WiredWX Hobby Weather ToolsLog in

 


descriptionmalware problem Emptymalware problem

more_horiz
a pop up of av8scan keeps coming up on my computer i know its a visus but how do i get rid of the notification?

descriptionmalware problem EmptyRe: malware problem

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionmalware problem Emptyotl scan results

more_horiz
OTL Extras logfile created on: 12/9/2010 7:47:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Presten\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 348.41 Gb Free Space | 74.80% Space Free | Partition Type: NTFS

Computer Name: PRESTEN-PC | User Name: Presten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034D393A-97E8-4579-A7BA-36694340E8ED}" = rport=5358 | protocol=6 | dir=out | app=system |
"{05C512BD-5241-44A7-A6EC-A3A132063314}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{0AEB3D28-3B98-4776-9930-D1D29A8E26AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{0B1BD7EC-CBBE-455D-80CC-0C57C5820314}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{15323E18-5FD0-4E59-AA1C-A020ABCFFFA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{155F89D2-0990-472F-81C6-ED057065D9DB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{157CC5AA-DB5C-411D-905C-571779E6F5BA}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{16CCAD92-2B56-4727-A66D-2460C239DF5E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{1BECAF3A-0DF9-4A9C-8084-31D0E33E10C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{20F1960C-B75B-4D2A-995F-4A738CEE62B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{29CC80BE-CCE3-4029-BC20-CC9DADD91C07}" = rport=5357 | protocol=6 | dir=out | app=system |
"{2FCBAE59-BFD9-42B0-8617-7221033391BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{38F5BE28-28C6-4F5A-866C-08EA48CBC81D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{3975DFF3-DE45-4836-B8A9-17DA75534813}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{3A4BB4E0-368B-4769-8FF9-4C09F7A2304B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{662B4BB0-10CC-4F4C-8BB6-20BE1E540115}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6FCA2AAE-54CD-41A7-AD19-BEC9FC4FA4ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7866F133-E7AB-4416-A72C-8BB5D78E2D5D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7B560370-3626-4470-A5CB-E48B597A4CF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7E82D4BF-423C-40EE-9066-480896C2672F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{81E42F76-2BE1-473F-BC9C-B42A0CB54859}" = lport=10244 | protocol=6 | dir=in | app=system |
"{857A4DE3-AC54-4653-9CEF-5728930662FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{889CDD12-9BA2-4FD8-AB51-3D58A9A28867}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A023CECC-F03D-4C3A-87EC-D27D372BACFC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC313694-C9D6-42AE-BAA6-260FFE433BFD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B4F114C1-DBFB-416C-85D4-888239D8D553}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C8DC73E3-E771-4647-9EBA-6848DFAFE8BE}" = lport=5357 | protocol=6 | dir=in | app=system |
"{CADBB12E-5B1E-4347-A65D-B9D76FFF1C3C}" = lport=5358 | protocol=6 | dir=in | app=system |
"{D004D318-07C9-4DCF-9B1B-2FD9D6BF0E77}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{D1B89B49-F677-440E-A843-26C1A9E48336}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D4139442-A35B-4070-A3D0-26689F0E28B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E7E0E276-DA5F-4B31-8B86-7BA031D3A74F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F733D4CF-8AC1-43E9-BAF1-67E36D37EE5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F92DFCA3-FE8E-4B8D-9404-EBB0188B304F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FABCAE2E-B826-42E2-86C7-EC6D28ECCACD}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{FED15CC7-2031-42A5-9064-675CF2600B40}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{FF0528E5-E1E0-4018-AD7E-A32307BB8476}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016024CC-D1FC-4BE7-99E0-5CAC44223281}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{04CE2FC0-1833-48C7-BDCF-E3140F2CAF9B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{0A95D99D-FC9F-4784-A1E0-355B83A34B73}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{1188B938-0F4F-4271-88B0-6E423CBC861D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22332E72-4789-4E8A-8B1F-DA07215FA715}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{25287C19-F08D-4DDF-AABD-F990EEE44C1E}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{32DCD639-99E2-4E49-984A-FFF4A6FDFE49}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{36C4FA12-1092-4EBB-A4A0-0EB2732142C8}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{3895E323-A9ED-4534-B373-6513A5DB8054}" = protocol=6 | dir=out | app=system |
