Jump to content

Build Theme!
  •  

Photo

Malware infection. Computer is messed up


  • This topic is locked This topic is locked
11 replies to this topic

#1 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 02 January 2011 - 10:03 PM

Just prior to moving residence. I clicked on a link knowing that I should not have and was hit with a virus...dayam!!!!!! I tried to remove it but it lingers to this day. It now has effected my ability to use this computer at all. It has changed it's resolution and now it won't even recognise the NEC monitor, but rather a generic Plug and play.
I have followed Tate's Instruction and downloaded OTL. Here is the 2 files it popped out with at the end.

Hope you guys can make sense of it.

OTL logfile created on: 1/2/2011 8:45:43 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\RITTERBY\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.78 Gb Total Space | 45.62 Gb Free Space | 44.82% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.94 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

Computer Name: RITTERBY7897 | User Name: RITTERBY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\RITTERBY\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Extensis\Suitcase Fusion 2\FMCore.exe (Extensis a division of Celartem, Inc.)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\WINDOWS\Dit.exe ()
PRC - C:\WINDOWS\DitExp.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\RITTERBY\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (ASTSRV) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)


========== Driver Services (SafeList) ==========

DRV - (nvport) -- C:\WINDOWS\System32\Drivers\nvport.sys File not found
DRV - (NDSPCIIO) -- C:\WINDOWS\System32\DRIVERS\NDSPCIIO.SYS File not found
DRV - (GMSIPCI) -- I:\INSTALL\GMSIPCI.SYS File not found
DRV - (DumaNT) -- C:\WINDOWS\System32\DRIVERS\dumant.sys File not found
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys (Your Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)
DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys ()
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (easdrv) -- C:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (SiSide) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (Intels51) -- C:\WINDOWS\system32\drivers\ctxs51.sys (Intel Corporation)
DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msnbc.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/02 00:38:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/07 17:39:43 | 000,000,000 | ---D | M]

