Failed OTL Scan

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Failed OTL Scan30th October 2011, 9:13 pm

I downloaded OTL, copy and pasted the scan information into the custom scan, and hit "run scan." It begins and then immediately stops and the program terminates. I've been having the same problem with my antivirus software as well, they don't seem to be scanning. Before my antivirus stuff stopped working, I did discover that my computer is infected with a rootkit, and ADWARE/Gen. Any help would be appreciated.

Re: Failed OTL Scan31st October 2011, 1:30 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

Please Download Rkill.com. Save it to your Desktop.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Failed OTL Scan DXwU4

Re: Failed OTL Scan31st October 2011, 6:13 am

Ok, I ran rkill.com and I kept getting error messages. I tried what you said about running it with the error messages active and I got a notepad listing of this:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/31/2011 at 2:03:56.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

C:\Users\NightSpawn\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\NightSpawn\AppData\Local\Apps\2.0\4THZWA8A.3TJ\G9E2YK39.YLJ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
C:\Windows\System32\grpconv.exe

Rkill completed on 10/31/2011 at 2:03:57.

Yes, I tried running it a couple more times, and I'm still getting error messages. And I still cannot use OTL to do a scan. Any other suggestions. Also, thank you for your help so far. I do want you to know it is greatly appreciated.

Re: Failed OTL Scan3rd November 2011, 1:46 am

Were you able to run aswMBR?

Re: Failed OTL Scan3rd November 2011, 11:31 am

I downloaded aswMBR and ran it. It ran for about 5 seconds before it stopped running. THe desktop icon has become this generic icon like the one for OTL, and Rkill. When I attempt to run it now, I get a box that says: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Not sure what my next step is.

Re: Failed OTL Scan4th November 2011, 3:31 pm

Download Win32kDiag from any of the following locations and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Re: Failed OTL Scan4th November 2011, 4:22 pm

Here's the scan as per your request.

Running from: C:\Users\NightSpawn\Desktop\Win32kDiag.exe

Log file at : C:\Users\NightSpawn\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Cannot access: C:\Windows\bthservsdp.dat

[1] 2011-11-01 13:06:44 12 C:\Windows\bthservsdp.dat ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2011-11-01 22:07:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2011-11-01 13:16:52 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2011-11-01 22:07:55 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2011-11-01 22:07:53 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

Cannot access: C:\Windows\System32\mrt.exe

[1] 2011-10-21 23:11:39 48324552 C:\Windows\System32\mrt.exe ()

[1] 2008-01-20 22:24:53 52696 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe (Microsoft Corporation)

Cannot access: C:\Windows\Temp\~DF87D0.tmp

[1] 2011-10-26 01:02:13 0 C:\Windows\Temp\~DF87D0.tmp ()

Cannot access: C:\Windows\Temp\~DF89E9.tmp

[1] 2011-10-26 01:02:02 16384 C:\Windows\Temp\~DF89E9.tmp ()

Cannot access: C:\Windows\Temp\~DF9B62.tmp

[1] 2011-10-26 01:02:02 16384 C:\Windows\Temp\~DF9B62.tmp ()

Cannot access: C:\Windows\Temp\~DFAF80.tmp

[1] 2011-10-26 01:02:02 16384 C:\Windows\Temp\~DFAF80.tmp ()

Finished!

Re: Failed OTL Scan8th November 2011, 6:19 am

Bump.

Re: Failed OTL Scan8th November 2011, 4:01 pm

I'm not experiencing another problem upon reboot. I have a program that begins running called Privacy Protection, that tells me my computer is infected with a W.32/BlasterWorm, and I manage to disable it, however, it tends to lock out my desktop icons afterwards. Any further help would this new additional problem would be appreciated. Thank you.

Re: Failed OTL Scan8th November 2011, 7:22 pm

Disregard my last post, as I managed to manually find a way to remove the privacy protection .exe and have restored my desktop function. By using Rkill, I managed to stop the process, reboot into safe mode, conduct a scan, find the program and manually removed it. However, I'm still experiencing problems with my Antivirus software, it doesn't want to run complete scans, and something is interrupting it. I've posted the log you asked for, and awaiting further instructions as to what action(s) you'd like me to take next.

Re: Failed OTL Scan9th November 2011, 1:00 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Re: Failed OTL Scan11th November 2011, 9:16 am

I attempted to run TDSSKiller, but it wouldn't run. Now, all of my desktop icons have disappeared, and my desktop has gone black. When I reload, a BS program called System Restore attempts to run and scans for viruses. Rkill doesn't seem to be terminating the processes of said Malware.

Re: Failed OTL Scan12th November 2011, 4:29 am

Ok, I've managed to restore my desktop to some level of functionality. Whatever this malware is, it is creating false copies of programs, and is preventing certain adminstrator functions of Vista. Rkill doesn't seem to always solve the problem with the active Malware programs, I'm not even sure what the problem is anymore. Whilst all I can do is make a general plea for assistance, I appreciate any recommendations moving forward. I have managed to get OTL to attempt to scan, but it freezes and locks up when it begins scanning modules. Don't know if this information is any help at all, but it is all I know. If you have any further questions please feel free to post them and I'll do my best to answer them with my limited knowledge. Sincerely, all my thanks for your efforts with my problem.

Re: Failed OTL Scan12th November 2011, 8:57 pm

I finally manged to get OTL to scan. Here's the post:

OTL logfile created on: 11/12/2011 3:42:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\NightSpawn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 50.54% Memory free
7.18 Gb Paging File | 5.61 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 168.32 Gb Free Space | 58.96% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.14 Gb Free Space | 51.39% Space Free | Partition Type: NTFS

Computer Name: NIGHTSPAWN-PC | User Name: NightSpawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 23:15:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\NightSpawn\Desktop\OTL.exe
PRC - [2011/04/15 12:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/23 12:25:17 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/01 23:37:16 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/01 23:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/01 23:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/12/11 12:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/12/03 00:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/11/01 19:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/10/11 09:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2007/09/24 04:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 04:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 04:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 04:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/16 02:40:12 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/16 02:40:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/16 02:23:51 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/06/28 02:25:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/05/19 01:25:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2007/11/26 10:46:10 | 000,324,936 | ---- | M] () -- c:\Program Files\McAfee\MSK\mcapbho.dll
MOD - [2006/11/03 17:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 17:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/15 12:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/23 12:43:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/06/23 12:25:17 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2008/01/01 23:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 23:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/12/11 12:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/10/11 09:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

========== Driver Services (SafeList) ==========

DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/01 23:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 00:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 00:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/09/24 04:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/08/23 18:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/07/13 06:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/25 04:13:14 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/27 02:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 02:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 02:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 07:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

[2011/06/08 23:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NightSpawn\AppData\Roaming\Mozilla\Extensions
[2010/09/05 21:02:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\NightSpawn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Shop to Win 9) - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files\Shop to Win 9\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (LivingPlay Text) - {4A0BA746-D4D6-41a6-81EF-413E52B5F8D6} - C:\Program Files\LivingPlay\lplaytl.dll File not found
O2 - BHO: (LivingPlay) - {5BE1ED16-E6DD-4c4e-A596-6CFD5EE7C1EE} - C:\Program Files\LivingPlay\livingplaylib32.dll File not found
O2 - BHO: (Facetheme) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files\Object\bho_project.dll (InternetEngine)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E87F34-34E8-433C-91B3-68FFDB7937FC}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: rpcnet - Service
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: rpcnet - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