"{39ACB244-15B8-4F84-85B1-C948593A539F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3E2A0CC2-8682-473B-8B91-49BB97125290}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{46459990-F49D-4CE9-B1AC-1354D569BE4D}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{4729B90B-2515-413B-B712-0B912A0E55B9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{4C42181C-0FAE-4157-B347-5EDA9B570D25}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{5789930C-39A1-4E58-B990-3DE2984EC4DF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{6230152D-FA4F-4BCC-B304-DE276156CE02}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{63EDF37E-02FE-4A34-B810-E2C54699BC64}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{69E15591-0FA4-4AE8-8E3C-5E37C947F325}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{74479463-AA00-47EC-9EE2-8C5ACBBC23BD}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{75148E41-9861-42E6-8F3E-364854227C9A}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{8873611B-BF63-4B58-9423-A0D66EF07AD7}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{8F002659-626F-4AF0-B36F-BA0B5202E1C0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{916D5C64-7FA0-4E3B-A7B6-0F5B3181798D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{94FE3C8A-94F2-4AB8-8D6D-1FB541604452}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9CDF920D-45E2-4E14-BED8-4097822F0A14}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9CEFFC2D-1861-42E1-8322-3C6627AC96D9}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{9DB3F32A-7E59-43EE-901A-62050105C67A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{9E8732A6-2FD6-49ED-B6CC-ACB69453E8CB}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{A9621BAF-0375-4A85-8946-6A0388BE7C2D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{AB65F64E-711D-4AA1-9AC1-FB4C4274352C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B32278B0-EBC4-4E57-8D6B-6B54C5BAA180}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B35673FB-01BE-43C4-A720-DB731B317866}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{B5F4662C-0D60-4C8C-993C-4FF4EC73B90D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{B7C1844A-793C-4815-AE61-EC76B2AFD59D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{BDA9D0AA-43FC-4F87-ABE1-CA6EA79409E9}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{C00ADC69-02BE-45E3-AE6B-11ECFDE735E8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{CBBDE832-65F9-4655-A390-4C6170D8DF19}" = protocol=6 | dir=out | app=system |
"{D231556F-E291-4414-B007-3576BB58ED47}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{D83E44CD-DEF8-4BD2-AA8E-96E6816EAFC4}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{DD7BCF34-703D-42D2-B03D-B1233B09F194}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{E187FF1C-C997-4380-B119-1206CF2D78BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E758BCF7-CB88-43D7-AAF2-CE0A6BC719ED}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{E843FA33-D6E6-496C-A060-1D61B19DDF90}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{F4D1F394-5B58-404A-BA79-845051D37EE0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F6071BB3-CF57-44C3-AF7A-0C052F961AA6}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{F64AF67F-F216-4221-AB7C-00644CAE80D1}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"TCP Query User{7BA48829-7151-4699-BF67-AADE035F40EA}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{A5946D79-6683-4360-90F0-5DCDC525422D}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45C5421D-7A5E-4FE9-8F42-D98DF070E783}" = Coby Media Manager
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4f250443-a5ef-43a3-984b-972bc15c69d9}" = Slot Nuts
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{59625CC8-69B3-4917-864B-3CE27B76DCF3}" = MagicTunePremium
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{da35a31e-d3a1-4032-a4f8-ba9e7e6d43e9}" = Real Vegas Online
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeâ„¢ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Akamai" = Akamai NetSession Interface
"BearShare" = BearShare
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Gamevance" = Gamevance
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Basic
"Matrix3D" = The Matrix Reloaded 3D Screensaver v2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Morphyre" = Morphyre
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PageRage Toolbar" = PageRage Toolbar
"Search Toolbar" = Search Toolbar
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Vista Start Menu_is1" = Vista Start Menu 3.31
"Webroot Software" = Webroot Software
"WhiteCap" = WhiteCap
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/19/2010 5:41:52 PM | Computer Name = Presten-PC | Source = VSS | ID = 8194
Description =