[2010/06/02 00:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RITTERBY\Application Data\Mozilla\Extensions
[2010/03/26 00:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RITTERBY\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/23 01:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RITTERBY\Application Data\Mozilla\Firefox\Profiles\q5txateh.default\extensions
[2010/09/22 14:39:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\RITTERBY\Application Data\Mozilla\Firefox\Profiles\q5txateh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/01 02:02:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\RITTERBY\Application Data\Mozilla\Firefox\Profiles\q5txateh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/22 14:39:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\RITTERBY\Application Data\Mozilla\Firefox\Profiles\q5txateh.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/09/22 14:41:09 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\RITTERBY\Application Data\Mozilla\Firefox\Profiles\q5txateh.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/11/30 23:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/30 23:32:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/30 23:32:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/30 23:32:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SW20] C:\WINDOWS\system32\sw20.exe ()
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe ()
O4 - HKCU..\Run: [FMCore.exe] C:\Program Files\Extensis\Suitcase Fusion 2\FMCore.exe (Extensis a division of Celartem, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1269056712373 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1269056700154 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\RITTERBY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\RITTERBY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/19 18:40:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/02 20:43:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RITTERBY\Desktop\OTL.exe
[2010/12/29 14:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RITTERBY\Start Menu\Programs\FormatFactory
[2010/12/23 16:39:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/12/20 12:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RITTERBY\Desktop\Various
[2010/12/18 20:25:52 | 014,532,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010/12/18 20:25:52 | 004,882,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010/12/18 20:25:52 | 002,932,840 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/12/18 20:25:52 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/12/18 20:25:52 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2010/12/18 20:25:52 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2010/12/18 20:25:52 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/12/18 20:25:50 | 013,012,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/12/18 20:25:50 | 001,462,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010/12/14 16:24:35 | 000,000,000 | ---D | C] -- C:\6df862ed4c0338a4f8c4c69cd1ad
[2010/12/14 15:05:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/14 15:04:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/12 12:32:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\RITTERBY\Recent
[2010/12/10 13:52:46 | 000,000,000 | ---D | C] -- C:\FKRMonitor
[2010/03/26 22:59:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\RITTERBY\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/02 20:43:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RITTERBY\Desktop\OTL.exe
[2011/01/02 20:16:30 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2011/01/01 00:35:14 | 007,043,739 | ---- | M] () -- C:\Documents and Settings\RITTERBY\Desktop\Titanic_Walkthrough.pdf
[2010/12/31 10:51:08 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2010/12/31 10:50:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/31 10:50:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/28 13:29:43 | 000,015,124 | ---- | M] () -- C:\Documents and Settings\RITTERBY\Desktop\Demand Letter 122810.docx
[2010/12/24 21:00:40 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/24 21:00:40 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/24 21:00:32 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/24 21:00:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/18 20:46:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/16 07:30:55 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\RITTERBY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/14 23:46:28 | 001,630,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/14 16:44:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/12 21:57:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/01 00:35:14 | 007,043,739 | ---- | C] () -- C:\Documents and Settings\RITTERBY\Desktop\Titanic_Walkthrough.pdf
[2010/12/28 10:49:18 | 000,015,124 | ---- | C] () -- C:\Documents and Settings\RITTERBY\Desktop\Demand Letter 122810.docx
[2010/12/24 21:00:40 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/24 21:00:32 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/24 21:00:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/24 21:00:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/18 20:25:52 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/12/18 20:25:52 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/12/14 16:24:29 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/12 21:57:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/03 22:30:55 | 000,555,624 | ---- | C] () -- C:\WINDOWS\nvShell.dll
[2010/06/03 00:51:48 | 000,268,912 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2010/05/23 16:18:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/23 16:16:43 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX595.ini
[2010/04/19 15:09:18 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\RITTERBY\Application Data\setup_ldm.iss
[2010/03/26 23:00:25 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\RITTERBY\Application Data\vso_ts_preview.xml
[2010/03/26 22:59:33 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\RITTERBY\Application Data\pcouffin.log
[2010/03/26 22:59:25 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\RITTERBY\Application Data\inst.exe
[2010/03/26 22:59:25 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\RITTERBY\Application Data\pcouffin.cat
[2010/03/26 22:59:25 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\RITTERBY\Application Data\pcouffin.inf
[2010/03/26 13:57:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/03/26 13:57:29 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/26 13:57:29 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/26 13:57:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/26 13:50:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/26 00:46:36 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/26 00:44:36 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010/03/24 18:18:25 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/03/22 01:38:43 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/22 01:38:42 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/22 01:38:42 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/22 01:38:40 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/21 23:31:20 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2010/03/20 03:11:39 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/20 02:51:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/03/20 00:55:01 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\RITTERBY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/20 00:17:58 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010/03/19 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2010/03/19 21:35:40 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2010/03/19 21:35:40 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2010/03/19 21:29:17 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2010/03/19 21:29:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2010/03/19 21:27:01 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2010/03/19 10:11:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 15:07:42 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2001/08/23 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2001/08/23 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2001/08/23 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2001/08/23 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2001/08/23 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\c5jjahb.dll
[2001/08/23 05:00:00 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\ntnf2c7.dll
[2001/08/23 05:00:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2001/08/23 05:00:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2001/08/23 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ytpgf0h.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/05/23 16:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/03/19 20:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/08/30 04:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensis
[2010/03/26 00:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2010/03/26 02:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/06/03 00:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/03/20 00:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/26 01:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2010/03/27 07:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/03/20 00:20:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/26 02:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\Alien Skin
[2010/03/26 22:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\avidemux
[2010/08/01 20:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\BitComet
[2010/03/24 02:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\CoreFTP
[2010/05/23 16:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\EPSON
[2010/03/19 20:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\ESET
[2010/03/26 00:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\Extensis
[2011/01/02 20:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\FKRMonitor
[2010/06/12 01:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\ImgBurn
[2010/09/24 13:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\Individual Software
[2010/04/19 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\Leadertech
[2010/12/29 14:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\LimeWire
[2010/05/12 23:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\Nik Software
[2010/03/26 02:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\onOne Software
[2010/03/20 00:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\TuneUp Software
[2010/04/24 15:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\Vso
[2010/03/20 00:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\Windows Desktop Search
[2010/03/24 22:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RITTERBY\Application Data\Windows Search
[2011/01/02 20:16:30 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic troubleshooting.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/19 18:40:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/31 10:51:08 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2010/06/13 13:12:50 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2010/03/19 18:40:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/19 18:40:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/19 18:40:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/03/19 21:11:09 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/19 22:37:37 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/31 10:50:30 | 2146,942,976 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/03/19 18:40:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/19 10:09:38 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/19 10:09:38 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/19 10:09:37 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/19 22:40:32 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/19 22:45:23 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\RITTERBY\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/21 22:22:24 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\RITTERBY\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/02 20:43:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RITTERBY\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-19 21:35:23