Re: Failed OTL Scan12th November 2011, 8:57 pm

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/12 03:50:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/12 03:01:13 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/11/11 23:14:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\NightSpawn\Desktop\OTL.exe
[2011/11/10 11:16:03 | 000,000,000 | -H-D | C] -- C:\e
[2011/11/08 23:29:31 | 000,000,000 | ---D | C] -- C:\Users\NightSpawn\AppData\Local\ElevatedDiagnostics
[2011/11/08 22:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/11/08 20:35:32 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\NightSpawn\Desktop\tdsskiller.exe
[2011/11/08 18:54:41 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\AppData\Roaming\RTXqjUCekBzNx0
[2011/11/08 18:19:01 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\AppData\Roaming\fF3pnG5aQ6W7R9T
[2011/11/08 17:43:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\bdddWKK7fRL9TX
[2011/11/08 17:43:54 | 000,000,000 | -H-D | C] -- C:\hnGG55aQH
[2011/11/08 17:43:50 | 000,000,000 | -H-D | C] -- C:\bWWKK7ffRLg
[2011/11/08 12:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011/11/08 12:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/01 12:13:22 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\Documents\RKill
[2011/10/27 22:38:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVAST Software
[2011/10/27 21:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/25 23:55:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\STOPzilla!

========== Files - Modified Within 30 Days ==========

[2011/11/12 15:39:42 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/11/12 15:33:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/12 14:03:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 14:03:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 03:51:12 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/12 03:51:11 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/11 23:15:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\NightSpawn\Desktop\OTL.exe
[2011/11/11 11:55:58 | 000,032,483 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/11/11 11:54:41 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/11 03:58:40 | 000,001,356 | -H-- | M] () -- C:\Users\NightSpawn\AppData\Local\d3d9caps.dat
[2011/11/11 03:48:34 | 000,000,408 | -H-- | M] () -- C:\ProgramData\VdbHm9Y4Q1mKtf
[2011/11/11 03:47:34 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~VdbHm9Y4Q1mKtf
[2011/11/11 03:47:33 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~VdbHm9Y4Q1mKtfr
[2011/11/11 03:43:55 | 000,049,106 | -H-- | M] () -- C:\Users\NightSpawn\AppData\Roaming\nvModes.001
[2011/11/10 11:43:20 | 000,049,106 | -H-- | M] () -- C:\Users\NightSpawn\AppData\Roaming\nvModes.dat
[2011/11/08 22:57:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/08 20:44:19 | 032,160,136 | ---- | M] () -- C:\Users\NightSpawn\Desktop\WoW-4.0.0-WOW-enUS-Installer.exe
[2011/11/08 20:36:07 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\NightSpawn\Desktop\tdsskiller.exe
[2011/11/08 19:39:56 | 001,008,092 | ---- | M] () -- C:\Users\NightSpawn\Desktop\rkill.com
[2011/11/08 18:48:54 | 000,000,001 | ---- | M] () -- C:\ProgramData\Y4mnMrHV.exe_.b
[2011/11/08 18:48:54 | 000,000,001 | ---- | M] () -- C:\ProgramData\Y4mnMrHV.exe.b
[2011/11/08 03:15:10 | 000,000,112 | ---- | M] () -- C:\ProgramData\rXKjxfx0.dat

========== Files Created - No Company Name ==========

[2011/11/11 04:02:07 | 3756,044,288 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/11 03:47:33 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~VdbHm9Y4Q1mKtf
[2011/11/11 03:47:33 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~VdbHm9Y4Q1mKtfr
[2011/11/11 03:47:28 | 000,000,408 | -H-- | C] () -- C:\ProgramData\VdbHm9Y4Q1mKtf
[2011/11/08 20:44:19 | 032,160,136 | ---- | C] () -- C:\Users\NightSpawn\Desktop\WoW-4.0.0-WOW-enUS-Installer.exe
[2011/11/08 19:39:56 | 001,008,092 | ---- | C] () -- C:\Users\NightSpawn\Desktop\rkill.com
[2011/11/08 18:48:54 | 000,000,001 | ---- | C] () -- C:\ProgramData\Y4mnMrHV.exe_.b
[2011/11/08 18:48:54 | 000,000,001 | ---- | C] () -- C:\ProgramData\Y4mnMrHV.exe.b
[2011/11/08 03:10:43 | 000,000,112 | ---- | C] () -- C:\ProgramData\rXKjxfx0.dat
[2011/09/16 02:10:52 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/08/15 10:34:34 | 000,009,572 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\bfr5u4oop1cs102h1t0
[2011/08/15 10:34:34 | 000,009,572 | -HS- | C] () -- C:\ProgramData\bfr5u4oop1cs102h1t0
[2011/08/07 09:30:29 | 000,010,128 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\75pg32uc86hns2rqtr4c
[2011/08/07 09:30:29 | 000,010,128 | -HS- | C] () -- C:\ProgramData\75pg32uc86hns2rqtr4c
[2011/06/25 16:59:22 | 000,011,996 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\22500634ug8u87c8e64k6l3sf3v
[2011/06/25 16:59:22 | 000,011,996 | -HS- | C] () -- C:\ProgramData\22500634ug8u87c8e64k6l3sf3v
[2011/01/11 08:17:59 | 000,001,356 | -H-- | C] () -- C:\Users\NightSpawn\AppData\Local\d3d9caps.dat
[2010/10/17 10:26:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/10/17 10:26:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/09/05 02:13:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/09/03 23:23:45 | 000,049,106 | -H-- | C] () -- C:\Users\NightSpawn\AppData\Roaming\nvModes.001
[2010/09/03 23:21:50 | 000,049,106 | -H-- | C] () -- C:\Users\NightSpawn\AppData\Roaming\nvModes.dat
[2010/09/03 21:30:17 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/03 12:57:27 | 000,001,844 | -H-- | C] () -- C:\Users\NightSpawn\AppData\Roaming\install.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/06/23 15:02:15 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/23 12:36:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/23 12:28:39 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/06/23 12:28:39 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/06/23 12:28:09 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/06/23 12:25:48 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/06/23 12:25:48 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/06/23 12:25:48 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/06/23 07:08:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/03 18:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,292,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/03/26 17:11:14 | 000,270,142 | ---- | M] () -- C:\Users\NightSpawn\Desktop\Minecraft.exe
[2011/11/11 23:15:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\NightSpawn\Desktop\OTL.exe
[2011/11/08 20:36:07 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\NightSpawn\Desktop\tdsskiller.exe
[2011/11/08 20:44:19 | 032,160,136 | ---- | M] () -- C:\Users\NightSpawn\Desktop\WoW-4.0.0-WOW-enUS-Installer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/11/12 14:03:30 | 000,003,616 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 14:03:30 | 000,003,616 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/06/08 23:12:37 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2008/06/23 12:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/06/23 12:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Install
[2010/09/05 18:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/12/21 21:59:54 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/06/23 12:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/06/23 12:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2008/06/23 12:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/11/08 15:12:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/06/23 07:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/06/23 12:27:57 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/06/23 12:26:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2008/06/23 12:27:13 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2008/06/23 12:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/06/23 12:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/06/23 12:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2008/06/23 12:37:36 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/06/23 12:40:33 | 000,000,000 | ---D | M] -- C:\Program Files\DellAutomatedPCTuneUp
[2008/06/23 15:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2008/06/23 12:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2008/06/23 12:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink Setup
[2011/08/28 16:09:40 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2011/10/27 21:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/09/03 13:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/11/08 13:06:03 | 000,000,000 | ---D | M] -- C:\Program Files\GridinSoft Trojan Killer
[2011/04/27 17:02:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/11/11 11:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/02/12 19:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/02/12 19:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/06/21 09:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/29 22:15:34 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Company
[2010/09/04 21:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\LFLInstall
[2010/10/18 07:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2011/10/04 08:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2008/06/23 12:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2008/06/23 12:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/06/23 12:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/11/08 22:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/06/23 12:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/08/29 02:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/09/08 02:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/06/23 12:24:13 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/12/08 21:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/06/23 12:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/06/23 12:30:17 | 000,000,000 | ---D | M] -- C:\Program Files\NetZeroInstallers
[2011/06/08 23:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Object
[2011/11/08 19:16:25 | 000,000,000 | ---D | M] -- C:\Program Files\Oldgames
[2010/12/21 22:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/06/29 23:42:28 | 000,000,000 | ---D | M] -- C:\Program Files\RosettaStoneLtdServices
[2008/06/23 12:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011/11/08 19:16:25 | 000,000,000 | ---D | M] -- C:\Program Files\Shop to Win 9
[2008/06/23 07:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2011/04/27 16:47:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/09/03 21:30:20 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2011/01/31 20:11:42 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2008/06/23 12:29:10 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2010/12/08 21:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/12/08 21:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/12/08 21:49:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/12/08 21:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/09/16 02:11:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/12/08 21:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/12/08 21:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/12/10 03:16:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/12/08 21:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/09/05 20:59:45 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-12 08:55:12

