Solved mshta.exe "Funny Squirrel Show"

Oh, I am really sorry about that D:

But anyway, do you still want me to run ESET again and this time tick "Remove Threats "?

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  
  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
  [2010/12/06 12:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
  [2010/12/06 11:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
  [2010/12/06 10:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
  [2010/12/06 09:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
  [2010/12/06 08:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
  [2010/12/06 07:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
  [2010/12/06 06:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
  [2010/12/06 05:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
  [2010/12/06 04:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
  [2010/12/06 03:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
  [2010/12/06 02:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
  [2010/12/06 01:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
  [2010/12/06 00:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
  [2010/12/05 23:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
  [2010/12/05 22:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
  [2010/12/05 21:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
  [2010/12/05 20:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
  [2010/12/05 19:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
  [2010/12/05 18:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
  [2010/12/05 17:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
  [2010/12/05 16:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
  [2010/12/05 15:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
  [2010/12/05 14:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
  :Commands
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

Yes please.

 

I have started the ESET scan, but when I do my OTL scan after reset, do I need to add any lines of code from the previous runs? Or just click it and let it go?

 

Just a quick scan. So you should have two logs when done. One from the fix and the other from the quick scan.

 

I did the ESET Scan, with 190 infected files and 190 cleaned files. (yay? The MP3 files that were listed, were not deleted, so are they just clean now, right?)
I checked the ESET directory on my computer, and there is a Quarantine folder (just thought you ought to know ) with 396 files.
Also, did this by any chance get rid of the registries to the now non-existent P2P programs?

Logs are in this Order:
- Run Fix OTL Log
- Quick Scan Log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Marshall
->Flash cache emptied: 4350 bytes

User: NetworkService
->Flash cache emptied: 267 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 177975 bytes

User: Marshall
->Temp folder emptied: 196658874 bytes
->Temporary Internet Files folder emptied: 124623 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 63691694 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 25839430 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6946802 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27170039 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23268658 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 583960484 bytes

Total Files Cleaned = 886.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12062010_164353

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 6/12/2010 4:48:49 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\FIX THIS PC\BBS\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 94.95 Gb Free Space | 40.77% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARSHALL-D40729 | User Name: Marshall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/29 17:42:14 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/10 07:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/11/06 08:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\FIX THIS PC\BBS\OTL\OTL.exe
PRC - [2010/10/29 15:57:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 15:57:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/29 10:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/20 18:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/09/28 12:48:08 | 000,264,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2008/12/22 14:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/08/04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/06 08:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\FIX THIS PC\BBS\OTL\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/28 21:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/12 12:14:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/20 18:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)


========== Driver Services (SafeList) ==========

DRV - [2010/11/30 17:06:04 | 006,261,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/17 05:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/09/08 07:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/08/25 04:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/25 04:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/25 04:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/25 04:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/07/25 11:51:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/14 15:58:07 | 000,016,512 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/18 03:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/18 03:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/18 03:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/14 23:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 22:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007/09/20 19:07:40 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 19:07:38 | 000,053,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.houstontexans.com/news/calendar.html "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/02 14:54:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 15:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/20 23:46:27 | 000,000,000 | ---D | M]

[2010/07/14 18:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Extensions
[2010/12/06 14:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions
[2010/07/31 20:20:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/10 18:29:58 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/11/08 16:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/10/21 22:51:25 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/16 18:58:26 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010/07/14 19:18:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/21 14:31:06 | 000,005,475 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\searchplugins\googlecom-in-english.xml
[2010/12/06 14:51:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/09 16:01:15 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/30 19:49:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/10 10:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/12/24 14:15:24 | 000,000,614 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\image.xml

O1 HOSTS File: ([2010/12/06 16:44:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Marshall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marshall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/14 12:18:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 20:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{45c44cdc-d34a-11df-a483-001fd0d8baba}\Shell\AutoRun\command - " " = C:\WINDOWS\System32\rundll.exe -- File not found
O33 - MountPoints2\{45c44cdc-d34a-11df-a483-001fd0d8baba}\Shell\explore\command - " " = C:\WINDOWS\System32\rundll.exe -- File not found
O33 - MountPoints2\{45c44cdc-d34a-11df-a483-001fd0d8baba}\Shell\open\command - " " = C:\WINDOWS\System32\rundll.exe -- File not found
O33 - MountPoints2\{7de735f2-e597-11df-a4b0-001fd0d8baba}\Shell - " " = AutoRun
O33 - MountPoints2\{7de735f2-e597-11df-a4b0-001fd0d8baba}\Shell\Auto\command - " " = G:\Automatic.sos -- File not found
O33 - MountPoints2\{7de735f2-e597-11df-a4b0-001fd0d8baba}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{c0c47043-8f27-11df-a589-806d6172696f}\Shell - " " = AutoRun
O33 - MountPoints2\{c0c47043-8f27-11df-a589-806d6172696f}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{c0c47043-8f27-11df-a589-806d6172696f}\Shell\AutoRun\command - " " = E:\BlueBirds.exe -- [2009/04/29 20:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 16:43:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/06 09:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/05 13:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/12/05 11:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/12/05 10:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/12/05 10:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/12/04 20:27:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marshall\Recent
[2010/12/04 19:54:09 | 000,000,000 | ---D | C] -- C:\FIX THIS PC
[2010/12/04 19:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\My Documents\HELPZ
[2010/12/04 19:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Temp File Cleaner
[2010/12/04 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010/12/04 17:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/04 17:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/12/04 17:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\My Documents\REG Backups
[2010/12/04 16:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/12/04 16:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/04 16:31:42 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/12/04 16:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Riot Games
[2010/12/04 16:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\PMB Files
[2010/12/04 16:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/04 16:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/12/04 15:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeChat
[2010/12/04 15:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/12/04 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/12/04 14:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/04 14:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/04 14:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/04 14:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\Logishrd
[2010/12/04 14:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2010/12/04 14:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2010/12/04 14:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/12/04 14:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\Logishrd
[2010/12/04 14:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/04 14:04:18 | 000,000,000 | ---D | C] -- C:\f187b0792ef2605282a8
[2010/12/04 13:58:54 | 000,000,000 | ---D | C] -- C:\MISC Stuff
[2010/12/01 14:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/12/01 14:37:43 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/12/01 14:37:43 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/12/01 14:37:43 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/12/01 14:36:43 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/27 13:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\TuneUp Software
[2010/11/27 13:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/27 13:07:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/11/23 07:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/11/14 14:38:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2010/11/12 18:44:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marshall\Application Data\SecuROM
[2010/11/12 18:15:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2010/11/12 17:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\Downloaded Installations
[2010/11/12 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/11/09 16:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\Threat Expert
[2010/11/09 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\skypePM
[2010/11/09 16:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/11/09 16:00:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/11/09 16:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\Skype
[2010/11/09 16:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

========== Files - Modified Within 30 Days ==========

[2010/12/06 16:50:27 | 000,495,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/06 16:50:27 | 000,084,310 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/06 16:46:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 16:45:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1500820517-682003330-1003.job
[2010/12/06 16:45:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/12/06 16:45:58 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/12/06 16:45:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/06 16:44:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/05 13:56:05 | 002,160,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/05 13:53:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/04 17:21:36 | 000,497,050 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/04 15:37:06 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/04 15:37:06 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/04 15:37:02 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/01 14:39:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/12/01 14:36:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/12/01 14:36:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/01 14:36:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/01 14:35:47 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/01 14:33:25 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/01 14:32:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/30 07:57:06 | 000,008,141 | ---- | M] () -- C:\WINDOWS\System32\5123.js
[2010/11/30 07:37:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 22:21:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/28 22:07:38 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Marshall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 13:05:11 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/11/25 23:01:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1500820517-682003330-1003.job
[2010/11/23 16:31:14 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/11/23 16:31:14 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\PnkBstrK.sys
[2010/11/23 16:30:53 | 000,669,184 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/11/23 15:49:57 | 000,001,480 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2010/11/17 20:37:08 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\MPQEditor.ini
[2010/11/17 16:05:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/11/09 16:02:10 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