< >

< >

< End of report >


OTL Extras logfile created on: 1/2/2011 8:45:43 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\RITTERBY\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.78 Gb Total Space | 45.62 Gb Free Space | 44.82% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.94 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

Computer Name: RITTERBY7897 | User Name: RITTERBY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"18143:TCP" = 18143:TCP:*:Enabled:BitComet 18143 TCP
"18143:UDP" = 18143:UDP:*:Enabled:BitComet 18143 UDP
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58E05C78-4785-443D-8A1B-CBFF49C2A84E}" = ESET Smart Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{634033F4-3E94-4F5E-B3E4-3928A46A78D7}_is1" = ConvertXtoDVD 4 english manual
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C723788-585C-4537-92AC-CF616209197C}" = PhotoTune 2
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 2.0 Professional Edition
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0CBBB2C-57FE-40BF-8816-44E3AC6BD2D6}" = ResumeMaker Professional
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB8BD91F-DC90-4770-AE33-8AA6AA2E691B}" = Extensis Suitcase Fusion 2
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 8 Professional_825" = Adobe Acrobat 8.2.5 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"BitComet" = BitComet 1.19
"CCleaner" = CCleaner
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"Core FTP LE 2.1" = Core FTP LE 2.1
"Dfine 2.0" = Dfine 2.0
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Eye Candy 6" = Alien Skin Eye Candy 6
"FileHippo.com" = FileHippo.com Update Checker
"FormatFactory" = FormatFactory 2.60
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"LimeWire" = LimeWire PRO 5.3.6
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"nLite_is1" = nLite 1.4.9.1
"PowerISO" = PowerISO
"RocketDock_is1" = RocketDock 1.3.5
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Silent Package Run-Time Sample" = EPSON RX595 User's Guide
"Silver Efex Pro" = Silver Efex Pro
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SiteGrinder2" = Media Lab SiteGrinder 2 (Basic & Pro)
"SP6" = Logitech SetPoint 6.0
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"SystemRequirementsLab" = System Requirements Lab
"TuneUp Utilities" = TuneUp Utilities
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.9.0
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.10
"Viveza" = Viveza
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2010 5:04:57 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.22960, fault address 0x00014c99.

Error - 12/12/2010 5:05:50 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.22960, fault address 0x00014b86.

Error - 12/12/2010 5:08:56 PM | Computer Name = RITTERBY7897 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2010 5:08:57 PM | Computer Name = RITTERBY7897 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/12/2010 6:22:02 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10j.ocx, version 10.2.161.23, fault address 0x000b88a1.

Error - 12/12/2010 6:22:08 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1001
Description = Fault bucket -2106562440.

Error - 12/13/2010 3:27:46 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/14/2010 1:18:28 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module uxtheme.dll, version 6.0.2900.5512, fault address 0x00002524.

Error - 12/14/2010 1:18:35 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/14/2010 1:19:41 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
schannel.dll, version 5.1.2600.6006, fault address 0x0000d265.

[ Application Events ]
Error - 12/12/2010 5:04:57 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.22960, fault address 0x00014c99.

Error - 12/12/2010 5:05:50 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.22960, fault address 0x00014b86.

Error - 12/12/2010 5:08:56 PM | Computer Name = RITTERBY7897 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2010 5:08:57 PM | Computer Name = RITTERBY7897 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/12/2010 6:22:02 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10j.ocx, version 10.2.161.23, fault address 0x000b88a1.

Error - 12/12/2010 6:22:08 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1001
Description = Fault bucket -2106562440.

Error - 12/13/2010 3:27:46 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/14/2010 1:18:28 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module uxtheme.dll, version 6.0.2900.5512, fault address 0x00002524.

Error - 12/14/2010 1:18:35 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/14/2010 1:19:41 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
schannel.dll, version 5.1.2600.6006, fault address 0x0000d265.

[ Application Events ]
Error - 12/12/2010 5:04:57 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.22960, fault address 0x00014c99.

Error - 12/12/2010 5:05:50 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.22960, fault address 0x00014b86.

Error - 12/12/2010 5:08:56 PM | Computer Name = RITTERBY7897 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2010 5:08:57 PM | Computer Name = RITTERBY7897 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/12/2010 6:22:02 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10j.ocx, version 10.2.161.23, fault address 0x000b88a1.

Error - 12/12/2010 6:22:08 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1001
Description = Fault bucket -2106562440.