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

< End of report >

Re: Failed OTL Scan12th November 2011, 9:09 pm

OTL Extras logfile created on: 11/12/2011 3:42:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\NightSpawn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 50.54% Memory free
7.18 Gb Paging File | 5.61 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 168.32 Gb Free Space | 58.96% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.14 Gb Free Space | 51.39% Space Free | Partition Type: NTFS

Computer Name: NIGHTSPAWN-PC | User Name: NightSpawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{166EA3D9-5B7D-4773-BE4F-44827C19C440}" = lport=139 | protocol=6 | dir=in | app=system |
"{1954E6B6-6992-4351-A2EF-5B79D13905EC}" = rport=139 | protocol=6 | dir=out | app=system |
"{282FD8D0-7EEF-4104-97F9-CFFD792E1FE6}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A94369A-0809-4797-994A-8CDC31B1123B}" = rport=137 | protocol=17 | dir=out | app=system |
"{3C46886B-0523-4E0F-9A24-B3DE572C6828}" = rport=445 | protocol=6 | dir=out | app=system |
"{7ED2C593-B94B-401C-9BB0-1E094D88C5B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{888F71E6-8FE6-4629-A272-A0EDA36A4B41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3A99473-C909-4437-AC7B-94F22AFEEB35}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E2BE2DD1-47A4-43B7-AF5D-7B1F839D5AE2}" = lport=138 | protocol=17 | dir=in | app=system |
"{F3AED853-4191-477C-8F32-60CCDE590D64}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA3A53-FD29-42F1-9875-63830FC13DFB}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{08CF8FB2-2412-4DAB-8AB6-325036F7391D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1D90D81B-C771-469D-BE41-6673D9E77E82}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{1EE6F427-0FFD-4487-8808-7FDEDC4C5B2B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{315BCF02-79AD-4BE8-B15C-564BC51FE31A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{32243DE9-92C1-49F6-A63D-EB37859B0C2E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{38AE0C72-7DCB-4D8A-8A91-20474D6BFFE5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{41770299-9FCE-4E83-965D-44A4308841B2}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{421DE393-9D68-4993-A98D-ECE7194AC8F8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DEFE6F9-4758-420B-A760-BAB51698D4ED}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{75FFB968-CA7F-4C70-9D8A-3B789A63280C}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{775CFE70-0AAA-42D5-A20E-9C2A7A786933}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{80517C28-F7D7-4C04-90A0-376C5F929AC2}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{817EEE49-2561-4390-A8EE-A9EB4DDCB410}" = dir=in | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |
"{91912682-0F83-48B9-A27B-2C9F2655120F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AA9ECFAE-8801-4C55-A662-A78FAB797E76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B27A4B01-ACD0-4F52-A738-A78C508B62A0}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastonedaemon.exe |
"{D3B41CCA-E3F8-4DFF-96DB-A5BCDABC2238}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E0CA940F-0337-4799-89AA-ADF1D1F84724}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E6B32CF4-5FFD-4BA4-B339-8A55AEC76ABF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F27E6BF5-1F84-4DC4-BD80-B6B305245221}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FA23CD31-5AEF-4F00-BD13-55544B605E4E}" = protocol=6 | dir=out | app=c:\program files\rosettastoneltdservices\rosettastoneltdservices.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter and the Order of the Phoenix™
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"{FFF186B6-4D02-4D8D-A776-C43E062E01A9}" = Rosetta Stone Ltd Services
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"facetheme" = Facetheme
"GoToAssist" = GoToAssist 8.0.0.514
"LimeWire" = LimeWire 5.5.16
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MightandMagicWorldofXeen66" = DJ OldGames Package: World of Xeen
"MSC" = McAfee SecurityCenter
"New LEGO Digital Designer" = LEGO Digital Designer
"NVIDIA Drivers" = NVIDIA Drivers
"Shop to Win 9" = Shop to Win 9
"Warcraft III" = Warcraft III
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2011 7:03:10 AM | Computer Name = NightSpawn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3506591

Error - 11/12/2011 1:03:32 PM | Computer Name = NightSpawn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/12/2011 1:03:32 PM | Computer Name = NightSpawn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25129265

Error - 11/12/2011 1:03:32 PM | Computer Name = NightSpawn-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25129265

Error - 11/12/2011 1:20:17 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
0x4e2a9406, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00066579, process id 0x1c7c, application
start time 0x01cca15ed36d1180.

Error - 11/12/2011 1:22:57 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
0x4e2a9406, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00066579, process id 0x1a2c, application
start time 0x01cca15f61cc1700.

Error - 11/12/2011 1:44:34 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
0x4e2a9406, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00066579, process id 0x19ec, application
start time 0x01cca1617eaa6e60.

Error - 11/12/2011 1:55:36 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
0x4e2a9406, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x0003dae0, process id 0x1c88, application
start time 0x01cca162c1305960.

Error - 11/12/2011 2:27:20 PM | Computer Name = NightSpawn-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp
0x4e2a9406, faulting module mshtml.dll, version 8.0.6001.19120, time stamp 0x4e2aaa35,
exception code 0xc0000005, fault offset 0x000da88f, process id 0x4e4, application
start time 0x01cca168617af2e0.

