooted, my desktop reloaded incomplete, my background had been changed, and all my desktop shortcuts removed. When the computer boots up, it tries to load the windows repair mode, but it brings up a login screen and doesn't recognize my user name or password, and refers to both as failed domains. Any suggestions?

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Belahzur on Thu 17 Nov 2011, 8:58 am

    Hello.
    We'll worry about the Desktop soon, first there is more malware that has to go.


    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Open notepad and copy/paste the text in the quotebox below into it:
      Code:

      Folder::
      c:\users\NightSpawn\AppData\Roaming\A1939
      c:\users\NightSpawn\AppData\Roaming\106A1

      FileLook::
      c:\windows\system32\drivers\tcpip.sys
      c:\program files\Common Files\System\wab32.dll

      DirLook::
      C:\e

      DDS::
      uInternet Settings,ProxyOverride = *.local
      uInternet Settings,ProxyServer = http=127.0.0.1:63899
    4. Save this as CFScript.txt, in the same location as ComboFix.exe



    5. Referring to the picture above, drag CFScript into ComboFix.exe
    6. When finished, it shall produce a log for you at C:\ComboFix.txt
    7. Please post the contents of the log in your next reply.


    @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


    Belahzur

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 34917
    Joined : 2008-08-04
    Operating System : XP SP3 Media Centre

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Thu 17 Nov 2011, 11:40 am

    ComboFix 11-11-16.01 - NightSpawn 11/16/2011 18:33:05.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2452 [GMT -5:00]
    Running from: c:\users\NightSpawn\Desktop\ComboFix.exe
    Command switches used :: c:\users\NightSpawn\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\dYIajiwXVoeuA.exe
    c:\programdata\oVGuSZrJARtdIO.exe
    c:\users\NightSpawn\AppData\Roaming\106A1
    c:\users\NightSpawn\AppData\Roaming\106A1\1939.06A
    c:\users\NightSpawn\AppData\Roaming\106A1\DE94C.exe
    c:\users\NightSpawn\AppData\Roaming\A1939
    c:\users\NightSpawn\AppData\Roaming\A1939\lvvm.exe
    c:\users\NightSpawn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    c:\users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
    c:\users\NightSpawn\Desktop\System Fix.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-17 00:11 . 2011-11-17 00:12 -------- d-----w- c:\users\NightSpawn\AppData\Local\temp
    2011-11-17 00:11 . 2011-11-17 00:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-11-17 00:11 . 2011-11-17 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-14 05:55 . 2011-11-14 05:55 98816 ---ha-w- c:\users\NightSpawn\AppData\Roaming\Microsoft\4CE1\437E.tmp
    2011-11-14 05:53 . 2011-11-14 05:53 -------- d-----w- C:\_OTL
    2011-11-12 08:01 . 2011-11-12 08:01 -------- d-----w- c:\windows\CheckSur
    2011-11-11 17:11 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-11 17:09 . 2011-09-30 15:57 707584 ---ha-w- c:\program files\Common Files\System\wab32.dll
    2011-11-10 16:16 . 2011-11-10 16:16 -------- d-----w- C:\e
    2011-11-09 04:29 . 2011-11-09 04:29 -------- d-----w- c:\users\NightSpawn\AppData\Local\ElevatedDiagnostics
    2011-11-08 17:21 . 2011-11-08 18:06 -------- d--h--w- c:\program files\GridinSoft Trojan Killer
    2011-10-28 03:38 . 2011-10-30 17:41 -------- d--h--w- c:\programdata\AVAST Software
    2011-10-28 02:51 . 2011-10-28 02:51 -------- d--h--w- c:\program files\ESET
    2011-10-26 04:55 . 2011-10-30 17:45 -------- d--h--w- c:\programdata\STOPzilla!
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-13 22:28 . 2011-08-22 16:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\program files\Common Files\System\wab32.dll ---
    Company: Microsoft Corporation
    File Description: Microsoft (R) Contacts DLL
    File Version: 6.0.6002.18521 (vistasp2_gdr.110930-0337)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: WAB32.DLL
    File size: 707584
    Created time: 2011-11-11 17:09
    Modified time: 2011-09-30 15:57
    MD5: F101C848A95FDC6474A66A9D395EAAEB
    SHA1: 38EE5E6D0237B99CD368E4C7451DA6BEFB7D2176
    .
    .
    --- c:\windows\system32\drivers\tcpip.sys ---
    Company: Microsoft Corporation
    File Description: TCP/IP Driver
    File Version: 6.0.6002.18519 (vistasp2_gdr.110920-0346)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: tcpip.sys
    File size: 905088
    Created time: 2011-11-11 17:11
    Modified time: 2011-09-20 21:02
    MD5: 814A1C66FBD4E1B310A517221F1456BF
    SHA1: 5F7B2C07950E57D30C48C84AE37CB39F6D0298A4
    .
    ---- Directory of C:\e ----
    .
    2011-11-10 16:16 . 2011-11-10 16:16 163 ---ha-w- c:\e\ecap_s0.png
    2011-11-10 16:16 . 2011-11-10 16:16 666 ---ha-w- c:\e\sset_02_s1.png
    2011-11-10 16:16 . 2011-11-10 16:16 161 ---ha-w- c:\e\add_grp.png
    2011-11-10 16:16 . 2011-11-10 16:16 139 ---ha-w- c:\e\ecap_s1_h.png
    2011-11-10 16:16 . 2011-11-10 16:16 168 ---ha-w- c:\e\ecap_s1.png
    2011-11-10 16:16 . 2011-11-10 16:16 140 ---ha-w- c:\e\ecap_s0_h.png
    2011-11-10 16:16 . 2011-11-10 16:16 194 ---ha-w- c:\e\add_grp_h.png
    2011-11-10 16:16 . 2011-11-10 16:16 598 ---ha-w- c:\e\sset_02_s0.png
    2011-11-10 16:16 . 2011-11-10 16:16 425 ---ha-w- c:\e\ybang_200908276_h.png
    2011-11-10 16:16 . 2011-11-10 16:16 768 ---ha-w- c:\e\ebay27_spc.png
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
    2011-06-09 04:11 682496 ---ha-w- c:\program files\Shop to Win 9\ShoppingBHO.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]
    "VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "MRT"="c:\windows\system32\MRT.exe" [2011-10-28 50295240]
    .
    c:\users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-9-3 0]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - [N/A]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-23 50688]
    QuickSet.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-06-23 17:43 10536 ---ha-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-143357251-2404659723-3031534349-1001]
    "EnableNotificationsRef"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
    S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-04-15 1646056]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
    .
    2011-07-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = [You must be registered and logged in to see this link.]
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    .
    Supplementary scan did not complete!
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-dYIajiwXVoeuA.exe - c:\programdata\dYIajiwXVoeuA.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
    Rootkit scan 2011-11-16 19:12
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-11-16 19:30:53
    ComboFix-quarantined-files.txt 2011-11-17 00:30
    ComboFix2.txt 2011-11-15 19:53
    .
    Pre-Run: 183,169,159,168 bytes free
    Post-Run: 182,763,372,544 bytes free
    .
    - - End Of File - - B977B3287C1D8BED00AA6B9590C4B0FA

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Sat 19 Nov 2011, 3:18 pm

    Ok, the privacy protection thing is back, and it is preventing the use of Rkill or the other decoy Rkill(s). It's telling me everything I attempt to run is infected by W/32 Blaster worm, and it preventing anything from running. Also, I'm noticing that I'm hearing audio for stuff, and I have nothing open or running at the time. Its kind of unnerving. It'll run for a bit, and then cut out. Any suggestions? Thanks much in advance.

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Nightspawn on Sun 20 Nov 2011, 6:41 am

    Bump.

    Nightspawn

    Newbie Surfer
    Newbie Surfer

    Posts : 35
    Joined : 2011-10-31
    Operating System : Windows Vista Home Premium

    View user profile

    Back to top Go down

    Re: Failed OTL Scan

    Post by Sponsored content Today at 4:16 pm


    Sponsored content


    Back to top Go down

    Page 1 of 2 1, 2  Next

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum