External Drives renamed 'PENDRIVE', DCOM Server Process Launcher Fails

Hello.

2 of my PCs, custom builds running XP SP2, have become infected with the same malware/virus, and I believe it to be a Trojan. I have tried Malwarebytes, but it crashed when it started scanning outside of safe mode. When I scanned in SM 8 files were found to be infected on the system drives alone, and upon deleting them, I discovered that the virus is stored on my external TB media drive. This is a problem for me, because when I used to get a virus, it never made its way to that drive, and I would just dump and reload windows, scanning any recovered data for the malware. That usually worked, but this thing is persistent. Literally, I think. There is a autorun.ini in all my externals I ever plugged into the computer. I found this when plugging my Ubuntu LiveUSB in, and using it to make this post. Note: The drive works flawlessly in Ubuntu. Here's the contents:



If that wasn't bad enough, every time I get my PC up, it appears to work fine, until you connect and attempt to access an EHD. Explorer freezes and in order to access it, I have to rightclick>Explore. Even if I connect nothing, I get a message (Under what circumstances, I'm not sure, I was busy slamming my head into a wall. Again.) waning me of a 60sec timer that will shut down my PC because "DCOM Server Process Launcher failed to launch".

I like to think I am a pretty well-versed user for a kid who taught himself everything he knows by trial and error, but this thing is beating me, and I don't much appreciate it. I deleted the .ini in my EHD, and it works in Ubuntu, but I still have to right click it in explorer on a FRESH install of windows. Then the brand-new rig crashed, courtesy of a DCOM SPL failure.

I tried to find a virus scanner that would search my drive from my LiveUSB, but I have an amd64 processor, and there isnt a avast! build for linux that uses that architecture. I forced the package install, but it wont work. I tried the Clam Virus scanner, but that didnt find anything on my system drive, and only found the same .ini file on the EHD. I tried the clamscan package that comes with it, but it ran into some troubles. Either way, it probably wouldn't work too well without the windows processes actually running.

I know, after endless Googling, giving up, and coming back, that a HijackThis log file will help greatly, so Ill get that ASAP. I appreciate any help at all, and I desperately need it to get my babies back up and running. I live on these machines, and without them, I'm lost.

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Thanks for getting back so quick, I got clamscan to run in linux, and it found several .exe files on my EHD which I deleted, but I beleive it to still be a problem. Anyway, OTL.txt:

OTL logfile created on: 11/21/2010 8:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Glitch\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.00 Gb Free Space | 24.15% Space Free | Partition Type: NTFS
Drive D: | 111.76 Gb Total Space | 12.17 Gb Free Space | 10.89% Space Free | Partition Type: NTFS
Drive J: | 3.68 Gb Total Space | 0.01 Gb Free Space | 0.31% Space Free | Partition Type: FAT32

Computer Name: ANDREW-11101992 | User Name: Glitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/21 20:06:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glitch\My Documents\Downloads\OTL.exe
PRC - [2010/10/29 14:09:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/29 14:09:05 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2009/11/15 14:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/11/01 06:47:00 | 000,119,296 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/05/21 09:50:56 | 000,065,605 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004/08/03 19:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/21 20:06:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glitch\My Documents\Downloads\OTL.exe
MOD - [2010/11/21 19:52:55 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Glitch\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/02/21 14:06:50 | 000,463,136 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2004/09/18 14:37:00 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll
MOD - [2004/08/03 19:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/02/26 19:27:44 | 000,036,864 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\system32\wbsys.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2007/05/21 09:51:10 | 000,135,233 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2007/05/21 09:50:56 | 000,065,605 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2007/05/15 08:53:12 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2002/03/13 09:59:02 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2010/07/09 17:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/07 02:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/05/20 21:43:12 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/05/20 21:43:08 | 000,046,080 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/17 19:31:38 | 000,105,472 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/12 03:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 18:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001/12/11 17:17:14 | 000,037,087 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)
DRV - [2001/08/17 07:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 00:33:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 14:09:10 | 000,000,000 | ---D | M]