Error - 11/12/2011 4:41:50 PM | Computer Name = NightSpawn-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1548 Start Time: 01cca17b72597380 Termination Time: 0

[ System Events ]
Error - 11/12/2011 4:33:42 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2011 4:33:43 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2011 4:33:44 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2011 4:33:45 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2011 4:33:46 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2011 4:33:50 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2011 4:33:52 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2011 4:33:53 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2011 4:33:54 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2011 4:33:55 PM | Computer Name = NightSpawn-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Re: Failed OTL Scan14th November 2011, 12:18 am

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
[2011/11/08 18:54:41 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\AppData\Roaming\RTXqjUCekBzNx0
[2011/11/08 18:19:01 | 000,000,000 | -H-D | C] -- C:\Users\NightSpawn\AppData\Roaming\fF3pnG5aQ6W7R9T
[2011/11/08 17:43:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\bdddWKK7fRL9TX
[2011/11/08 17:43:54 | 000,000,000 | -H-D | C] -- C:\hnGG55aQH
[2011/11/08 17:43:50 | 000,000,000 | -H-D | C] -- C:\bWWKK7ffRLg
[2011/11/11 03:48:34 | 000,000,408 | -H-- | M] () -- C:\ProgramData\VdbHm9Y4Q1mKtf
[2011/11/11 03:47:34 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~VdbHm9Y4Q1mKtf
[2011/11/11 03:47:33 | 000,000,240 | -H-- | M] () -- C:\ProgramData\~VdbHm9Y4Q1mKtfr
[2011/11/08 18:48:54 | 000,000,001 | ---- | M] () -- C:\ProgramData\Y4mnMrHV.exe_.b
[2011/11/08 18:48:54 | 000,000,001 | ---- | M] () -- C:\ProgramData\Y4mnMrHV.exe.b
[2011/11/08 03:15:10 | 000,000,112 | ---- | M] () -- C:\ProgramData\rXKjxfx0.dat
[2011/08/15 10:34:34 | 000,009,572 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\bfr5u4oop1cs102h1t0
[2011/08/15 10:34:34 | 000,009,572 | -HS- | C] () -- C:\ProgramData\bfr5u4oop1cs102h1t0
[2011/08/07 09:30:29 | 000,010,128 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\75pg32uc86hns2rqtr4c
[2011/08/07 09:30:29 | 000,010,128 | -HS- | C] () -- C:\ProgramData\75pg32uc86hns2rqtr4c
[2011/06/25 16:59:22 | 000,011,996 | -HS- | C] () -- C:\Users\NightSpawn\AppData\Local\22500634ug8u87c8e64k6l3sf3v
[2011/06/25 16:59:22 | 000,011,996 | -HS- | C] () -- C:\ProgramData\22500634ug8u87c8e64k6l3sf3v
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Failed OTL Scan14th November 2011, 5:54 am

========== OTL ==========
C:\Users\NightSpawn\AppData\Roaming\RTXqjUCekBzNx0 folder moved successfully.
C:\Users\NightSpawn\AppData\Roaming\fF3pnG5aQ6W7R9T folder moved successfully.
C:\Windows\System32\bdddWKK7fRL9TX folder moved successfully.
C:\hnGG55aQH folder moved successfully.
C:\bWWKK7ffRLg folder moved successfully.
C:\ProgramData\VdbHm9Y4Q1mKtf moved successfully.
C:\ProgramData\~VdbHm9Y4Q1mKtf moved successfully.
C:\ProgramData\~VdbHm9Y4Q1mKtfr moved successfully.
C:\ProgramData\Y4mnMrHV.exe_.b moved successfully.
C:\ProgramData\Y4mnMrHV.exe.b moved successfully.
C:\ProgramData\rXKjxfx0.dat moved successfully.
C:\Users\NightSpawn\AppData\Local\bfr5u4oop1cs102h1t0 moved successfully.
C:\ProgramData\bfr5u4oop1cs102h1t0 moved successfully.
C:\Users\NightSpawn\AppData\Local\75pg32uc86hns2rqtr4c moved successfully.
C:\ProgramData\75pg32uc86hns2rqtr4c moved successfully.
C:\Users\NightSpawn\AppData\Local\22500634ug8u87c8e64k6l3sf3v moved successfully.
C:\ProgramData\22500634ug8u87c8e64k6l3sf3v moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 11142011_005355

Re: Failed OTL Scan14th November 2011, 10:56 pm

Hello.

Please download ComboFix Failed OTL Scan Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Failed OTL Scan15th November 2011, 11:23 pm

ComboFix 11-11-14.03 - NightSpawn 11/15/2011 6:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2801 [GMT -5:00]
Running from: c:\users\NightSpawn\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {2A28CCAF-2E53-0F80-A82C-9572D1C24D8C}
FW: McAfee Personal Firewall *Disabled* {12134D8A-643C-0ED8-8373-3C472F110AF7}
SP: McAfee VirusScan *Disabled/Updated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\program files\LP
c:\program files\LP\4CE1\FE1.exe
c:\program files\Object
c:\program files\Object\bho_project.dll
c:\program files\Object\ChromeAddon.pem
c:\program files\Object\chromeaddon\._included.js
c:\program files\Object\chromeaddon\background.html
c:\program files\Object\chromeaddon\included.js
c:\program files\Object\chromeaddon\manifest.json
c:\program files\Object\config.ini
c:\program files\Object\facetheme_uninstall.exe
c:\program files\Object\status.txt
c:\program files\Object\status2.txt
c:\programdata\LoJackNotifier.txt
c:\programdata\ntuser.dat
c:\users\NightSpawn\AppData\Roaming\iexplore.exe
c:\users\NightSpawn\AppData\Roaming\Install.dat
c:\users\NightSpawn\AppData\Roaming\Microsoft\4CE1\FE1.exe
c:\windows\$NtUninstallKB27470$
c:\windows\$NtUninstallKB27470$\3514210862
c:\windows\System32\config\systemprofile\AppData\Local\3beeaf5f
c:\windows\System32\config\systemprofile\AppData\Local\3beeaf5f\@
c:\windows\system32\config\systemprofile\AppData\Local\3beeaf5f\X
c:\windows\system32\config\systemprofile\AppData\Local\6Nxsyk.com
c:\windows\Tasks\At1.job
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 19:24 . 2011-11-15 19:34 -------- d-----w- c:\users\NightSpawn\AppData\Local\temp
2011-11-15 19:24 . 2011-11-15 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 05:55 . 2011-11-14 05:55 98816 ----a-w- c:\users\NightSpawn\AppData\Roaming\Microsoft\4CE1\437E.tmp
2011-11-14 05:55 . 2011-11-14 05:55 -------- d-----w- c:\users\NightSpawn\AppData\Roaming\A1939
2011-11-14 05:54 . 2011-11-14 05:55 -------- d-----w- c:\users\NightSpawn\AppData\Roaming\106A1
2011-11-14 05:53 . 2011-11-14 05:53 -------- d-----w- C:\_OTL
2011-11-12 08:01 . 2011-11-12 08:01 -------- d-----w- c:\windows\CheckSur
2011-11-11 17:11 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 17:09 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 16:16 . 2011-11-10 16:16 -------- d-----w- C:\e
2011-11-09 04:29 . 2011-11-09 04:29 -------- d-----w- c:\users\NightSpawn\AppData\Local\ElevatedDiagnostics
2011-11-08 17:21 . 2011-11-08 18:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-10-28 03:38 . 2011-10-30 17:41 -------- d--h--w- c:\programdata\AVAST Software
2011-10-28 02:51 . 2011-10-28 02:51 -------- d-----w- c:\program files\ESET
2011-10-26 04:55 . 2011-10-30 17:45 -------- d--h--w- c:\programdata\STOPzilla!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 22:28 . 2011-08-22 16:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2011-09-30 11081728]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2011-01-21 1389880]
.
[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MRT"="c:\windows\system32\MRT.exe" [2011-10-28 50295240]
.
c:\users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-9-3 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - [N/A]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-23 50688]
QuickSet.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-23 17:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-143357251-2404659723-3031534349-1001]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-04-15 1646056]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
.
2011-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:63899
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-FE1.exe - c:\users\NightSpawn\AppData\Roaming\Microsoft\4CE1\FE1.exe
HKLM-Run-FE1.exe - c:\program files\LP\4CE1\FE1.exe
SafeBoot-rpcnet
AddRemove-facetheme - c:\program files\Object\facetheme_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-15 14:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5584)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\windows\system32\wermgr.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WerFault.exe
.
**************************************************************************
.
Completion time: 2011-11-15 14:53:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 19:52
.
Pre-Run: 180,095,315,968 bytes free
Post-Run: 179,947,458,560 bytes free
.
- - End Of File - - 4161ED8C13CE378C8366016CD231C62A

Re: Failed OTL Scan16th November 2011, 9:16 pm

After combofix completed and my computer rebooted, my desktop reloaded incomplete, my background had been changed, and all my desktop shortcuts removed. When the computer boots up, it tries to load the windows repair mode, but it brings up a login screen and doesn't recognize my user name or password, and refers to both as failed domains. Any suggestions?

Re: Failed OTL Scan16th November 2011, 9:58 pm

Hello.
We'll worry about the Desktop soon, first there is more malware that has to go.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
Folder:: c:\users\NightSpawn\AppData\Roaming\A1939 c:\users\NightSpawn\AppData\Roaming\106A1 FileLook:: c:\windows\system32\drivers\tcpip.sys c:\program files\Common Files\System\wab32.dll DirLook:: C:\e DDS:: uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:63899
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Failed OTL Scan17th November 2011, 12:40 am

ComboFix 11-11-16.01 - NightSpawn 11/16/2011 18:33:05.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2452 [GMT -5:00]
Running from: c:\users\NightSpawn\Desktop\ComboFix.exe
Command switches used :: c:\users\NightSpawn\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dYIajiwXVoeuA.exe
c:\programdata\oVGuSZrJARtdIO.exe
c:\users\NightSpawn\AppData\Roaming\106A1
c:\users\NightSpawn\AppData\Roaming\106A1\1939.06A
c:\users\NightSpawn\AppData\Roaming\106A1\DE94C.exe
c:\users\NightSpawn\AppData\Roaming\A1939
c:\users\NightSpawn\AppData\Roaming\A1939\lvvm.exe
c:\users\NightSpawn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\NightSpawn\Desktop\System Fix.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-17 00:11 . 2011-11-17 00:12 -------- d-----w- c:\users\NightSpawn\AppData\Local\temp
2011-11-17 00:11 . 2011-11-17 00:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-17 00:11 . 2011-11-17 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 05:55 . 2011-11-14 05:55 98816 ---ha-w- c:\users\NightSpawn\AppData\Roaming\Microsoft\4CE1\437E.tmp
2011-11-14 05:53 . 2011-11-14 05:53 -------- d-----w- C:\_OTL
2011-11-12 08:01 . 2011-11-12 08:01 -------- d-----w- c:\windows\CheckSur
2011-11-11 17:11 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 17:09 . 2011-09-30 15:57 707584 ---ha-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 16:16 . 2011-11-10 16:16 -------- d-----w- C:\e
2011-11-09 04:29 . 2011-11-09 04:29 -------- d-----w- c:\users\NightSpawn\AppData\Local\ElevatedDiagnostics
2011-11-08 17:21 . 2011-11-08 18:06 -------- d--h--w- c:\program files\GridinSoft Trojan Killer
2011-10-28 03:38 . 2011-10-30 17:41 -------- d--h--w- c:\programdata\AVAST Software
2011-10-28 02:51 . 2011-10-28 02:51 -------- d--h--w- c:\program files\ESET
2011-10-26 04:55 . 2011-10-30 17:45 -------- d--h--w- c:\programdata\STOPzilla!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 22:28 . 2011-08-22 16:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\program files\Common Files\System\wab32.dll ---
Company: Microsoft Corporation
File Description: Microsoft (R) Contacts DLL
File Version: 6.0.6002.18521 (vistasp2_gdr.110930-0337)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: WAB32.DLL
File size: 707584
Created time: 2011-11-11 17:09
Modified time: 2011-09-30 15:57
MD5: F101C848A95FDC6474A66A9D395EAAEB
SHA1: 38EE5E6D0237B99CD368E4C7451DA6BEFB7D2176
.
.
--- c:\windows\system32\drivers\tcpip.sys ---
Company: Microsoft Corporation
File Description: TCP/IP Driver
File Version: 6.0.6002.18519 (vistasp2_gdr.110920-0346)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: tcpip.sys
File size: 905088
Created time: 2011-11-11 17:11
Modified time: 2011-09-20 21:02
MD5: 814A1C66FBD4E1B310A517221F1456BF
SHA1: 5F7B2C07950E57D30C48C84AE37CB39F6D0298A4
.
---- Directory of C:\e ----
.
2011-11-10 16:16 . 2011-11-10 16:16 163 ---ha-w- c:\e\ecap_s0.png
2011-11-10 16:16 . 2011-11-10 16:16 666 ---ha-w- c:\e\sset_02_s1.png
2011-11-10 16:16 . 2011-11-10 16:16 161 ---ha-w- c:\e\add_grp.png
2011-11-10 16:16 . 2011-11-10 16:16 139 ---ha-w- c:\e\ecap_s1_h.png
2011-11-10 16:16 . 2011-11-10 16:16 168 ---ha-w- c:\e\ecap_s1.png
2011-11-10 16:16 . 2011-11-10 16:16 140 ---ha-w- c:\e\ecap_s0_h.png
2011-11-10 16:16 . 2011-11-10 16:16 194 ---ha-w- c:\e\add_grp_h.png
2011-11-10 16:16 . 2011-11-10 16:16 598 ---ha-w- c:\e\sset_02_s0.png
2011-11-10 16:16 . 2011-11-10 16:16 425 ---ha-w- c:\e\ybang_200908276_h.png
2011-11-10 16:16 . 2011-11-10 16:16 768 ---ha-w- c:\e\ebay27_spc.png
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
2011-06-09 04:11 682496 ---ha-w- c:\program files\Shop to Win 9\ShoppingBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MRT"="c:\windows\system32\MRT.exe" [2011-10-28 50295240]
.
c:\users\NightSpawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-9-3 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - [N/A]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-23 50688]
QuickSet.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-23 17:43 10536 ---ha-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-143357251-2404659723-3031534349-1001]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-04-15 1646056]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
.
2011-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-23 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-dYIajiwXVoeuA.exe - c:\programdata\dYIajiwXVoeuA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 19:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-16 19:30:53
ComboFix-quarantined-files.txt 2011-11-17 00:30
ComboFix2.txt 2011-11-15 19:53
.
Pre-Run: 183,169,159,168 bytes free
Post-Run: 182,763,372,544 bytes free
.
- - End Of File - - B977B3287C1D8BED00AA6B9590C4B0FA

Re: Failed OTL Scan19th November 2011, 4:18 am

Ok, the privacy protection thing is back, and it is preventing the use of Rkill or the other decoy Rkill(s). It's telling me everything I attempt to run is infected by W/32 Blaster worm, and it preventing anything from running. Also, I'm noticing that I'm hearing audio for stuff, and I have nothing open or running at the time. Its kind of unnerving. It'll run for a bit, and then cut out. Any suggestions? Thanks much in advance.