Error - 12/13/2010 3:27:46 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/14/2010 1:18:28 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module uxtheme.dll, version 6.0.2900.5512, fault address 0x00002524.

Error - 12/14/2010 1:18:35 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/14/2010 1:19:41 PM | Computer Name = RITTERBY7897 | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
schannel.dll, version 5.1.2600.6006, fault address 0x0000d265.

[ OSession Events ]
Error - 6/27/2010 4:47:03 PM | Computer Name = RITTERBY7897 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 871
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/23/2010 6:17:12 AM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/27/2010 5:01:06 AM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/27/2010 8:52:59 AM | Computer Name = RITTERBY7897 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/27/2010 4:36:06 PM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/27/2010 10:06:20 PM | Computer Name = RITTERBY7897 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 805802e9, parameter3
b29daaa4, parameter4 00000000.

Error - 12/29/2010 12:01:55 AM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/29/2010 1:09:32 PM | Computer Name = RITTERBY7897 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f579ecbc, parameter2 00000000, parameter3
804e70ed, parameter4 00000002.

Error - 12/29/2010 1:09:34 PM | Computer Name = RITTERBY7897 | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000002, parameter2 00015d03, parameter3
0007ffef, parameter4 00000001.

Error - 12/29/2010 1:27:05 PM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/31/2010 1:51:04 PM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

[ System Events ]
Error - 12/23/2010 6:17:12 AM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/27/2010 5:01:06 AM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/27/2010 8:52:59 AM | Computer Name = RITTERBY7897 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/27/2010 4:36:06 PM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/27/2010 10:06:20 PM | Computer Name = RITTERBY7897 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 805802e9, parameter3
b29daaa4, parameter4 00000000.

Error - 12/29/2010 12:01:55 AM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/29/2010 1:09:32 PM | Computer Name = RITTERBY7897 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 f579ecbc, parameter2 00000000, parameter3
804e70ed, parameter4 00000002.

Error - 12/29/2010 1:09:34 PM | Computer Name = RITTERBY7897 | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000002, parameter2 00015d03, parameter3
0007ffef, parameter4 00000001.

Error - 12/29/2010 1:27:05 PM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport

Error - 12/31/2010 1:51:04 PM | Computer Name = RITTERBY7897 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DumaNT nvport


< End of report >

Similar Topics: Malware infection. Computer is messed up     x


#2 Tomk

Tomk

    White Board Moderator

  • Malware Team
  • 18,174 posts
  • MVP

Posted 04 January 2011 - 10:14 AM

Hi ROOFIE(MTL),

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Limewire and bitcomet
You have Limewire and bitcomet, P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetw...cles/art053.htm


I would recommend that you uninstall Limewire and bitcomet, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> [url="http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html"]http://forums.whatthetech.com/How_Disable_...ams_t96260.html

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#3 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 04 January 2011 - 09:48 PM

Thanks for your help. Here is the CF Log. I have not uninstalled those programs yet, but I will as soon as possible. Bothe Limewire and bitcomet.

ComboFix 11-01-04.02 - RITTERBY 01/04/2011 20:21:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1432 [GMT -7:00]
Running from: c:\documents and settings\RITTERBY\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\RITTERBY\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-05 to 2011-01-05 )))))))))))))))))))))))))))))))
.