[2010/09/28 15:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glitch\Application Data\Mozilla\Extensions
[2010/11/19 16:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glitch\Application Data\Mozilla\Firefox\Profiles\8390uu02.default\extensions
[2010/11/14 17:13:36 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Glitch\Application Data\Mozilla\Firefox\Profiles\8390uu02.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/11/07 04:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glitch\Application Data\Mozilla\Firefox\Profiles\8390uu02.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/10/30 12:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glitch\Application Data\Mozilla\Firefox\Profiles\8390uu02.default\extensions\ctrlaltdelboom@cad-comic.com
[2010/09/28 15:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glitch\Application Data\Mozilla\Firefox\Profiles\c7ctx98m.default\extensions
[2010/11/19 16:00:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/23 22:05:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/23 22:04:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/21 00:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2004/09/06 18:21:11 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\svhost\svhost.exe ( )
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [HKCU] C:\WINDOWS\system32\svhost\svhost.exe ( )
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Glitch\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\svhost\svhost.exe ( )
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\svhost\svhost.exe ( )
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Glitch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glitch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/27 19:02:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/21 20:01:00 | 000,000,357 | RHS- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{93ad1b1e-ca95-11df-9836-d0bb009347d2}\Shell\AutoRun\command - "" = I:\wubi.exe -- File not found
O33 - MountPoints2\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\Shell - "" = AutoRun
O33 - MountPoints2\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\Shell\Open\command - "" = H:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe -- File not found
O33 - MountPoints2\{afeed611-ca6f-11df-84b2-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{afeed611-ca6f-11df-84b2-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afeed611-ca6f-11df-84b2-806d6172696f}\Shell\AutoRun\command - "" = F:\Bin\assetup.exe -- File not found
O33 - MountPoints2\{b9f75a76-d896-11df-b2ac-002215d58241}\Shell\AutoRun\command - "" = G:\wubi.exe -- File not found
O33 - MountPoints2\{c7093c58-cfd7-11df-b2a5-002215d58241}\Shell - "" = AutoRun
O33 - MountPoints2\{c7093c58-cfd7-11df-b2a5-002215d58241}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7093c58-cfd7-11df-b2a5-002215d58241}\Shell\Open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe -- [2006/05/31 09:32:14 | 000,398,336 | RHS- | M] ( )
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\Open\command - "" = H:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 12:44:03 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe
[2010/11/20 01:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Application Data\Malwarebytes
[2010/11/20 01:51:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/20 01:51:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/20 01:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/20 01:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/18 18:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Application Data\Dexpot
[2010/11/18 18:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dexpot
[2010/11/16 17:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Local Settings\Application Data\CrashRpt
[2010/11/16 17:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/11/16 17:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/11/16 17:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/11/16 17:50:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/11/16 17:49:57 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/11/16 17:49:10 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/11/16 17:48:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/11/16 17:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/11/16 17:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/11/15 19:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/11/15 19:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Local Settings\Application Data\LogMeIn Hamachi
[2010/11/15 19:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/11/15 19:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Application Data\Tunngle
[2010/11/15 19:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2010/11/15 19:03:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPToolsLicenseComponent
[2010/11/15 19:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\XP Registry Cleaner
[2010/11/15 19:00:39 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2010/11/15 18:44:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/15 18:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Local Settings\Application Data\LogMeIn Hamachi(2)
[2010/11/15 18:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi(2)
[2010/11/08 17:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2010/11/08 17:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded Audio
[2010/11/08 17:48:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Glitch\My Documents\My Videos
[2010/11/07 15:16:00 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System\INETWH32.DLL
[2010/11/07 15:14:43 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/11/07 15:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\WINDOWS
[2010/11/06 09:10:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/11/05 01:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Application Data\NVIDIA
[2010/10/27 18:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Desktop\INVedit
[2010/10/27 18:19:25 | 000,000,000 | ---D | C] -- C:\StarCraft II
[2010/10/27 18:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\My Documents\StarCraft II
[2010/10/27 18:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/10/27 18:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/10/27 13:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Application Data\AdobeUM
[2010/10/25 17:53:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/10/25 17:53:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/10/25 17:53:02 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/10/25 17:53:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/10/25 17:53:02 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/10/25 17:53:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/10/25 17:53:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/10/24 14:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\world
[2010/10/24 13:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Local Settings\Application Data\FalloutNV
[2010/10/24 12:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/10/24 07:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/10/24 07:22:18 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2010/10/24 06:37:20 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/10/24 06:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/10/24 06:36:08 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/10/24 06:36:07 | 002,914,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/10/24 06:36:07 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/10/24 06:36:06 | 010,260,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/10/24 06:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Application Data\My Battle for Middle-earth(tm) II Files
[2010/10/23 22:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\My Documents\AIMLogger
[2010/10/23 22:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/10/23 22:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\AIM7
[2010/10/23 22:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/23 22:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/23 22:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/23 22:04:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/23 22:04:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/23 22:04:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/23 22:04:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/23 22:04:59 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/23 22:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/23 21:57:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2010/10/23 21:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/10/23 21:51:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/10/23 21:47:51 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/10/23 21:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Local Settings\Application Data\AIM
[2010/10/23 21:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/10/23 21:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/10/23 15:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Application Data\acccore
[2010/10/23 15:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Local Settings\Application Data\AOL OCP
[2010/10/23 15:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glitch\Local Settings\Application Data\AOL
[2010/10/23 15:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/10/23 15:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/10/23 15:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2010/10/23 15:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/21 20:02:10 | 000,001,461 | -H-- | M] () -- C:\Documents and Settings\Glitch\Application Data\logs.dat
[2010/11/21 19:52:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/20 12:13:27 | 000,002,008 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\HiJackThis.lnk
[2010/11/20 12:10:27 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\thxcfg.ini
[2010/11/20 02:00:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/20 02:00:36 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/20 01:52:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/20 01:36:03 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Glitch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 23:26:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/18 18:03:35 | 000,000,481 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\Dexpot.lnk
[2010/11/16 17:58:06 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Glitch\Application Data\steam_md4.dat
[2010/11/16 17:51:01 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/16 17:51:01 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/16 17:36:02 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/16 17:25:53 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2010/11/16 17:25:53 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2010/11/15 20:06:19 | 000,000,022 | ---- | M] () -- C:\WINDOWS\wb.ini
[2010/11/15 19:16:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
[2010/11/10 17:32:44 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Glitch\Application Data\SQLite3.dll
[2010/11/06 12:43:59 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\Shortcut to Data.lnk
[2010/11/05 01:04:59 | 000,001,091 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\Shortcut to Geck.exe.lnk
[2010/11/05 01:04:00 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\New Vegas Mods - Utils.lnk
[2010/10/27 22:54:56 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Glitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/27 22:54:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/27 18:48:39 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/10/25 17:26:55 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-DMU59.msg
[2010/10/25 17:26:55 | 000,001,240 | ---- | M] () -- C:\WINDOWS\is-DMU59.lst
[2010/10/24 23:36:11 | 000,114,441 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\Supakiff.jpg
[2010/10/24 23:31:37 | 000,086,879 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\LOLWTF.jpg
[2010/10/24 23:07:51 | 010,535,704 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\Spleef.rar
[2010/10/24 14:22:38 | 000,000,078 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\Fallout New Vegas.url
[2010/10/24 12:56:29 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/10/24 07:30:22 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\AIM.lnk
[2010/10/24 07:23:22 | 000,000,952 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\Perfect World.lnk
[2010/10/24 06:36:40 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/24 06:36:40 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/24 06:36:38 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/24 06:34:37 | 000,175,033 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/23 22:23:20 | 000,000,401 | -H-- | M] () -- C:\IPH.PH
[2010/10/23 22:23:17 | 000,001,605 | ---- | M] () -- C:\Documents and Settings\Glitch\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/23 22:23:17 | 000,001,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/10/23 22:04:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/23 22:04:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/23 22:04:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/23 22:04:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/23 22:04:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/23 22:03:00 | 000,232,501 | ---- | M] () -- C:\Documents and Settings\Glitch\Desktop\Minecraft.exe
[2010/10/23 21:51:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/20 12:13:27 | 000,002,008 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\HiJackThis.lnk
[2010/11/20 12:10:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2010/11/20 01:52:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/18 18:03:35 | 000,000,481 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\Dexpot.lnk
[2010/11/16 17:58:06 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Glitch\Application Data\steam_md4.dat
[2010/11/16 17:50:57 | 000,119,368 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/16 17:25:53 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2010/11/16 17:25:53 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2010/11/15 21:07:39 | 000,010,391 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid10812.log
[2010/11/15 19:16:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2010/11/11 11:10:47 | 000,010,421 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3128.log
[2010/11/10 17:32:45 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\Glitch\Application Data\SQLite3.dll
[2010/11/07 15:16:00 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System\INETWH16.DLL
[2010/11/07 15:14:42 | 000,300,032 | ---- | C] () -- C:\WINDOWS\unin0411.exe
[2010/11/06 12:43:59 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\Shortcut to Data.lnk
[2010/11/05 01:04:59 | 000,001,091 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\Shortcut to Geck.exe.lnk
[2010/11/05 01:04:00 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\New Vegas Mods - Utils.lnk
[2010/11/04 01:56:40 | 000,010,356 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3224.log
[2010/10/31 17:35:57 | 000,010,251 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid2344.log
[2010/10/31 02:27:04 | 000,010,250 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1832.log
[2010/10/30 23:43:59 | 000,010,249 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid460.log
[2010/10/30 22:28:10 | 000,010,151 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3784.log
[2010/10/30 02:41:19 | 000,010,359 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1464.log
[2010/10/29 21:44:35 | 000,010,354 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid2932.log
[2010/10/28 22:54:24 | 000,010,249 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3040.log
[2010/10/27 23:33:08 | 726,827,008 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\ubuntu-10.10-desktop-i386.iso
[2010/10/27 22:23:17 | 000,010,358 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1492.log
[2010/10/27 21:47:45 | 000,010,250 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1684.log
[2010/10/27 18:35:20 | 000,168,599 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\INVedit.zip
[2010/10/27 18:19:25 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/10/27 17:50:15 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3328.log
[2010/10/26 23:20:56 | 000,010,148 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1516.log
[2010/10/26 01:14:20 | 000,010,358 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid456.log
[2010/10/26 00:35:36 | 000,010,535 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid2780.log
[2010/10/25 23:54:54 | 000,010,537 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3724.log
[2010/10/25 23:01:34 | 000,010,534 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid2356.log
[2010/10/25 22:08:27 | 000,010,539 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3252.log
[2010/10/25 22:01:32 | 000,010,538 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3132.log
[2010/10/25 21:59:03 | 000,010,534 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid2964.log
[2010/10/25 21:57:08 | 000,010,539 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3268.log
[2010/10/25 21:34:18 | 000,010,356 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3528.log
[2010/10/25 19:42:26 | 000,010,363 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid220.log
[2010/10/25 19:32:55 | 000,010,258 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3556.log
[2010/10/25 19:28:16 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid2552.log
[2010/10/25 17:26:55 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-DMU59.msg
[2010/10/25 17:26:55 | 000,001,240 | ---- | C] () -- C:\WINDOWS\is-DMU59.lst
[2010/10/25 16:36:47 | 000,010,258 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3692.log
[2010/10/25 15:21:14 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3020.log
[2010/10/25 15:03:47 | 000,010,358 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid2608.log
[2010/10/25 13:50:16 | 000,010,255 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1396.log
[2010/10/25 00:18:26 | 000,010,255 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1756.log
[2010/10/25 00:02:51 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid828.log
[2010/10/24 23:51:12 | 000,010,256 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid380.log
[2010/10/24 23:40:16 | 010,535,704 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\Spleef.rar
[2010/10/24 23:38:27 | 000,114,441 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\Supakiff.jpg
[2010/10/24 23:38:25 | 000,010,359 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1192.log
[2010/10/24 23:33:00 | 000,086,879 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\LOLWTF.jpg
[2010/10/24 22:31:31 | 000,010,531 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid604.log
[2010/10/24 22:27:28 | 000,010,541 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1004.log
[2010/10/24 19:38:42 | 000,010,535 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid2856.log
[2010/10/24 19:26:15 | 000,010,535 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid276.log
[2010/10/24 18:24:25 | 000,010,144 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid408.log
[2010/10/24 17:21:00 | 000,010,537 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid2480.log
[2010/10/24 17:12:02 | 000,010,535 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid800.log
[2010/10/24 15:41:54 | 000,010,534 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3752.log
[2010/10/24 15:15:51 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid132.log
[2010/10/24 15:13:00 | 000,010,358 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1164.log
[2010/10/24 15:01:57 | 000,010,261 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3296.log
[2010/10/24 14:38:35 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\Glitch\server.log
[2010/10/24 14:38:35 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Glitch\ops.txt
[2010/10/24 14:38:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Glitch\banned-players.txt
[2010/10/24 14:38:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Glitch\banned-ips.txt
[2010/10/24 14:20:57 | 000,010,256 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3332.log
[2010/10/24 13:20:09 | 000,010,360 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid188.log
[2010/10/24 13:16:55 | 000,010,254 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid404.log
[2010/10/24 13:11:31 | 000,010,258 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3880.log
[2010/10/24 13:08:18 | 000,000,078 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\Fallout New Vegas.url
[2010/10/24 13:01:14 | 000,010,250 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid3160.log
[2010/10/24 12:54:02 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/10/24 09:04:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/24 07:38:33 | 000,010,258 | ---- | C] () -- C:\Documents and Settings\Glitch\hs_err_pid1708.log
[2010/10/24 07:30:22 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\AIM.lnk
[2010/10/24 07:23:22 | 000,000,952 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\Perfect World.lnk
[2010/10/23 22:23:17 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\Glitch\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/10/23 22:23:17 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/10/23 22:23:07 | 000,000,401 | -H-- | C] () -- C:\IPH.PH
[2010/10/23 22:03:00 | 000,232,501 | ---- | C] () -- C:\Documents and Settings\Glitch\Desktop\Minecraft.exe
[2010/10/23 21:51:08 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/23 21:51:06 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/23 21:51:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/23 21:51:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/10/23 21:50:46 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/10/23 21:50:46 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/10/10 22:13:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010/10/02 10:02:14 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2010/10/02 10:01:46 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2010/10/02 07:23:20 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2010/10/02 07:22:24 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2010/09/29 13:48:17 | 000,017,341 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/09/29 00:40:16 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Glitch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 21:19:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\wb.ini
[2010/09/27 21:09:09 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/09/27 21:08:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2010/09/27 19:14:53 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/09/27 19:14:49 | 000,017,118 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/09/27 19:14:36 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/09/27 14:51:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/03/24 06:52:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/01/08 03:39:15 | 000,001,461 | -H-- | C] () -- C:\Documents and Settings\Glitch\Application Data\logs.dat
[2004/08/03 19:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 06:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

< End of report >


Extras.txt

OTL Extras logfile created on: 11/21/2010 8:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Glitch\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.00 Gb Free Space | 24.15% Space Free | Partition Type: NTFS
Drive D: | 111.76 Gb Total Space | 12.17 Gb Free Space | 10.89% Space Free | Partition Type: NTFS
Drive J: | 3.68 Gb Total Space | 0.01 Gb Free Space | 0.31% Space Free | Partition Type: FAT32

Computer Name: ANDREW-11101992 | User Name: Glitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Diablo1
"4000:TCP" = 4000:TCP:*:Enabled:diablo2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\program files\LotR\game.dat" = D:\program files\LotR\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
"D:\program files\Left 4 Dead\left4dead.exe" = D:\program files\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- ()
"D:\program files\ea games\Alice\alice.exe" = D:\program files\ea games\Alice\alice.exe:*:Enabled:American McGee's Alice -- (Rogue Entertainment)
"D:\program files\Borderlands\Binaries\Borderlands.exe" = D:\program files\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"D:\program files\ea games\Mirrors Edge\Binaries\MirrorsEdge.exe" = D:\program files\ea games\Mirrors Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ -- (EA Digital Illusions CE AB)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"D:\program files\microsoft\halo combat evolved\halo.exe" = D:\program files\microsoft\halo combat evolved\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\StarCraft II\StarCraft II.exe" = C:\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\program files\Diablo II\Diablo II.exe" = D:\program files\Diablo II\Diablo II.exe:*:Enabled:Diablo II.exe -- (Blizzard North)
"C:\Program Files\Steam\SteamApps\common\fallout new vegas\FalloutNVLauncher.exe" = C:\Program Files\Steam\SteamApps\common\fallout new vegas\FalloutNVLauncher.exe:*:Enabled:Fallout: New Vegas -- (Bethesda Softworks, Obsidian Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1C877DA0-5EFF-11D4-9254-0000F460E7A9}" = OpenMG Jukebox
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = Net MD Simple Burner
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{E84D2015-4FEB-40CC-A2DD-1A6B8BAC2429}" = OpenMG Secure Module 3.0.03
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BECFE0-74CE-11D5-B8A3-00B0D0D26B88}" = Sony Net MD Help
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Freecorder4.0" = Freecorder 4.0 Application
"Gruntz" = Gruntz
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Orb" = Winamp Remote
"PowerISO" = PowerISO
"Rainmeter" = Rainmeter (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 22380" = Fallout: New Vegas
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WindowBlinds" = WindowBlinds
"WinRAR" = WinRAR
"Wubi" = Ubuntu
"XP Registry Cleaner_is1" = XP Registry Cleaner 2.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2010 4:37:24 PM | Computer Name = ANDREW-11101992 | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 1.1.796.0, faulting module
unknown, version 0.0.0.0, fault address 0x32c31b33.

Error - 11/16/2010 6:29:17 PM | Computer Name = ANDREW-11101992 | Source = Application Error | ID = 1000
Description = Faulting application winrar.exe, version 3.70.2.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/16/2010 6:45:44 PM | Computer Name = ANDREW-11101992 | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4000.1823, faulting
module unknown, version 0.0.0.0, fault address 0x331b2d13.

Error - 11/16/2010 6:52:35 PM | Computer Name = ANDREW-11101992 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iw4mp.exe, version 0.0.0.0, stamp 4c527f7a, faulting
module mscorwks.dll, version 2.0.50727.1433, stamp 471ef729, debug? 0, fault address
0x001496a2.

Error - 11/16/2010 6:53:44 PM | Computer Name = ANDREW-11101992 | Source = .NET Runtime | ID = 0
Description =

Error - 11/16/2010 6:53:51 PM | Computer Name = ANDREW-11101992 | Source = .NET Runtime | ID = 0
Description =

Error - 11/16/2010 10:57:30 PM | Computer Name = ANDREW-11101992 | Source = .NET Runtime | ID = 0
Description =

Error - 11/16/2010 11:01:24 PM | Computer Name = ANDREW-11101992 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iw4mp.exe, version 0.0.0.0, stamp 4c9f8c01, faulting
module mscorwks.dll, version 2.0.50727.1433, stamp 471ef729, debug? 0, fault address
0x001496a2.

Error - 11/17/2010 1:53:29 AM | Computer Name = ANDREW-11101992 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mscorsvw.exe, version 2.0.50727.1433, stamp 471ebc2c,
faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address
0x346c2d13.

Error - 11/17/2010 3:14:42 PM | Computer Name = ANDREW-11101992 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iw4mp.exe, version 0.0.0.0, stamp 4c9f8c01, faulting
module mscorwks.dll, version 2.0.50727.1433, stamp 471ef729, debug? 0, fault address
0x001496a2.

[ System Events ]
Error - 10/11/2010 6:25:35 PM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/11/2010 6:25:35 PM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 10/11/2010 6:55:36 PM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/11/2010 6:55:36 PM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 60 minutes. NtpClient has no source of accurate
time.

Error - 10/11/2010 7:55:38 PM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/11/2010 7:55:38 PM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 120 minutes. NtpClient has no source of accurate
time.

Error - 10/11/2010 9:55:40 PM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 240 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/11/2010 9:55:40 PM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 10/12/2010 1:55:42 AM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 480 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/12/2010 1:55:42 AM | Computer Name = ANDREW-11101992 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 480 minutes. NtpClient has no source of accurate
time.


< End of report >

............................................................................................
"Humanity can suck my hard-drive!" -Zeke, CAD

Conficker. Took a lot of googling and it scared the tar out of me. Im just thankful I don't have a credit card or a debit card. Nothing interesting to steal from an 18-year-old. Also, I did a little manual searching, and I found the SVHOST.exe files the .ini was referring to in the RECYCLER folder on my EHD. Im going to wait to delete them, because I am not certain that it isn't a legitimate process with a .dll injected.

*edit* I was wrong. Its not Conficker. I think this is the work of the autorun.inf virus. I think if I purge the RECYCLER folders on my externals and delete the autorun.ini files, it will go away, unless there is a registry entry. That would prove meddlesome.

My apologies for my impatience, I'm something of a 'hands-on' learner. And I have a one-track mind. If what I am getting towards is total bunk, please say so.

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O4 - HKCU..\Run: [HKCU] C:\WINDOWS\system32\svhost\svhost.exe ( )
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\svhost\svhost.exe ( )
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\svhost\svhost.exe ( )
  O33 - MountPoints2\{93ad1b1e-ca95-11df-9836-d0bb009347d2}\Shell\AutoRun\command - "" = I:\wubi.exe -- File not found
  O33 - MountPoints2\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\Shell - "" = AutoRun
  O33 - MountPoints2\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\Shell\Open\command - "" = H:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe -- File not found
  O33 - MountPoints2\{afeed611-ca6f-11df-84b2-806d6172696f}\Shell - "" = AutoRun
  O33 - MountPoints2\{afeed611-ca6f-11df-84b2-806d6172696f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{afeed611-ca6f-11df-84b2-806d6172696f}\Shell\AutoRun\command - "" = F:\Bin\assetup.exe -- File not found
  O33 - MountPoints2\{b9f75a76-d896-11df-b2ac-002215d58241}\Shell\AutoRun\command - "" = G:\wubi.exe -- File not found
  O33 - MountPoints2\{c7093c58-cfd7-11df-b2a5-002215d58241}\Shell - "" = AutoRun
  O33 - MountPoints2\{c7093c58-cfd7-11df-b2a5-002215d58241}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{c7093c58-cfd7-11df-b2a5-002215d58241}\Shell\Open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe -- [2006/05/31 09:32:14 | 000,398,336 | RHS- | M] ( )
  O33 - MountPoints2\H\Shell - "" = AutoRun
  O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\H\Shell\Open\command - "" = H:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe -- File not found
  
  :files
  C:\WINDOWS\system32\svhost
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU deleted successfully.
C:\WINDOWS\system32\svhost\svhost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
File C:\WINDOWS\system32\svhost\svhost.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully.
File C:\WINDOWS\system32\svhost\svhost.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93ad1b1e-ca95-11df-9836-d0bb009347d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93ad1b1e-ca95-11df-9836-d0bb009347d2}\ not found.
File I:\wubi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93ad1b1f-ca95-11df-9836-d0bb009347d2}\ not found.
H:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afeed611-ca6f-11df-84b2-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afeed611-ca6f-11df-84b2-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afeed611-ca6f-11df-84b2-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afeed611-ca6f-11df-84b2-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afeed611-ca6f-11df-84b2-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afeed611-ca6f-11df-84b2-806d6172696f}\ not found.
File F:\Bin\assetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9f75a76-d896-11df-b2ac-002215d58241}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f75a76-d896-11df-b2ac-002215d58241}\ not found.
File G:\wubi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7093c58-cfd7-11df-b2a5-002215d58241}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7093c58-cfd7-11df-b2a5-002215d58241}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7093c58-cfd7-11df-b2a5-002215d58241}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7093c58-cfd7-11df-b2a5-002215d58241}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7093c58-cfd7-11df-b2a5-002215d58241}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7093c58-cfd7-11df-b2a5-002215d58241}\ not found.
File J:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe not found.
========== FILES ==========
C:\WINDOWS\system32\svhost folder moved successfully.

OTL by OldTimer - Version 3.2.17.3 log created on 11232010_140823

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I may be jumping the gun, but I allowed the program to run under your circumstances and for over 30min there was zero output after the "Typically not take longer than 10 minutes" step. I ran it 3 times. The first time, it shot back a message almost instantly: "Access is denied". Second time I manually canceled it after 45 minutes. The 3rd I stopped it, and now I am here, replying.

This may or may not be relevant, but when I started the program the first time, I received a message which said it could not initialize because I dont have proper permissions, however, I clicked it again, and it ran fine, and I haven't received it since.

I will try to reboot and run it one more time, and edit this post with the results.

*Edit*

Success! After rebooting, it detected rootkit activity (Little fuzzy on that) and rebooted, and ran through all 50 packages. Heres the log file.

ComboFix 10-11-23.01 - Glitch 11/23/2010 20:06:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1736 [GMT -5:00]
Running from: c:\documents and settings\Glitch\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Glitch\Application Data\logs.dat
c:\documents and settings\Glitch\Application Data\SQLite3.dll
c:\documents and settings\Server\Application Data\SQLite3.dll
c:\windows\system32\svhost
c:\windows\system32\svhost\svhost.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.

2010-11-23 19:08 . 2010-11-23 19:08 -------- d-----w- C:\_OTL
2010-11-20 17:44 . 2010-09-07 20:39 150392 ----a-w- c:\windows\junction.exe
2010-11-20 17:13 . 2010-11-20 17:13 388096 ----a-r- c:\documents and settings\Glitch\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-20 06:52 . 2010-11-20 06:52 -------- d-----w- c:\documents and settings\Glitch\Application Data\Malwarebytes
2010-11-20 06:51 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-20 06:51 . 2010-11-20 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-20 06:51 . 2010-11-20 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-20 06:51 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 23:03 . 2010-11-18 23:03 -------- d-----w- c:\documents and settings\Glitch\Application Data\Dexpot
2010-11-18 23:03 . 2010-11-18 23:03 -------- d-----w- c:\program files\Dexpot
2010-11-18 22:55 . 2004-08-04 00:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-18 22:55 . 2010-11-18 22:55 -------- d-----w- c:\documents and settings\Server
2010-11-16 22:57 . 2010-11-16 22:57 -------- d-----w- c:\documents and settings\Glitch\Local Settings\Application Data\CrashRpt
2010-11-16 22:50 . 2010-11-16 22:50 -------- d-----w- c:\program files\MSBuild
2010-11-16 22:50 . 2010-11-16 22:50 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-16 22:50 . 2010-11-16 22:50 -------- d-----w- c:\program files\Reference Assemblies
2010-11-16 22:50 . 2007-03-23 01:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-16 22:49 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-11-16 22:45 . 2010-11-16 22:45 -------- d-----w- c:\program files\MSXML 6.0
2010-11-16 21:42 . 2010-11-16 21:42 -------- d-----w- c:\documents and settings\Administrator
2010-11-16 00:56 . 2010-11-16 00:56 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-11-16 00:50 . 2010-11-24 01:00 -------- d-----w- c:\documents and settings\Glitch\Local Settings\Application Data\LogMeIn Hamachi
2010-11-16 00:50 . 2010-11-24 01:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-11-16 00:15 . 2010-11-16 00:15 -------- d-----w- c:\documents and settings\Glitch\Application Data\Tunngle
2010-11-16 00:15 . 2010-11-16 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Tunngle
2010-11-16 00:03 . 2010-11-16 00:03 -------- d-----w- c:\windows\system32\XPToolsLicenseComponent
2010-11-16 00:03 . 2010-11-16 00:06 -------- d-----w- c:\program files\XP Registry Cleaner
2010-11-16 00:00 . 2010-02-03 20:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-11-15 23:51 . 2010-11-15 23:51 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-07 20:16 . 1998-09-01 10:35 48640 ----a-w- c:\windows\system\INETWH32.DLL
2010-11-07 20:16 . 1998-09-01 10:34 9136 ----a-w- c:\windows\system\INETWH16.DLL
2010-11-07 20:14 . 1996-10-15 23:01 298496 ----a-w- c:\windows\uninst.exe
2010-11-07 20:14 . 1998-11-10 22:58 300032 ----a-w- c:\windows\unin0411.exe
2010-11-07 20:14 . 2010-11-07 20:14 -------- d-----w- c:\documents and settings\Glitch\WINDOWS
2010-11-06 14:10 . 2010-11-06 14:10 -------- d-----w- c:\windows\system32\LogFiles
2010-11-05 06:27 . 2010-11-05 06:27 -------- d-----w- c:\documents and settings\Glitch\Application Data\NVIDIA
2010-10-28 03:54 . 2010-10-29 19:09 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-28 03:54 . 2010-10-29 19:09 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-27 23:19 . 2010-11-10 20:40 -------- d-----w- C:\StarCraft II
2010-10-27 23:19 . 2010-10-28 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-10-27 23:19 . 2010-10-27 23:48 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-10-27 18:24 . 2010-10-27 18:24 -------- d-----w- c:\documents and settings\Glitch\Application Data\AdobeUM
2010-10-25 22:53 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-25 22:53 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-10-25 22:53 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-10-25 22:53 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-10-25 22:53 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-10-25 22:53 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-25 22:53 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 03:04 . 2010-10-24 03:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-24 03:04 . 2010-10-24 03:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-11 01:49 . 2010-10-11 01:49 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-08 08:30 . 2010-10-24 02:50 6358784 ----a-w- c:\windows\system32\SET16C.tmp
2010-10-08 08:30 . 2010-10-24 02:50 1462272 ----a-w- c:\windows\system32\SET16E.tmp
2010-10-02 15:06 . 2004-08-04 00:56 1007616 ----a-w- c:\windows\system32\logonuiX.exe
2010-09-29 18:52 . 2010-09-29 18:52 315392 ----a-w- c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-20 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]

c:\documents and settings\Glitch\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-09-28 02:09 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\program files\\LotR\\game.dat"=
"d:\\program files\\Left 4 Dead\\left4dead.exe"=
"d:\\program files\\ea games\\Alice\\alice.exe"=
"d:\\program files\\Borderlands\\Binaries\\Borderlands.exe"=
"d:\\program files\\ea games\\Mirrors Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"d:\\program files\\microsoft\\halo combat evolved\\halo.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\StarCraft II\\StarCraft II.exe"=
"d:\\program files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Diablo1
"4000:TCP"= 4000:TCP:diablo2

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Glitch\Application Data\Mozilla\Firefox\Profiles\8390uu02.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=xx-hacker
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=
FF - component: c:\documents and settings\Glitch\Application Data\Mozilla\Firefox\Profiles\8390uu02.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Glitch\Application Data\Mozilla\Firefox\Profiles\8390uu02.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Wubi - g:\ubuntu\uninstall-wubi.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 20:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-2147177821-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ff,b0,7a,dc,d2,3a,4b,13,fc,f5,ac,0d,52,61,7d,8f,3a,fc,1d,e9,2f,21,02,
9a,45,d1,71,26,d6,24,29,ad,e1,e0,83,0a,ae,3b,65,31,5b,44,a1,ae,d3,64,a6,c0,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Completion time: 2010-11-23 20:11:37
ComboFix-quarantined-files.txt 2010-11-24 01:11

Pre-Run: 23,506,542,592 bytes free
Post-Run: 23,737,626,624 bytes free

- - End Of File - - 95521D5363B9D916961933F1381665E3

A new piece of information. I tried to play a movie in media player classic, and I got video, but audio was no longer present. I still receive various Windows sounds. When I tried to open volume control, it wasn't in the taskbar, and then told me I haven't installed an audio mixer. However, in the device manager, there are no hardware conflicts, and it still recognizes the sound card.

Also, the Windows Security Center service is deactivated, and the red shield is not in the taskbar.

*Edit*

Scratch that. Reboot fixed it all. Pardon my idiocy. -////-

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

This is why I stopped using torrents -.-


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=dc038d26811a084cb4e7b3d4a03a65b5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-25 05:50:01
# local_time=2010-11-25 12:50:01 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=256192
# found=7
# cleaned=7
# scan_time=3699
C:\_OTL\MovedFiles\11232010_140823\C_WINDOWS\system32\svhost\svhost.exe a variant of Win32/Injector.AZY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11232010_140823\H_RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe a variant of Win32/Injector.AZY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11232010_141454\C_WINDOWS\system32\svhost\svhost.exe a variant of Win32/Injector.AZY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11232010_141454\J_RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe a variant of Win32/Injector.AZY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
H:\Utilities\F.E.A.R\Keygen\Keygen for F.E.A.R.exe probably a variant of Win32/Agent.ECGGPHP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
H:\Utilities\Garry's Mod 10\iNSTALLER_GMOD.exe probably a variant of Win32/Hupigon.VXMIRY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
H:\Utilities\Utilities\Nero\Nero 7.8.5.0 Ultra.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

Hello.
Looks like there is some cracks/keygens on your H:\ drive, please remove them now.

Other than that, this looks fine now.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 7.0
µTorrent

Then download and install Adobe Reader 9.4

How is the machine running now?

The machine runs smoothly, and no odd behavior to be seen, even the little things I attributed to Windows breaking down. As for my downloads, I am fully aware of the risks but I choose to use them anyway. I no longer download anything like games, or even movies (My ISP saw to that with a couple letters from the DMCA). Now my main use is to get the episodes of shows I watch, but often miss. I'm going to start downloading to a secured folder, and scanning the contents before opening them. Adobe was actually on a software package that was with my motherboard when I first built it. I kept it because I use various PDFs, but not enough for me to not click "remind me later" when it asks to update.


Anyway, I appreciate the help, more than you know, I spend a good 12 hours a day on my PC. I cant thank you enough, really, but thank you, you have been a massive help.

Most letters form DCMA are because they have DHT still switched on, meaning people from other trackers can see your seed, and if your using public trackers, they aren't exactly the best.

You should uninstall uTorrent anyway.