Re: Failed OTL Scan19th November 2011, 7:41 pm

Bump.

Re: Failed OTL Scan22nd November 2011, 5:14 am

Bump.

Re: Failed OTL Scan23rd November 2011, 9:00 pm

Bump.

Re: Failed OTL Scan24th November 2011, 6:19 pm

Sorry for the delay, been busy.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: Failed OTL Scan25th November 2011, 3:56 am

First of all, Happy Thanksgiving. Secondly, no worries, I understand the busy thing, and I still appreciate all your help. Just want you to know that. Had to run RKill again: Here's the log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/24/2011 at 22:53:51.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Users\NightSpawn\Desktop\eXplorer.exe

--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: http=127.0.0.1:55778

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.

Rkill completed on 11/24/2011 at 22:55:06.

I will complete the Eset scan and post the log shortly.

Re: Failed OTL Scan25th November 2011, 6:05 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8d7ce07f8896d246a98b4e6e5797e011
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-25 05:45:59
# local_time=2011-11-25 12:45:59 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5121 16776574 100 96 1315356 135977840 0 0
# compatibility_mode=5892 16776638 100 95 1315320 158803466 0 0
# compatibility_mode=8192 67108863 100 0 1504039 1504039 0 0
# scanned=138211
# found=37
# cleaned=35
# scan_time=4021
C:\Program Files\A1939\lvvm.exe a variant of Win32/Kryptik.VZB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LP\4CE1\47DA.tmp a variant of Win32/Kryptik.VZB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\LP\4CE1\FE1.exe Win32/Cycbot.AK trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\LP\4CE1\FE1.exe.vir Win32/Cycbot.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\dYIajiwXVoeuA.exe.vir a variant of Win32/Kryptik.VNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\ProgramData\oVGuSZrJARtdIO.exe.vir a variant of Win32/Kryptik.VNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\NightSpawn\AppData\Roaming\iexplore.exe.vir Win32/Cycbot.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\NightSpawn\AppData\Roaming\106A1\DE94C.exe.vir a variant of Win32/Kryptik.VJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\NightSpawn\AppData\Roaming\A1939\lvvm.exe.vir a variant of Win32/Kryptik.VJK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\NightSpawn\AppData\Roaming\Microsoft\4CE1\FE1.exe.vir Win32/Cycbot.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Local\6Nxsyk.com.vir a variant of Win32/Kryptik.UYJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Local\3beeaf5f\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\0.6396809879420475.exe a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\51C1.tmp a variant of Win32/Kryptik.VQQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\6D60.tmp a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\76B4.tmp a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\BB47.tmp a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\dwme.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Local\temp\NOD29D4.tmp Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\1964f251-7e3fd774 Java/Agent.DW trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\7e8a6802-2b58c59a a variant of Win32/Kryptik.UOE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6555fc58-2d70cb0a a variant of Win32/Kryptik.VRM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1589f399-2bfe2e94 a variant of Win32/Kryptik.UOE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\2dc8efef-4bd781c5 a variant of Java/TrojanDownloader.OpenStream.NCM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\6EB7.tmp a variant of Win32/Kryptik.VQQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\BBA5.tmp a variant of Win32/Kryptik.VTC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\dwme.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\iexplore.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\java.exe Win32/Cycbot.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\106A1\DE94C.exe a variant of Win32/Kryptik.VZB trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\Microsoft\4CE1\437E.tmp Win32/PSW.Agent.NTM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\AppData\Roaming\Microsoft\4CE1\FE1.exe Win32/Cycbot.AK trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\NightSpawn\Desktop\sname probably a variant of Win32/Lukicsel.T trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\AV Protection 2011v121.exe a variant of Win32/Kryptik.VRM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\drivers\i8042prt.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Sirefef.DN trojan 00000000000000000000000000000000 I

Re: Failed OTL Scan25th November 2011, 6:06 am

After completing the Eset scan, I had to reboot, and run Rkill again to be able to access the internet. Don't know if they information is relevant, but thought I would included it in my latest post. Thanks much.

Re: Failed OTL Scan27th November 2011, 5:51 pm

Bump.

Re: Failed OTL Scan28th November 2011, 1:01 am

Well, my comp rebooted itself, and when it loaded up again, my screen is jet black, and I can't access anything. The only thing that was visable was this Vista Antivirus 2012 thing, which is claiming everything I have is infected. It's not letting me access or even view my desktop. I can open task manager, but it is a struggle to get it to remain open so I can do anything. Any suggestions? Because at this rate, I may have to post and work from another computer if it continues like this.

Re: Failed OTL Scan28th November 2011, 5:43 am

Ok, I'm mananged to access IE through the task manager, although my desktop is still black and I cannot fix that. Not sure what the problem is, but at least I can still post here, and (fingers crossed) still download anything you need me to from here. The Vista Antivirus 2012 doesn't appear to be popping up, but I don't know if it is or isn't because I have no desktop and nothing that normally loads at the start is appearing. I've tried rebooting in safe mode, but I get the same problem. Suggestions or recommendation are welcome. Whatever you think the next logically course of action may be. I did manage to run rkill and an eset scan, but nothing is coming up, and rkill kills a few processes but nothing that I necessarily can see as threatening. I can't access my notepads to link the logs, but if I find a way, I'll post them here ASAP. Thanks again in advance.

Re: Failed OTL Scan28th November 2011, 4:56 pm

Ok, I managed to do a little bit a of reading and research. Apparently, I am suffering from KSOD (Black Screen of Death). Now, I can access things on this computer via the Task Manager. I've tried launching the explorer.exe from task manager, but Task Manager says that the specific path doesn't exist. I've looked at my registry key for this by opening "regedit.exe" with task manager. No, I'm not 100% that everything was right, but it appeared that "shell = explorer". So I assume that that key is correct. So, at present, the KSOD has dropped a interesting challenge in my lap that I cannot yet solve. I would mess around with the registry keys more, but I don't feel comfortable doing that, as most explanations I've read from users, seem to suggest more than a basic knowledge of computers and systems, and in short, I really don't want to mess anything up worse than it already is. Hope this info helps. I'll keep you posted if I find a solution for KSOD before you get a chance to post again.

Re: Failed OTL Scan29th November 2011, 4:37 am

Bump.

Re: Failed OTL Scan29th November 2011, 6:59 pm

Bump.

Re: Failed OTL Scan1st December 2011, 12:45 am

Hello.
I want to check the MBR.

Download MBRCheck to your desktop.