========== Files Created - No Company Name ==========

[2010/12/05 11:39:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/04 17:21:30 | 000,497,050 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/01 14:37:37 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/12/01 14:37:19 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/12/01 14:37:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/12/01 14:37:13 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/12/01 14:37:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/12/01 14:37:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/12/01 14:37:00 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/12/01 14:36:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/12/01 14:36:45 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/12/01 13:46:45 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/12/01 13:46:45 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/12/01 13:46:45 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/12/01 13:46:45 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/12/01 13:46:45 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/12/01 13:46:45 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/12/01 13:46:45 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/12/01 13:46:45 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/12/01 13:46:45 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/12/01 13:46:45 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/12/01 13:46:44 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/12/01 13:46:44 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/12/01 13:46:44 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/12/01 13:46:44 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/12/01 13:46:44 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/12/01 13:46:44 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/12/01 13:46:44 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/12/01 13:46:44 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/11/30 07:57:06 | 000,008,141 | ---- | C] () -- C:\WINDOWS\System32\5123.js
[2010/11/27 13:07:31 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/27 13:05:11 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/11/17 16:05:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/11/12 17:29:50 | 000,001,480 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2010/11/12 17:20:19 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/11/12 17:20:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\PnkBstrK.sys
[2010/11/12 17:20:02 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/11/12 17:20:01 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/11/12 17:20:01 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/11/09 16:02:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/01 20:25:23 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\ICARE_ACTIVITY.LOG
[2010/09/29 17:22:36 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/09/29 17:22:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/09/29 17:22:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/09/26 18:51:55 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/06 19:33:38 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\MPQEditor.ini
[2010/07/22 23:37:03 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Marshall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/14 23:37:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/14 23:35:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/14 23:35:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/14 23:35:42 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/14 23:35:42 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/14 23:35:40 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/14 20:10:01 | 001,584,149 | ---- | C] () -- C:\WINDOWS\System32\setupapinew.dll
[2010/07/14 20:10:01 | 000,789,525 | ---- | C] () -- C:\WINDOWS\System32\rpcrt4new.dll
[2010/07/14 20:10:01 | 000,633,871 | ---- | C] () -- C:\WINDOWS\System32\user32new.dll
[2010/07/14 20:10:01 | 000,134,671 | ---- | C] () -- C:\WINDOWS\System32\winstanew.dll
[2010/07/14 20:10:01 | 000,096,783 | ---- | C] () -- C:\WINDOWS\System32\powrprofnew.dll
[2010/07/14 20:10:01 | 000,087,558 | ---- | C] () -- C:\WINDOWS\System32\ntdsapinew.dll
[2010/07/14 20:10:01 | 000,072,707 | ---- | C] () -- C:\WINDOWS\System32\secur32new.dll
[2010/07/14 20:10:01 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2010/07/14 20:10:01 | 000,000,236 | -H-- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/07/14 20:10:00 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2010/07/14 20:10:00 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2010/07/14 20:10:00 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2010/07/14 20:10:00 | 000,167,948 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2010/07/14 20:10:00 | 000,039,948 | ---- | C] () -- C:\WINDOWS\System32\dwmapi.dll
[2010/07/14 20:09:59 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2010/07/14 20:09:59 | 000,974,354 | ---- | C] () -- C:\WINDOWS\System32\crypt32new.dll
[2010/07/14 20:09:59 | 000,770,069 | ---- | C] () -- C:\WINDOWS\System32\advapi32new.dll
[2010/07/14 20:09:59 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/07/14 20:09:59 | 000,171,023 | ---- | C] () -- C:\WINDOWS\System32\apphelpnew.dll
[2010/07/14 18:12:40 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\setup_ldm.iss
[2010/07/14 03:55:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/02 18:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2004/08/04 23:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/07/25 11:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/25 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/10/24 14:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/08/21 13:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/12/04 17:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/04 16:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/23 13:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/12/04 17:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/27 13:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/09/28 00:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/12/04 15:12:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2010/11/27 13:07:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/07/16 17:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/14 20:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/30 20:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\AnvSoft
[2010/07/25 12:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\DAEMON Tools Lite
[2010/07/25 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\DAEMON Tools Pro
[2010/08/20 14:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\fltk.org
[2010/10/24 14:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\IObit
[2010/10/21 23:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\JLC's Software
[2010/07/14 18:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Leadertech
[2010/11/01 21:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\LolClient
[2010/07/14 19:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\OpenOffice.org
[2010/10/23 13:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Publish Providers
[2010/10/23 13:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Sony
[2010/10/20 17:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Subversion
[2010/11/27 13:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\TuneUp Software
[2010/09/28 00:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Ubisoft
[2010/09/29 18:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Xilisoft Corporation
[2010/12/06 16:45:58 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/12/06 16:45:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >


EDIT: After looking at the post, I noticed the accidental smiley, so I disabled smilies.

 

Go here http://www.billsway.com/vbspage/ and download, unzip and run the Registry Search Tool.

• Type Bitlord in the dialog box.
• Let it run and after a few minutes, a prompt will appear.
• Click OK to write the results to Notepad and post them here.

==========

Still having problems?

 

I have looked on Process XP since the reboot and I have not seen a single mshta.exe process yet For now, I have not ran into any problems yet...but it seems all good.

Here is the log:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "bitlord" 6/12/2010 8:36:45 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bc!]
@= "BitLordUnfinishedFile "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BitLord.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BitLord.exe\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BitLord.exe\shell\open]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BitLord.exe\shell\open\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BitLord.exe\shell\open\command]
@= "\ "F:\\Program Files\\BitLord\\BitLord.exe\" \ "%1\" /dummy "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BitLord.exe\shell\open\ddeexec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BitLord.exe\shell\open\ddeexec\Application]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BitLord.exe\shell\open\ddeexec\Application]
@= "BitLord "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BitLord.exe\shell\open\ddeexec\Topic]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitLordUnfinishedFile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitLordUnfinishedFile]
@= "BitLord Incomplete Download File "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent]
@= "BitLord File "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent]
"OldDefault "= "BitLord File "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent\DefaultIcon]
@= "\ "F:\\Program Files\\BitLord\\BitLord.exe\ ",1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent\DefaultIcon]
"OldDefault "= "\ "F:\\Program Files\\BitLord\\BitLord.exe\ ",1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent\shell\open\command]
@= "\ "F:\\Program Files\\BitLord\\BitLord.exe\" \ "%1\" /dummy "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent\shell\open\command]
"OldDefault "= "\ "F:\\Program Files\\BitLord\\BitLord.exe\" \ "%1\" /dummy "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent\shell\open\ddeexec\Application]
@= "BitLord "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitLord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BitLord.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BitLord.exe]
@= "F:\\Program Files\\BitLord\\BitLord.exe "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\BitLord\\BitLord.exe "= "F:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\BitLord\\BitLord.exe "= "F:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\BitLord\\BitLord.exe "= "F:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord "

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\BitLord]

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\BitLord]
@= "F:\\Program Files\\BitLord "

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\BitLord\BitComet]

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\BitLord\BitComet\AppWindow]

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Gabest\Media Player Classic\Settings]
"File Name 15 "= "F:\\Program Files\\BitLord\\Downloads\\Family Guy Season 8 Complete\\family.guy.s08e10.hdtv.xvid-2hd.avi "

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Gabest\Media Player Classic\Settings]
"File Name 16 "= "F:\\Program Files\\BitLord\\Downloads\\Family Guy Season 8 Complete\\family.guy.s08e09.pdtv.xvid-fqm.avi "

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Gabest\Media Player Classic\Settings]
"File Name 17 "= "F:\\Program Files\\BitLord\\Downloads\\Family Guy Season 8 Complete\\family.guy.s08e08.pdtv.xvid-fqm.avi "

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Gabest\Media Player Classic\Settings]
"File Name 18 "= "F:\\Program Files\\BitLord\\Downloads\\Family Guy Season 8 Complete\\family.guy.s08e07.pdtv.xvid-fqm.avi "

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Gabest\Media Player Classic\Settings]
"File Name 19 "= "F:\\Program Files\\BitLord\\Downloads\\Family Guy Season 8 Complete\\family.guy.s08e06.pdtv.xvid-fqm.avi "

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bc!\OpenWithProgids]
"BitLordUnfinishedFile "=hex(0):

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"a "= "BitLord.exe "

Oh and by the way, I am giving up on P2P programs anyway, I haven't used my client in a long time since I am buying things now

 

Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click the file to run it and when asked if you want to merge with your registry, answer yes.
Reboot after and run regsearch as before.
View attachment fixme.zip

 

Done, I did a search, with only 5 entries found:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "bitlord" 6/12/2010 9:37:12 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\BitLord\\BitLord.exe "= "F:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\BitLord\\BitLord.exe "= "F:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\Program Files\\BitLord\\BitLord.exe "= "F:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord "

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bc!\OpenWithProgids]
"BitLordUnfinishedFile "=hex(0):

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"a "= "BitLord.exe "

Should we leave them, or do you have another registry trick up your sleeve?
Thanks for being such a MASSIVE help
It's good to know that I have a chance to finally resume my VCE homework.

 

This one should work. The forum software placed a space in those entries, rendering them incorrect and I never picked it up .

Same as before please.

View attachment fixme.zip

 

Cool beans, I scanned, this time only 2 entries found.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "bitlord" 6/12/2010 10:20:36 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bc!\OpenWithProgids]
"BitLordUnfinishedFile "=hex(0):

[HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"a "= "BitLord.exe "

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :Reg
  [HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bc!\OpenWithProgids]
   "BitLordUnfinishedFile "=-
  
  [HKEY_USERS\S-1-5-21-1202660629-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
   "a "=-
  
  
  :Commands
  [purity]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

No report came up after the Run Fix D:

But here are the quick scan results:
OTL logfile created on: 6/12/2010 11:04:11 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\FIX THIS PC\BBS\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 101.14 Gb Free Space | 43.43% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARSHALL-D40729 | User Name: Marshall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/29 17:42:14 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/10 07:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/11/06 08:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\FIX THIS PC\BBS\OTL\OTL.exe
PRC - [2010/10/29 15:57:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 15:57:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/29 10:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/20 18:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/09/28 12:48:08 | 000,264,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2008/12/22 14:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/08/04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/06 08:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\FIX THIS PC\BBS\OTL\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/28 21:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/12 12:14:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/20 18:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)


========== Driver Services (SafeList) ==========

DRV - [2010/11/30 17:06:04 | 006,261,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/17 05:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/09/08 07:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/08/25 04:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/25 04:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/25 04:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/25 04:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/07/25 11:51:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/14 15:58:07 | 000,016,512 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/18 03:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/18 03:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/18 03:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/14 23:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 22:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007/09/20 19:07:40 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 19:07:38 | 000,053,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.houstontexans.com/news/calendar.html "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/02 14:54:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 15:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/20 23:46:27 | 000,000,000 | ---D | M]

[2010/07/14 18:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Extensions
[2010/12/06 16:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions
[2010/07/31 20:20:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/10 18:29:58 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/11/08 16:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/10/21 22:51:25 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/16 18:58:26 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010/07/14 19:18:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/21 14:31:06 | 000,005,475 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\searchplugins\googlecom-in-english.xml
[2010/12/06 16:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/09 16:01:15 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/30 19:49:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/10 10:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/12/24 14:15:24 | 000,000,614 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\image.xml

O1 HOSTS File: ([2010/12/06 16:44:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Marshall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marshall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/14 12:18:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 20:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{45c44cdc-d34a-11df-a483-001fd0d8baba}\Shell\AutoRun\command - " " = C:\WINDOWS\System32\rundll.exe -- File not found
O33 - MountPoints2\{45c44cdc-d34a-11df-a483-001fd0d8baba}\Shell\explore\command - " " = C:\WINDOWS\System32\rundll.exe -- File not found
O33 - MountPoints2\{45c44cdc-d34a-11df-a483-001fd0d8baba}\Shell\open\command - " " = C:\WINDOWS\System32\rundll.exe -- File not found
O33 - MountPoints2\{7de735f2-e597-11df-a4b0-001fd0d8baba}\Shell - " " = AutoRun
O33 - MountPoints2\{7de735f2-e597-11df-a4b0-001fd0d8baba}\Shell\Auto\command - " " = G:\Automatic.sos -- File not found
O33 - MountPoints2\{7de735f2-e597-11df-a4b0-001fd0d8baba}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{c0c47043-8f27-11df-a589-806d6172696f}\Shell - " " = AutoRun
O33 - MountPoints2\{c0c47043-8f27-11df-a589-806d6172696f}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{c0c47043-8f27-11df-a589-806d6172696f}\Shell\AutoRun\command - " " = E:\BlueBirds.exe -- [2009/04/29 20:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 16:43:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/06 09:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/05 13:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/12/05 11:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/12/05 10:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/12/05 10:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/12/04 20:27:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marshall\Recent
[2010/12/04 19:54:09 | 000,000,000 | ---D | C] -- C:\FIX THIS PC
[2010/12/04 19:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\My Documents\HELPZ
[2010/12/04 19:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Temp File Cleaner
[2010/12/04 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010/12/04 17:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/04 17:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/12/04 17:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\My Documents\REG Backups
[2010/12/04 16:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/12/04 16:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/04 16:31:42 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/12/04 16:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Riot Games
[2010/12/04 16:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\PMB Files
[2010/12/04 16:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/04 16:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/12/04 15:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeChat
[2010/12/04 15:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/12/04 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/12/04 14:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/04 14:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/04 14:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/04 14:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\Logishrd
[2010/12/04 14:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2010/12/04 14:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2010/12/04 14:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/12/04 14:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\Logishrd
[2010/12/04 14:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/04 14:04:18 | 000,000,000 | ---D | C] -- C:\f187b0792ef2605282a8
[2010/12/04 13:58:54 | 000,000,000 | ---D | C] -- C:\MISC Stuff
[2010/12/01 14:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/12/01 14:37:43 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/12/01 14:37:43 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/12/01 14:37:43 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/12/01 14:36:43 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/27 13:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\TuneUp Software
[2010/11/27 13:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/27 13:07:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/11/23 07:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/11/14 14:38:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2010/11/12 18:44:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marshall\Application Data\SecuROM
[2010/11/12 18:15:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2010/11/12 17:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\Downloaded Installations
[2010/11/12 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/11/09 16:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\Threat Expert
[2010/11/09 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\skypePM
[2010/11/09 16:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/11/09 16:00:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/11/09 16:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\Skype
[2010/11/09 16:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

========== Files - Modified Within 30 Days ==========

[2010/12/06 23:06:21 | 000,495,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/06 23:06:21 | 000,084,310 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/06 23:02:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 23:01:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1500820517-682003330-1003.job
[2010/12/06 23:01:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/12/06 23:01:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/06 16:45:58 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/12/06 16:44:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/05 13:56:05 | 002,160,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/05 13:53:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/04 17:21:36 | 000,497,050 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/04 15:37:06 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/04 15:37:06 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/04 15:37:02 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/01 14:39:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/12/01 14:36:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/12/01 14:36:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/01 14:36:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/01 14:35:47 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/01 14:33:25 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/01 14:32:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/11/30 07:57:06 | 000,008,141 | ---- | M] () -- C:\WINDOWS\System32\5123.js
[2010/11/30 07:37:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 22:21:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/28 22:07:38 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Marshall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 13:05:11 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/11/25 23:01:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1500820517-682003330-1003.job
[2010/11/23 16:31:14 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/11/23 16:31:14 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\PnkBstrK.sys
[2010/11/23 16:30:53 | 000,669,184 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/11/23 15:49:57 | 000,001,480 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2010/11/17 20:37:08 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\MPQEditor.ini
[2010/11/17 16:05:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/11/09 16:02:10 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

========== Files Created - No Company Name ==========

[2010/12/05 11:39:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/04 17:21:30 | 000,497,050 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/12/01 14:37:37 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/12/01 14:37:19 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/12/01 14:37:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/12/01 14:37:13 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/12/01 14:37:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/12/01 14:37:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/12/01 14:37:00 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/12/01 14:36:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/12/01 14:36:45 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/12/01 13:46:45 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/12/01 13:46:45 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/12/01 13:46:45 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/12/01 13:46:45 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/12/01 13:46:45 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/12/01 13:46:45 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/12/01 13:46:45 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/12/01 13:46:45 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/12/01 13:46:45 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/12/01 13:46:45 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/12/01 13:46:44 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/12/01 13:46:44 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/12/01 13:46:44 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/12/01 13:46:44 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/12/01 13:46:44 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/12/01 13:46:44 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/12/01 13:46:44 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/12/01 13:46:44 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/11/30 07:57:06 | 000,008,141 | ---- | C] () -- C:\WINDOWS\System32\5123.js
[2010/11/27 13:07:31 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/27 13:05:11 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/11/17 16:05:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/11/12 17:29:50 | 000,001,480 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2010/11/12 17:20:19 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/11/12 17:20:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\PnkBstrK.sys
[2010/11/12 17:20:02 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/11/12 17:20:01 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/11/12 17:20:01 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/11/09 16:02:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/01 20:25:23 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\ICARE_ACTIVITY.LOG
[2010/09/29 17:22:36 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/09/29 17:22:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/09/29 17:22:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/09/26 18:51:55 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/06 19:33:38 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\MPQEditor.ini
[2010/07/22 23:37:03 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Marshall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/14 23:37:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/14 23:35:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/14 23:35:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/14 23:35:42 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/14 23:35:42 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/14 23:35:40 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/14 20:10:01 | 001,584,149 | ---- | C] () -- C:\WINDOWS\System32\setupapinew.dll
[2010/07/14 20:10:01 | 000,789,525 | ---- | C] () -- C:\WINDOWS\System32\rpcrt4new.dll
[2010/07/14 20:10:01 | 000,633,871 | ---- | C] () -- C:\WINDOWS\System32\user32new.dll
[2010/07/14 20:10:01 | 000,134,671 | ---- | C] () -- C:\WINDOWS\System32\winstanew.dll
[2010/07/14 20:10:01 | 000,096,783 | ---- | C] () -- C:\WINDOWS\System32\powrprofnew.dll
[2010/07/14 20:10:01 | 000,087,558 | ---- | C] () -- C:\WINDOWS\System32\ntdsapinew.dll
[2010/07/14 20:10:01 | 000,072,707 | ---- | C] () -- C:\WINDOWS\System32\secur32new.dll
[2010/07/14 20:10:01 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2010/07/14 20:10:01 | 000,000,236 | -H-- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/07/14 20:10:00 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2010/07/14 20:10:00 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2010/07/14 20:10:00 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2010/07/14 20:10:00 | 000,167,948 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2010/07/14 20:10:00 | 000,039,948 | ---- | C] () -- C:\WINDOWS\System32\dwmapi.dll
[2010/07/14 20:09:59 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2010/07/14 20:09:59 | 000,974,354 | ---- | C] () -- C:\WINDOWS\System32\crypt32new.dll
[2010/07/14 20:09:59 | 000,770,069 | ---- | C] () -- C:\WINDOWS\System32\advapi32new.dll
[2010/07/14 20:09:59 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2010/07/14 20:09:59 | 000,171,023 | ---- | C] () -- C:\WINDOWS\System32\apphelpnew.dll
[2010/07/14 18:12:40 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\setup_ldm.iss
[2010/07/14 03:55:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/02 18:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2004/08/04 23:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/07/25 11:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/25 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/10/24 14:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/08/21 13:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/12/04 17:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/04 16:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/23 13:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/12/04 17:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/27 13:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/09/28 00:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/12/04 15:12:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2010/11/27 13:07:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/07/16 17:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/14 20:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/30 20:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\AnvSoft
[2010/07/25 12:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\DAEMON Tools Lite
[2010/07/25 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\DAEMON Tools Pro
[2010/08/20 14:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\fltk.org
[2010/10/24 14:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\IObit
[2010/10/21 23:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\JLC's Software
[2010/07/14 18:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Leadertech
[2010/11/01 21:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\LolClient
[2010/07/14 19:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\OpenOffice.org
[2010/10/23 13:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Publish Providers
[2010/10/23 13:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Sony
[2010/10/20 17:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Subversion
[2010/11/27 13:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\TuneUp Software
[2010/09/28 00:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Ubisoft
[2010/09/29 18:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Xilisoft Corporation
[2010/12/06 16:45:58 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/12/06 23:01:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

 

We have probably got enough to not worry any more .

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====

Are you able to get a Kaspersky scan?

 

Quick question about the JRE install, all I got was a .sh file (jre-6u22-solaris-i586.sh to be exact), can you please tell me how to open it? Also, are you asking me to do an online Kaspersky scan?
When you have told me how to run it, I won't reply until I have succesfully installed and ran a Kaspersky scan. Unless if something goes wrong of course.



EDIT: Wait, I missed an instruction, but go ahead and answer my questions, I may have solved it by the time you answered.
EDIT 2: Yeah I knew it, I picked the wrong OS by accident hehe. But did you want me to do an online Kaspersky scan? Right now, it's closed due to renovations...

 

I think you are pretty much done, but forum protocol requires that you do an on-line scan to make sure all is well.
Another ESET scan will be fine.

 

I did a scan, despite there being no logs to retrieve (grrrrr, this is the second time).
My results were no infected files though.

If you have anymore instructions, I will be waiting.

 

If your PC is running ok I think we can call it a day?

 

I think it's all good. Sorry, I had to get to sleep.
Thank you so much! This means so much to me!

By the way, should I delete the things we have used? Or should I keep them for future reference? Also, does this mean I can install my Windows updates now? I got a SP3 update that is waiting for me...