Error - 11/19/2010 5:51:08 PM | Computer Name = Presten-PC | Source = VSS | ID = 8194
Description =

Error - 11/30/2010 11:00:43 PM | Computer Name = Presten-PC | Source = ESENT | ID = 484
Description = wlcomm (3616) C:\Users\Presten\AppData\Local\Microsoft\Windows Live\Contacts\prestonn6477@hotmail.com\15.4\:
An attempt to remove the folder "C:\Users\Presten\AppData\Local\Microsoft\Windows
Live\Contacts\prestonn6477@hotmail.com\15.4\DBStore\Backup\old" failed with system
error 145 (0x00000091): "The directory is not empty. ". The remove folder operation
will fail with error -1022 (0xfffffc02).

Error - 11/30/2010 11:00:43 PM | Computer Name = Presten-PC | Source = ESENT | ID = 215
Description = wlcomm (3616) C:\Users\Presten\AppData\Local\Microsoft\Windows Live\Contacts\prestonn6477@hotmail.com\15.4\:
The backup has been stopped because it was halted by the client or the connection
with the client failed.

Error - 12/3/2010 6:21:07 PM | Computer Name = Presten-PC | Source = Perflib | ID = 1010
Description =

Error - 12/3/2010 6:21:08 PM | Computer Name = Presten-PC | Source = Perflib | ID = 1008
Description =

Error - 12/7/2010 10:23:50 AM | Computer Name = Presten-PC | Source = Application Error | ID = 1000
Description = Faulting application MagicTuneEngine.exe, version 0.0.0.0, time stamp
0x4a04c006, faulting module MagicTuneCore.dll, version 1.0.0.1, time stamp 0x4b66c697,
exception code 0xc0000005, fault offset 0x0000a5aa, process id 0x9cc, application
start time 0x01cb961a4f48d9c5.

Error - 12/9/2010 1:32:37 PM | Computer Name = Presten-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module YontooIEClient.dll_unloaded, version 0.0.0.0, time
stamp 0x4cf6b8af, exception code 0xc0000005, fault offset 0x685ce731, process id
0x1a58, application start time 0x01cb97c6d5c8153d.

Error - 12/9/2010 3:38:50 PM | Computer Name = Presten-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1508 Start Time: 01cb97cb6f85a3aa Termination Time: 31

Error - 12/9/2010 9:51:14 PM | Computer Name = Presten-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module mshtml.dll, version 8.0.6001.18975, time stamp 0x4c87263d,
exception code 0xc0000005, fault offset 0x0010919b, process id 0x59ec, application
start time 0x01cb980a640650eb.

[ Media Center Events ]
Error - 10/3/2010 1:00:13 AM | Computer Name = Presten-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 9/10/2010 11:08:11 AM | Computer Name = Presten-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 9/10/2010 11:08:11 AM | Computer Name = Presten-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 9/10/2010 11:08:11 AM | Computer Name = Presten-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 9/10/2010 11:08:11 AM | Computer Name = Presten-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 9/10/2010 11:08:11 AM | Computer Name = Presten-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/10/2010 11:08:11 AM | Computer Name = Presten-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/10/2010 11:08:11 AM | Computer Name = Presten-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/10/2010 11:08:11 AM | Computer Name = Presten-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >

descriptionmalware problem Emptyotl results

more_horiz
OTL logfile created on: 12/9/2010 7:47:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Presten\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 348.41 Gb Free Space | 74.80% Space Free | Partition Type: NTFS