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

Re: Failed OTL Scan1st December 2011, 6:35 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1720
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 166):
0x8224E000 \SystemRoot\system32\ntkrnlpa.exe
0x8221B000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80787000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8078E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8079C000 \SystemRoot\system32\drivers\pciide.sys
0x807A3000 \SystemRoot\System32\drivers\mountmgr.sys
0x8280E000 \SystemRoot\system32\drivers\iastorv.sys
0x828AF000 \SystemRoot\system32\drivers\iastor.sys
0x8296D000 \SystemRoot\system32\drivers\atapi.sys
0x82975000 \SystemRoot\system32\drivers\ataport.SYS
0x82993000 \SystemRoot\system32\drivers\fltmgr.sys
0x829C5000 \SystemRoot\system32\drivers\fileinfo.sys
0x829D5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82A06000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A77000 \SystemRoot\system32\drivers\ndis.sys
0x82B82000 \SystemRoot\system32\drivers\msrpc.sys
0x82BAD000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB12000 \SystemRoot\system32\drivers\volsnap.sys
0x8BB4B000 \SystemRoot\System32\Drivers\spldr.sys
0x8BB53000 \SystemRoot\System32\Drivers\mup.sys
0x8BB62000 \SystemRoot\System32\drivers\ecache.sys
0x8BB89000 \SystemRoot\system32\drivers\disk.sys
0x8BB9A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BBBB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8F0CD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F0D8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F0E1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F60D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FCD6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FD76000 \SystemRoot\System32\drivers\watchdog.sys
0x8FD82000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FD8D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FDCB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F0F0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FE08000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8FF0A000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8FF1A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FF2A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FF38000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8FF52000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8FF60000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8FF74000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8FFE6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F17D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8FDDA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FDE5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F1A9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FFF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FDF0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F1C1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x807B3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F600000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BBD1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F1F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805BA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BBE8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82BE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x829DE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FE04000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90405000 \SystemRoot\system32\DRIVERS\ks.sys
0x9042F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90439000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90446000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9047B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9048C000 \SystemRoot\system32\drivers\stwrt.sys
0x904E1000 \SystemRoot\system32\drivers\portcls.sys
0x9050E000 \SystemRoot\system32\drivers\drmk.sys
0x90533000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90602000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90705000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x907B9000 \SystemRoot\system32\drivers\modem.sys
0x907C6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x907CF000 \SystemRoot\System32\Drivers\Null.SYS
0x907D6000 \SystemRoot\System32\Drivers\Beep.SYS
0x907E6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x907ED000 \SystemRoot\System32\drivers\vga.sys
0x90570000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x907DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90591000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90599000 \SystemRoot\System32\Drivers\Msfs.SYS
0x905A4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x905B2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9080D000 \SystemRoot\System32\drivers\tcpip.sys
0x908F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90912000 \SystemRoot\System32\Drivers\Mpfp.sys
0x90939000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9094F000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x90961000 \SystemRoot\system32\DRIVERS\smb.sys
0x90975000 \SystemRoot\system32\drivers\afd.sys
0x909BD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x905BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x909EF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x905D1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90C06000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90C42000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90C4C000 \SystemRoot\system32\drivers\mfehidk.sys
0x90C7C000 \SystemRoot\System32\Drivers\dfsc.sys
0x90C93000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90C9C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90CAC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90CAE000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x90CB5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90CBD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90CD4000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x90D0E000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x90D10000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90D19000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90D26000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98AE0000 \SystemRoot\System32\win32k.sys
0x90DF1000 \SystemRoot\System32\drivers\Dxapi.sys
0x9A0E6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98D00000 \SystemRoot\System32\TSDDD.dll
0x98D20000 \SystemRoot\System32\cdd.dll
0x9A0F5000 \SystemRoot\system32\drivers\luafv.sys
0x9A110000 \SystemRoot\system32\drivers\spsys.sys
0x9A1C0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A1D0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F0B8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x805DD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA040E000 \SystemRoot\system32\drivers\HTTP.sys
0xA047B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0498000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA04C6000 \SystemRoot\system32\drivers\mrxdav.sys
0xA04E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0506000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA053F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0557000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA057F000 \SystemRoot\System32\DRIVERS\srv.sys
0xA05E6000 \SystemRoot\system32\DRIVERS\datunidr.sys
0xA1807000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA182F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA1833000 \SystemRoot\system32\drivers\peauth.sys
0xA1911000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA191B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1927000 \SystemRoot\system32\drivers\mfebopk.sys
0xA192E000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA1940000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA1948000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA1955000 \SystemRoot\System32\Drivers\bthport.sys
0xA19D5000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xA0400000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9A066000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9A080000 \SystemRoot\system32\drivers\btwavdt.sys
0x8F00F000 \SystemRoot\system32\drivers\btwaudio.sys
0xA1800000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x77060000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
468 C:\Windows\System32\smss.exe
604 csrss.exe
664 C:\Windows\System32\wininit.exe
676 csrss.exe
708 C:\Windows\System32\services.exe
724 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\audiodg.exe
1156 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\SLsvc.exe
1208 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\winlogon.exe
1396 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\WLTRYSVC.EXE
1592 C:\Windows\System32\wlanext.exe
1712 C:\Windows\System32\spoolsv.exe
1736 C:\Windows\System32\svchost.exe
1936 C:\Windows\System32\AEstSrv.exe
1988 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2036 C:\Program Files\Bonjour\mDNSResponder.exe
308 C:\Windows\System32\svchost.exe
360 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
484 C:\Windows\System32\CTSVCCDA.EXE
752 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
820 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1412 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2072 C:\Program Files\McAfee\MPF\MpfSrv.exe
2152 C:\Program Files\McAfee\MSK\msksrver.exe
2192 C:\Windows\System32\svchost.exe
2224 C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
2332 C:\Windows\System32\stacsv.exe
2380 C:\Windows\System32\svchost.exe
2436 C:\Windows\System32\svchost.exe
2480 C:\Windows\System32\SearchIndexer.exe
2524 C:\Windows\System32\drivers\XAudio.exe
2724 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2696 C:\Windows\System32\taskeng.exe
2016 C:\Windows\System32\dwm.exe
2468 C:\Windows\System32\svchost.exe
3288 C:\Program Files\McAfee\MSC\mcmscsvc.exe
656 C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
3420 C:\Program Files\McAfee.com\Agent\mcagent.exe
3592 C:\Windows\System32\taskmgr.exe
3840 C:\Program Files\McAfee\MSC\mcuimgr.exe
1180 C:\Windows\System32\rundll32.exe
5636 C:\Windows\System32\taskeng.exe
3056 C:\Windows\System32\PING.EXE
3948 taskeng.exe
4000 C:\Windows\System32\SearchProtocolHost.exe
3568 C:\Windows\System32\SearchFilterHost.exe
2688 WmiPrvSE.exe
1976 C:\Windows\System32\SearchProtocolHost.exe
1956 C:\Program Files\Internet Explorer\iexplore.exe
764 C:\Windows\System32\BCMWLTRY.EXE
5452 dllhost.exe
4280 dllhost.exe
5804 C:\Users\NightSpawn\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`85700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`05700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: D62E42E8B5C8E8E3C60B54F46CB8749D21B93E24

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Re: Failed OTL Scan1st December 2011, 10:57 pm

Hello.
Do you have your Vista Recovery disc?

Re: Failed OTL Scan2nd December 2011, 2:27 am

I did not receive one with my laptop.

Re: Failed OTL Scan2nd December 2011, 2:30 am

I just double checked, and I do not have a recovery disk.

Re: Failed OTL Scan4th December 2011, 10:25 am

Bump.

Re: Failed OTL Scan5th December 2011, 6:07 pm

Hello.
You'll need to get one somehow, we can't repair this without repairing the MBR and we need the disc to get into recovery mode.

Re: Failed OTL Scan6th December 2011, 4:26 am

Ok, I'll look/ask/beg/plead/bargain around and see if I can get one. In the meantime, any suggestions as to a place where someone might acquire one?

Re: Failed OTL Scan8th December 2011, 4:07 am

Nevermind, I have some friends who might be able to help me acquire one. I'll post as soon as I get it. Thanks in advance.

Re: Failed OTL Scan9th December 2011, 1:59 pm

Okay, standing by.

Failed OTL Scan

descriptionFailed OTL Scan30th October 2011, 9:13 pm

descriptionRe: Failed OTL Scan31st October 2011, 1:30 am

descriptionRe: Failed OTL Scan31st October 2011, 6:13 am

descriptionRe: Failed OTL Scan3rd November 2011, 1:46 am

descriptionRe: Failed OTL Scan3rd November 2011, 11:31 am

descriptionRe: Failed OTL Scan4th November 2011, 3:31 pm

descriptionRe: Failed OTL Scan4th November 2011, 4:22 pm

descriptionRe: Failed OTL Scan8th November 2011, 6:19 am

descriptionRe: Failed OTL Scan8th November 2011, 4:01 pm

descriptionRe: Failed OTL Scan8th November 2011, 7:22 pm

descriptionRe: Failed OTL Scan9th November 2011, 1:00 am

descriptionRe: Failed OTL Scan11th November 2011, 9:16 am

descriptionRe: Failed OTL Scan12th November 2011, 4:29 am

descriptionRe: Failed OTL Scan12th November 2011, 8:57 pm

descriptionRe: Failed OTL Scan12th November 2011, 8:57 pm

descriptionRe: Failed OTL Scan12th November 2011, 9:09 pm

descriptionRe: Failed OTL Scan14th November 2011, 12:18 am

descriptionRe: Failed OTL Scan14th November 2011, 5:54 am

descriptionRe: Failed OTL Scan14th November 2011, 10:56 pm

descriptionRe: Failed OTL Scan15th November 2011, 11:23 pm

descriptionRe: Failed OTL Scan16th November 2011, 9:16 pm

descriptionRe: Failed OTL Scan16th November 2011, 9:58 pm

descriptionRe: Failed OTL Scan17th November 2011, 12:40 am

descriptionRe: Failed OTL Scan19th November 2011, 4:18 am

descriptionRe: Failed OTL Scan19th November 2011, 7:41 pm

descriptionRe: Failed OTL Scan22nd November 2011, 5:14 am

descriptionRe: Failed OTL Scan23rd November 2011, 9:00 pm

descriptionRe: Failed OTL Scan24th November 2011, 6:19 pm

descriptionRe: Failed OTL Scan25th November 2011, 3:56 am

descriptionRe: Failed OTL Scan25th November 2011, 6:05 am

descriptionRe: Failed OTL Scan25th November 2011, 6:06 am

descriptionRe: Failed OTL Scan27th November 2011, 5:51 pm

descriptionRe: Failed OTL Scan28th November 2011, 1:01 am

descriptionRe: Failed OTL Scan28th November 2011, 5:43 am

descriptionRe: Failed OTL Scan28th November 2011, 4:56 pm

descriptionRe: Failed OTL Scan29th November 2011, 4:37 am

descriptionRe: Failed OTL Scan29th November 2011, 6:59 pm

descriptionRe: Failed OTL Scan1st December 2011, 12:45 am

descriptionRe: Failed OTL Scan1st December 2011, 6:35 am

descriptionRe: Failed OTL Scan1st December 2011, 10:57 pm

descriptionRe: Failed OTL Scan2nd December 2011, 2:27 am

descriptionRe: Failed OTL Scan2nd December 2011, 2:30 am

descriptionRe: Failed OTL Scan4th December 2011, 10:25 am

descriptionRe: Failed OTL Scan5th December 2011, 6:07 pm

descriptionRe: Failed OTL Scan6th December 2011, 4:26 am

descriptionRe: Failed OTL Scan8th December 2011, 4:07 am

descriptionRe: Failed OTL Scan9th December 2011, 1:59 pm

descriptionRe: Failed OTL Scan

Failed OTL Scan30th October 2011, 9:13 pm

Re: Failed OTL Scan31st October 2011, 1:30 am

Re: Failed OTL Scan31st October 2011, 6:13 am

Re: Failed OTL Scan3rd November 2011, 1:46 am

Re: Failed OTL Scan3rd November 2011, 11:31 am

Re: Failed OTL Scan4th November 2011, 3:31 pm

Re: Failed OTL Scan4th November 2011, 4:22 pm

Re: Failed OTL Scan8th November 2011, 6:19 am

Re: Failed OTL Scan8th November 2011, 4:01 pm

Re: Failed OTL Scan8th November 2011, 7:22 pm

Re: Failed OTL Scan9th November 2011, 1:00 am

Re: Failed OTL Scan11th November 2011, 9:16 am

Re: Failed OTL Scan12th November 2011, 4:29 am

Re: Failed OTL Scan12th November 2011, 8:57 pm

Re: Failed OTL Scan12th November 2011, 8:57 pm

Re: Failed OTL Scan12th November 2011, 9:09 pm

Re: Failed OTL Scan14th November 2011, 12:18 am

Re: Failed OTL Scan14th November 2011, 5:54 am

Re: Failed OTL Scan14th November 2011, 10:56 pm

Re: Failed OTL Scan15th November 2011, 11:23 pm

Re: Failed OTL Scan16th November 2011, 9:16 pm

Re: Failed OTL Scan16th November 2011, 9:58 pm

Re: Failed OTL Scan17th November 2011, 12:40 am

Re: Failed OTL Scan19th November 2011, 4:18 am

Re: Failed OTL Scan19th November 2011, 7:41 pm

Re: Failed OTL Scan22nd November 2011, 5:14 am

Re: Failed OTL Scan23rd November 2011, 9:00 pm

Re: Failed OTL Scan24th November 2011, 6:19 pm

Re: Failed OTL Scan25th November 2011, 3:56 am

Re: Failed OTL Scan25th November 2011, 6:05 am

Re: Failed OTL Scan25th November 2011, 6:06 am

Re: Failed OTL Scan27th November 2011, 5:51 pm

Re: Failed OTL Scan28th November 2011, 1:01 am

Re: Failed OTL Scan28th November 2011, 5:43 am

Re: Failed OTL Scan28th November 2011, 4:56 pm

Re: Failed OTL Scan29th November 2011, 4:37 am

Re: Failed OTL Scan29th November 2011, 6:59 pm

Re: Failed OTL Scan1st December 2011, 12:45 am

Re: Failed OTL Scan1st December 2011, 6:35 am

Re: Failed OTL Scan1st December 2011, 10:57 pm

Re: Failed OTL Scan2nd December 2011, 2:27 am

Re: Failed OTL Scan2nd December 2011, 2:30 am

Re: Failed OTL Scan4th December 2011, 10:25 am

Re: Failed OTL Scan5th December 2011, 6:07 pm

Re: Failed OTL Scan6th December 2011, 4:26 am

Re: Failed OTL Scan8th December 2011, 4:07 am

Re: Failed OTL Scan9th December 2011, 1:59 pm

Re: Failed OTL Scan