2010-12-25 04:00 . 2010-12-25 04:00 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-25 04:00 . 2010-12-25 04:00 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-25 04:00 . 2010-12-25 04:00 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-23 23:39 . 2010-12-24 00:53 -------- d-----w- c:\windows\BDOSCAN8
2010-12-19 03:25 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-19 03:25 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-19 03:25 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-19 03:25 . 2010-10-16 18:55 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-12-19 03:25 . 2010-10-16 18:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-19 03:25 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-19 03:25 . 2010-10-16 18:55 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-19 03:25 . 2010-10-16 18:55 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-19 03:25 . 2010-10-16 18:55 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-12-19 03:25 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-14 23:24 . 2010-12-14 23:24 -------- d-----w- C:\6df862ed4c0338a4f8c4c69cd1ad
2010-12-14 22:05 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 22:04 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-10 20:52 . 2010-12-10 20:52 -------- d-----w- C:\FKRMonitor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 06:32 . 2010-12-01 06:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-01 06:32 . 2010-04-15 10:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-30 00:42 . 2010-03-22 07:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 00:42 . 2010-03-22 07:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2010-03-20 01:38 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-08-23 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2001-08-23 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 19:04 . 2010-10-16 19:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 19:04 . 2010-10-16 19:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 19:04 . 2010-10-16 19:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 19:04 . 2010-10-16 19:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 19:04 . 2010-10-16 19:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 19:04 . 2010-10-16 19:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 18:55 . 2010-07-04 05:30 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55 . 2010-07-04 05:30 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"FMCore.exe"="c:\program files\Extensis\Suitcase Fusion 2\FMCore.exe" [2009-10-29 8520704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-11 1447168]
"Dit"="Dit.exe" [2002-08-28 73728]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-30 200704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-01-27 11:30 1312848 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-11-30 00:42 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MBAMService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18143:TCP"= 18143:TCP:BitComet 18143 TCP
"18143:UDP"= 18143:UDP:BitComet 18143 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [3/26/2010 2:06 AM 57344]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [10/30/2009 3:28 PM 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [5/10/2010 10:44 AM 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [5/10/2010 10:44 AM 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [5/10/2010 10:44 AM 16696]
S3 NDSPCIIO;NDSPCIIO;\??\c:\windows\system32\DRIVERS\NDSPCIIO.SYS --> c:\windows\system32\DRIVERS\NDSPCIIO.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/23/2001 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2011-01-05 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msnbc.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\RITTERBY\Application Data\Mozilla\Firefox\Profiles\q5txateh.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-04 20:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2011-01-04 20:42:41
ComboFix-quarantined-files.txt 2011-01-05 03:42

Pre-Run: 48,817,475,584 bytes free
Post-Run: 50,679,623,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 05B6E433258CB822C09CE3562197AEB3

#4 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 04 January 2011 - 09:51 PM

Update: The 2 programs have been uninstalled and eliminated as per your recommendatons.

#5 Tomk

Tomk

    White Board Moderator

  • Malware Team
  • 18,174 posts
  • MVP

Posted 04 January 2011 - 11:29 PM

ROOFIE(MTL),

Let's get an online scan:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Also, are things running any different now?

#6 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 05 January 2011 - 11:26 PM

I ran the test as instructed. My computer shut down 3 times though while scanning. On the forth one it completed. It did not have a .txt file where you instructed me to look, but it also said it found nothing. So I am not sure it mattered anyway. The computer seems like there is something not right, but who am I, Your the experts here. I appreciate all the help. Whats next?

#7 Tomk

Tomk

    White Board Moderator

  • Malware Team
  • 18,174 posts
  • MVP

Posted 06 January 2011 - 12:11 AM

Just because we appear to have the malware removed... it doesn't mean that there is nothing wrong with your system. There appears to be an error with your nvidia PureVideo decoder. You've also been getting this error:

The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


Have you ran chkdsk?

If not... have a look here: http://forums.whatth...XP_t102348.html

#8 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 06 January 2011 - 12:29 AM

Yes it has been run nothing is found wrong. It also said for me to check my RAM. So I did and I replaced it under warranty. I also installed a new POwer Source from Cool Master. If there is other issues can we address them ? Do I need to run a script in CF?

#9 Tomk

Tomk

    White Board Moderator

  • Malware Team
  • 18,174 posts
  • MVP

Posted 06 January 2011 - 09:21 AM

ROOFIE(MTL),

I'm not much use to you at this point. You are now better off posting in the windows forum and seeking help from the Tech Team. Post a description of your issues there and include a link to this thread as the logs you have posted here (specifically the OTL log that contains your event log) may be useful to them in helping you diagnose the problem.

but first we need to do a little housekeeping:

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

  • Double click on OTL to run it.
  • Click on CleanUp!
  • When done, you will be prompted to restart your computer. Please restart your computer.

Please re-enable any security that was disabled.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and agree with my recommendation of posting in the windows forum. Also, let me know if you have any questions. Once you've posted for the Tech Team, this thread will be closed.

#10 ROOFIE(MTL)

ROOFIE(MTL)

    Authentic Member

  • Authentic Member
  • PipPip
  • 130 posts

Posted 07 January 2011 - 05:01 PM

I have done what you asked and will post to the windows forum for additional help. Thanks for everything!!!

#11 Tomk

Tomk

    White Board Moderator

  • Malware Team
  • 18,174 posts
  • MVP

Posted 07 January 2011 - 07:24 PM

You are very welcome. Have a happy New Year. Good luck and be well. :thumbup:

#12 Tomk

Tomk

    White Board Moderator

  • Malware Team
  • 18,174 posts
  • MVP

Posted 07 January 2011 - 07:24 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users