Computer Name: PRESTEN-PC | User Name: Presten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/09 19:47:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Presten\Desktop\OTL.exe
PRC - [2010/10/11 15:12:08 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
PRC - [2010/10/01 07:05:55 | 001,286,960 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/10/01 07:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/09/22 23:16:36 | 000,054,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Companion\companionuser.exe
PRC - [2010/09/22 22:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/09/22 12:41:30 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/07/27 13:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/02/01 17:53:44 | 002,531,328 | ---- | M] (SEC) -- C:\Program Files\MagicTune Premium\MagicTune.exe
PRC - [2009/10/05 13:06:46 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
PRC - [2009/09/29 19:19:00 | 002,198,248 | ---- | M] (OrdinarySoft) -- C:\Program Files\Vista Start Menu\VistaStartMenu.exe
PRC - [2009/08/11 13:57:26 | 000,303,104 | ---- | M] () -- C:\Program Files\MultiScreen\MultiScreen.exe
PRC - [2009/05/08 16:28:10 | 000,058,368 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (SafeList) ==========

MOD - [2010/12/09 19:47:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Presten\Desktop\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/09/24 14:21:48 | 000,025,320 | ---- | M] (OrdinarySoft) -- C:\Program Files\Vista Start Menu\VistaStartMenu.dll
MOD - [2009/08/11 13:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\MultiScreen\TitleBar.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/08 15:23:27 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/10/01 07:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/07/27 13:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/07/09 14:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 13:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2010/06/17 13:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/06/17 13:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2010/05/20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/11/18 16:02:24 | 000,014,848 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2009/04/10 20:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z002&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/28 12:50:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 12:51:25 | 000,000,000 | ---D | M]

[2010/09/27 11:56:05 | 000,000,000 | ---D | M] -- C:\Users\Presten\AppData\Roaming\mozilla\Extensions
[2007/12/31 23:35:01 | 000,000,000 | ---D | M] -- C:\Users\Presten\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/11/03 15:13:06 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneEngine.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe ()
O4 - HKCU..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Presten\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Presten\Pictures\desktop pictures\13442-1920x1080-Fantasy-3[1].jpg
O24 - Desktop BackupWallPaper: C:\Users\Presten\Pictures\desktop pictures\13442-1920x1080-Fantasy-3[1].jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (.common-controls_6595b64144ccf1df_6.0) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{271fae43-c71b-11df-8f7f-806e6f6e6963}\Shell\Auto\command - "" = E:\launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/09 19:47:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Presten\Desktop\OTL.exe
[2010/12/05 11:46:16 | 000,000,000 | ---D | C] -- C:\Users\Presten\Documents\Coby Media Manager
[2010/12/05 11:46:16 | 000,000,000 | ---D | C] -- C:\Users\Presten\AppData\Roaming\Coby Media Manager
[2010/12/05 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\Presten\AppData\Roaming\Coby
[2010/12/05 08:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/12/05 08:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2010/12/05 08:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2010/12/05 08:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2010/12/01 16:46:07 | 000,000,000 | ---D | C] -- C:\Users\Presten\AppData\Roaming\COWON
[2010/12/01 16:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON
[2010/12/01 16:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\JetAudio
[2010/12/01 16:40:47 | 038,884,240 | ---- | C] (Acresso Software Inc. ) -- C:\Users\Presten\Desktop\JAD8010_BASIC.exe
[2010/11/30 20:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/30 20:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010/11/30 12:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010/11/30 11:58:50 | 000,000,000 | ---D | C] -- C:\Users\Presten\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/30 11:58:33 | 000,000,000 | ---D | C] -- C:\Users\Presten\Documents\DVDVideoSoft
[2010/11/30 11:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/11/30 11:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/11/30 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\Presten\AppData\Local\Yahoo
[2010/11/30 11:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/11/30 11:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/11/30 11:04:27 | 000,000,000 | ---D | C] -- C:\Users\Presten\AppData\Roaming\Yahoo!
[2010/11/30 11:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/11/30 10:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\1A1D2
[2010/11/29 11:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/11/29 11:25:53 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/11/29 11:25:52 | 000,000,000 | ---D | C] -- C:\Users\Presten\AppData\Roaming\Skype
[2010/11/29 11:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/11/19 13:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\MonitorDriver
[2010/11/19 13:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\MultiScreen
[2010/11/19 13:39:37 | 000,014,848 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\System32\drivers\MTiCtwl.sys
[2010/11/19 13:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\MagicTune Premium
[2010/11/19 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\Presten\AppData\Roaming\InstallShield
[2010/11/19 13:33:25 | 000,000,000 | ---D | C] -- C:\Samsung
[2010/11/11 13:23:24 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/11 13:23:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/11 13:23:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/11 12:30:34 | 000,000,000 | ---D | C] -- C:\Users\Presten\Documents\My Received Files
[2010/11/11 12:30:34 | 000,000,000 | ---D | C] -- C:\Users\Presten\Documents\BearShare
[2010/11/11 12:30:34 | 000,000,000 | ---D | C] -- C:\Users\Presten\AppData\Local\BearShare
[2010/11/11 12:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/11/11 12:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BearShare
[2010/11/11 12:29:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2010/11/11 11:53:41 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/11/11 11:53:32 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010/09/08 17:04:05 | 001,074,244 | ---- | C] (Etru Software Development ) -- C:\Program Files\capture.exe
[2010/09/08 16:51:28 | 002,536,456 | ---- | C] ( ) -- C:\Program Files\klcodec380b.exe
[2010/09/08 16:48:22 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/09/08 16:48:05 | 008,067,224 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.3.exe
[2010/09/08 16:48:00 | 002,143,960 | ---- | C] (OrdinarySoft ) -- C:\Program Files\VistaStartMenu_Setup_3_31_freeware.exe
[2010/09/08 16:47:39 | 042,567,136 | ---- | C] (NVIDIA Corporation ) -- C:\Program Files\93.71_forceware_winxp2k_english_whql.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/09 19:47:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Presten\Desktop\OTL.exe
[2010/12/09 19:41:22 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/09 19:41:22 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/09 14:21:44 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{758313EE-3DCE-44BC-80DA-0E460F8572B6}.job
[2010/12/09 11:46:02 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/09 11:46:02 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/09 11:41:42 | 000,122,173 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/09 11:41:41 | 000,122,173 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/09 11:41:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/09 11:41:18 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/05 11:46:10 | 000,001,108 | ---- | M] () -- C:\Users\Presten\Desktop\Coby Media Manager.lnk
[2010/12/03 14:25:28 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010/12/01 16:42:59 | 000,001,618 | ---- | M] () -- C:\Users\Public\Desktop\COWON Media Center - jetAudio.lnk
[2010/12/01 16:42:02 | 038,884,240 | ---- | M] (Acresso Software Inc. ) -- C:\Users\Presten\Desktop\JAD8010_BASIC.exe
[2010/11/30 20:48:12 | 000,001,215 | ---- | M] () -- C:\Users\Presten\Desktop\Free YouTube to MP3 Converter (2).lnk
[2010/11/30 14:11:37 | 000,851,968 | -HS- | M] () -- C:\Users\Presten\ehthumbs_vista.db
[2010/11/30 14:11:37 | 000,577,536 | -HS- | M] () -- C:\Users\Presten\Documents\ehthumbs_vista.db
[2010/11/30 12:47:50 | 000,005,632 | ---- | M] () -- C:\Users\Presten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/30 12:47:47 | 008,962,107 | ---- | M] () -- C:\Users\Presten\Documents\Bruno Mars - Grenade [Official Music Video].wmv
[2010/11/30 12:41:07 | 033,947,017 | ---- | M] () -- C:\Users\Presten\Documents\Bruno Mars - Grenade [Official Music Video].mp4
[2010/11/30 12:35:31 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/11/30 11:58:43 | 000,001,032 | ---- | M] () -- C:\Users\Presten\Desktop\DVDVideoSoft Free Studio.lnk
[2010/11/30 11:04:32 | 000,001,743 | ---- | M] () -- C:\Users\Presten\Desktop\1000 Free Songs!.lnk
[2010/11/29 11:25:55 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/11/19 13:51:20 | 000,001,435 | ---- | M] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
[2010/11/19 13:42:05 | 000,001,453 | ---- | M] () -- C:\Users\Public\Desktop\MultiScreen.lnk
[2010/11/19 13:39:37 | 000,001,487 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
[2010/11/19 13:39:37 | 000,001,475 | ---- | M] () -- C:\Users\Public\Desktop\MagicTune .lnk
[2010/11/11 12:29:48 | 000,001,009 | ---- | M] () -- C:\Users\Presten\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2010/11/11 12:29:48 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\BearShare.lnk
[2010/11/11 11:53:41 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/05 11:46:10 | 000,001,108 | ---- | C] () -- C:\Users\Presten\Desktop\Coby Media Manager.lnk
[2010/12/01 16:42:59 | 000,001,618 | ---- | C] () -- C:\Users\Public\Desktop\COWON Media Center - jetAudio.lnk
[2010/11/30 20:48:12 | 000,001,215 | ---- | C] () -- C:\Users\Presten\Desktop\Free YouTube to MP3 Converter (2).lnk
[2010/11/30 14:10:27 | 000,577,536 | -HS- | C] () -- C:\Users\Presten\Documents\ehthumbs_vista.db
[2010/11/30 12:46:13 | 008,962,107 | ---- | C] () -- C:\Users\Presten\Documents\Bruno Mars - Grenade [Official Music Video].wmv
[2010/11/30 12:41:00 | 033,947,017 | ---- | C] () -- C:\Users\Presten\Documents\Bruno Mars - Grenade [Official Music Video].mp4
[2010/11/30 12:35:31 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010/11/30 12:10:15 | 000,851,968 | -HS- | C] () -- C:\Users\Presten\ehthumbs_vista.db
[2010/11/30 11:58:34 | 000,001,032 | ---- | C] () -- C:\Users\Presten\Desktop\DVDVideoSoft Free Studio.lnk
[2010/11/30 11:04:32 | 000,001,743 | ---- | C] () -- C:\Users\Presten\Desktop\1000 Free Songs!.lnk
[2010/11/29 11:25:55 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/11/19 13:51:20 | 000,001,435 | ---- | C] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
[2010/11/19 13:42:05 | 000,001,453 | ---- | C] () -- C:\Users\Public\Desktop\MultiScreen.lnk
[2010/11/19 13:39:37 | 000,003,294 | ---- | C] () -- C:\Windows\System32\drivers\TMM
[2010/11/19 13:39:37 | 000,001,487 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
[2010/11/19 13:39:37 | 000,001,475 | ---- | C] () -- C:\Users\Public\Desktop\MagicTune .lnk
[2010/11/11 12:29:48 | 000,001,009 | ---- | C] () -- C:\Users\Presten\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2010/11/11 12:29:48 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\BearShare.lnk
[2010/11/03 15:12:37 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/09/29 19:28:14 | 000,005,632 | ---- | C] () -- C:\Users\Presten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 10:22:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/17 20:45:37 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/09/16 08:42:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/12 07:32:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/09/08 17:24:37 | 000,122,173 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/09/08 17:24:37 | 000,122,173 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/08 17:10:47 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/09/08 17:10:46 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/08 16:48:16 | 005,678,456 | ---- | C] () -- C:\Program Files\FlashFXP_36_Setup.exe
[2007/12/31 23:01:10 | 000,000,680 | ---- | C] () -- C:\Users\Presten\AppData\Local\d3d9caps.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

< End of report >

descriptionmalware problem EmptyRe: malware problem

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionmalware problem EmptyRe: malware problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum