Automatically Deleted File Causing Popup At Startup

Avast Free Antivirus / Premium Security
21

I uninstalled Norton, did a fresh install of Avast and forgot to put the file back beforehand so it wasn’t in the vault of the new installation. Fortunately I still had it in the C:\Suspect folder I created earlier or I’d be getting that stupid “cannot start” popup when I boot forever :smiley:

Anyways, as soon as I pasted it back into the original folder, BthcfgLite, I got a hit on it again and now it’s back in the vault. I’m tempted to just tell Avast it’s a false possitive and get this whole thing over with.

22

Please do, You can send the file to avast by right clicking the file in the Chest and choosing Submit to virus lab. :wink:

23

Things are just getting worse :-\

I restarted my computer after restoring the file to it’s original location from the vault (which would normally stop the popup message and trigger an Avast quarantine), and when it booted up I got a new popup message…

“there was a problem starting C:\Users\Matt\AppData\Local\BthcfgLite\nsPathapi.dll
The operation did not complete successfully because the file contains a virus

This is just a guess, but could it be because I pasted the file back into the folder from my C:\Suspect folder rather than restoring it directly back from the vault, maybe changing something, some how, some way?

So, I tried deleting the BthcfgLite folder altogether (which contained nothing other than the nsPathapi.dll file). This simply brought back the same popup message I got when I had the file quarantined.

I ended up re-creating the BthcfgLite folder and restoring the dll file back to it from the vault, but now I’m stuck with a popup message on bootup whether I have the file in place or not. Now what?

24

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL 
O4 - HKU\S-1-5-21-1365355309-1046215032-4006205038-1000..\Run: [nsPathapi] C:\Users\Matt\AppData\Local\BthcfgLite\nsPathapi.DLL () 

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

25

Not sure how I’m supposed to post a logfile here with a maximum 10k characters. I broke the log into 5 different sections and they were still too big to post here. I added them to my site again but that added a ton of extra chinese-looking characters. I hope you can read past them…

http://gylbo.com/myfiles/newOTL.Txt

EDIT: Nope, that’s not gonna work… those “extra” characters aren’t extra, they’re actually part of the logfile. I’m gonna have to figure out a way to make them stop from changing. I’ll post back, or maybe I’ll just have to make 7 or 8 replies here to get it all out.

26

OTL logfile created on: 12/24/2010 5:46:14 PM - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Matt\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 191.65 Gb Free Space | 85.81% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/22 17:10:36 | 000,602,624 | ---- | M] (OldTimer Tools) – C:\Users\Matt\Downloads\OTL.exe
PRC - [2010/12/02 18:55:27 | 000,032,960 | ---- | M] () – C:\Users\Matt\AppData\Local\Starfield\starfieldupdate.exe
PRC - [2010/11/08 07:30:48 | 001,074,384 | ---- | M] (Starfield Technologies, Inc.) – C:\Users\Matt\AppData\Local\Starfield\wben.exe
PRC - [2010/10/31 21:28:41 | 000,274,608 | ---- | M] (RealNetworks, Inc.) – C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/10/20 17:32:46 | 000,169,640 | ---- | M] (RealNetworks, Inc.) – C:\Program Files\Real\RealUpgrade\realupgrade.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () – C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () – C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) – C:\Program Files\Starfield\offSyncService.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) – C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\sppsvc.exe
PRC - [2009/07/13 17:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) – C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

========== Modules (SafeList) ==========

MOD - [2010/12/22 17:10:36 | 000,602,624 | ---- | M] (OldTimer Tools) – C:\Users\Matt\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) – C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\cfgmgr32.dll

27

========== Win32 Services (SafeList) ==========

SRV - [2010/10/29 05:41:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] – C:\Windows\System32\Wat\WatAdminSvc.exe – (WatAdminSvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Program Files\Windows Live\Mesh\wlcrasvc.exe – (wlcrasvc)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] – C:\Program Files\Flip Video\FlipShare\FlipShareService.exe – (FlipShare Service)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] – C:\Program Files\Starfield\offSyncService.exe – (File Backup)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] – C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe – (TMachInfo)
SRV - [2009/08/13 13:08:14 | 000,210,304 | ---- | M] () [Disabled | Stopped] – C:\Program Files\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe – (taisregispinger)
SRV - [2009/08/10 21:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] – C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe – (cfWiMAXService)
SRV - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] – C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe – (TosCoSrv)
SRV - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] – C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe – (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 01:54:10 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] – C:\Windows\System32\atiesrxx.exe – (AMD External Events Utility)
SRV - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] – C:\Windows\System32\TODDSrv.exe – (TODDSrv)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\wwansvc.dll – (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\wbiosrvc.dll – (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\umpo.dll – (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\themeservice.dll – (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sppuinotify.dll – (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] – C:\Windows\System32\RpcEpMap.dll – (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\pnrpsvc.dll – (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\pnrpsvc.dll – (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\provsvc.dll – (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\pnrpauto.dll – (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\ListSvc.dll – (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\FntCache.dll – (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\dhcpcore.dll – (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\defragsvc.dll – (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] – C:\Windows\System32\bdesvc.dll – (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\AxInstSv.dll – (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\appidsvc.dll – (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\sppsvc.exe – (sppsvc)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] – C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe – (GameConsoleService)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] – C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe – (ConfigFree Service)

28

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – C:\windows\System32\DRIVERS\RtsUCcid.sys – (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] – C:\windows\System32\DRIVERS\Rts516xIR.sys – (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] – C:\windows\System32\Drivers\RtsUStor.sys – (RSUSBSTOR)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\windows\System32\drivers\aswTdi.sys – (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\windows\System32\drivers\aswSP.sys – (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\windows\System32\drivers\aswRdr.sys – (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswMonFlt.sys – (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\windows\System32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\windows\System32\Drivers\ksecpkg.sys – (KSecPkg)
DRV - [2009/08/13 10:18:22 | 000,372,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\RTL8187Se.sys – (RTL8187Se)
DRV - [2009/07/30 19:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\tdcmdpst.sys – (tdcmdpst)
DRV - [2009/07/30 14:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\atikmdag.sys – (atikmdag)
DRV - [2009/07/28 23:02:42 | 002,735,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\RTKVHDA.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/20 19:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\SynTP.sys – (SynTP)
DRV - [2009/07/14 17:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] – C:\windows\system32\DRIVERS\TVALZ_O.SYS – (TVALZ)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\cmdide.sys – (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\adpahci.sys – (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\adp94xx.sys – (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\amdsbs.sys – (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\adpu320.sys – (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\arcsas.sys – (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\amdsata.sys – (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\arc.sys – (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\windows\system32\DRIVERS\amdxata.sys – (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\aliide.sys – (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\nvstor.sys – (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\nvraid.sys – (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\nfrd960.sys – (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\lsi_sas.sys – (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\iaStorV.sys – (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\MegaSR.sys – (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\lsi_scsi.sys – (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\lsi_fc.sys – (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\lsi_sas2.sys – (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\iirsp.sys – (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\megasas.sys – (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\windows\System32\drivers\hwpolicy.sys – (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\elxstor.sys – (elxstor)

29

M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\djsvs.sys – (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\HpSAMD.sys – (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\System32\drivers\fsdepends.sys – (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\vsmraid.sys – (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\vhdmp.sys – (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\windows\system32\DRIVERS\vdrvroot.sys – (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\System32\drivers\wimmount.sys – (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\viaide.sys – (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\ql2300.sys – (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\windows\System32\drivers\rdyboost.sys – (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\ql40xx.sys – (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\sisraid4.sys – (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\windows\System32\drivers\pcw.sys – (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\SiSRaid2.sys – (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\stexstor.sys – (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\windows\System32\Drivers\cng.sys – (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] – C:\windows\System32\Drivers\Brserid.sys – (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\rdpbus.sys – (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] – C:\Windows\System32\drivers\RDPREFMP.sys – (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\agilevpn.sys – (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] – C:\Windows\System32\drivers\wfplwf.sys – (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ndiscap.sys – (NdisCap)
DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] – C:\Windows\System32\drivers\vwififlt.sys – (vwififlt)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\vwifibus.sys – (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\1394ohci.sys – (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\umpass.sys – (UmPass)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\windows\System32\drivers\mshidkmdf.sys – (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\MTConfig.sys – (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\windows\system32\DRIVERS\CompositeBus.sys – (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\drivers\appid.sys – (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] – C:\Windows\System32\drivers\scfilter.sys – (scfilter)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] – C:\Windows\System32\drivers\discache.sys – (discache)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\acpipmi.sys – (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\amdppm.sys – (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] – C:\windows\system32\drivers\hcw85cir.sys – (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] – C:\windows\System32\Drivers\BrUsbMdm.sys – (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] – C:\windows\System32\Drivers\BrUsbSer.sys – (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] – C:\windows\System32\Drivers\BrSerWdm.sys – (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\BrFiltLo.sys – (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\BrFiltUp.sys – (BrFiltUp)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\AGRSM.sys – (AgereSoftModem)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\b57nd60x.sys – (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\evbdx.sys – (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\windows\system32\DRIVERS\bxvbdx.sys – (b06bdrv)
DRV - [2009/07/02 16:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] – C:\windows\system32\DRIVERS\LPCFilter.sys – (LPCFilter)
DRV - [2009/05/23 00:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\Rt86win7.sys – (RTL8167)
DRV - [2009/05/05 02:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] – C:\windows\system32\DRIVERS\AtiPcie.sys – (AtiPcie) AMD PCI Express (3GIO)

30

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.startup.homepage: “http://www.google.com
FF - prefs.js…extensions.enabledItems: wbepaste@starfield:1.2
FF - prefs.js…extensions.enabledItems: zoomext@starfield:1.2
FF - prefs.js…extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/31 21:29:00 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 21:04:05 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/21 23:42:32 | 000,000,000 | —D | M]

[2010/12/21 20:25:39 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2010/12/21 21:04:29 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\d07hne65.default\extensions
[2010/12/21 23:42:33 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions
[2010/12/21 23:42:34 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/24 17:40:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM…\Run: File not found
O4 - HKLM…\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware (reboot)] C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM…\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU…\Run: [Starfield Updater] C:\Users\Matt\AppData\Local\Starfield\StarfieldUpdate.exe ()
O4 - HKCU…\Run: [wben] C:\Users\Matt\AppData\Local\Starfield\wben.exe (Starfield Technologies, Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.1.18.229 68.1.18.30
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk ) - File not found
O35 - HKLM..comfile [open] – “%1” %
O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*

31

========== Files/Folders - Created Within 30 Days ==========

[2010/12/24 17:40:26 | 000,000,000 | —D | C] – C:_OTL
[2010/12/23 20:49:41 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Local\BthcfgLite
[2010/12/23 18:48:27 | 000,000,000 | —D | C] – C:\Users\Matt\MadeiraBean
[2010/12/23 17:47:59 | 000,165,584 | ---- | C] (AVAST Software) – C:\windows\System32\drivers\aswSP.sys
[2010/12/23 17:47:59 | 000,017,744 | ---- | C] (AVAST Software) – C:\windows\System32\drivers\aswFsBlk.sys
[2010/12/23 17:47:57 | 000,023,376 | ---- | C] (AVAST Software) – C:\windows\System32\drivers\aswRdr.sys
[2010/12/23 17:47:53 | 000,046,672 | ---- | C] (AVAST Software) – C:\windows\System32\drivers\aswTdi.sys
[2010/12/23 17:47:50 | 000,050,768 | ---- | C] (AVAST Software) – C:\windows\System32\drivers\aswMonFlt.sys
[2010/12/23 17:47:37 | 000,167,592 | ---- | C] (AVAST Software) – C:\windows\System32\aswBoot.exe
[2010/12/23 17:47:37 | 000,038,848 | ---- | C] (AVAST Software) – C:\windows\avastSS.scr
[2010/12/22 04:44:40 | 000,000,000 | —D | C] – C:\Suspect
[2010/12/21 23:42:55 | 000,000,000 | —D | C] – C:\ProgramData\Sun
[2010/12/21 23:42:54 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Java
[2010/12/21 21:04:03 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Firefox
[2010/12/20 23:25:35 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Local\Google
[2010/12/20 23:25:35 | 000,000,000 | —D | C] – C:\Program Files\Google
[2010/12/20 23:25:03 | 000,000,000 | —D | C] – C:\ProgramData\Alwil Software
[2010/12/20 23:25:03 | 000,000,000 | —D | C] – C:\Program Files\Alwil Software
[2010/12/13 23:56:24 | 000,000,000 | —D | C] – C:\Program Files\E.M. HD Video Converter
[2010/12/13 23:24:36 | 000,000,000 | —D | C] – C:\windows\System32\QuickTime
[2010/12/13 23:24:17 | 000,000,000 | —D | C] – C:\Program Files\QuickTime
[2010/12/13 23:24:09 | 000,000,000 | —D | C] – C:\Program Files\Common Files\TechSmith Shared
[2010/12/13 23:24:08 | 000,000,000 | —D | C] – C:\Program Files\TechSmith
[2010/12/12 11:32:01 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Roaming\HandBrake
[2010/12/12 11:31:39 | 000,000,000 | —D | C] – C:\Program Files\Handbrake
[2010/12/11 21:38:36 | 000,000,000 | —D | C] – C:\Program Files\HD Video Converter
[2010/12/11 21:04:31 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Roaming\Media Player Classic
[2010/12/11 20:03:55 | 000,000,000 | —D | C] – C:\ProgramData\QuickMediaConverter
[2010/12/11 20:02:17 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Roaming\CocoonSoftware
[2010/12/11 20:01:48 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Local\WDSetup
[2010/12/11 13:18:58 | 000,000,000 | —D | C] – C:\Program Files\Free Convert HD Video to AVI DIVX FLV MP4 Converter
[2010/12/11 12:46:29 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Local{5D409B5B-F214-45C2-A4E3-94395E98CBAF}
[2010/12/11 10:43:38 | 000,000,000 | —D | C] – C:\Users\Matt\Strobe Media Playback
[2010/12/11 00:08:42 | 000,000,000 | —D | C] – C:\Users\Matt\camstudiosample
[2010/12/11 00:04:18 | 000,000,000 | —D | C] – C:\Program Files\CamStudio
[2010/12/10 21:12:29 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Local{1840D6E6-240D-4830-A33C-05BD1FAB95A7}
[2010/12/10 21:10:47 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Local{D490A0DE-5A3A-4EB5-B9A4-5E530A0B1C0F}
[2010/12/10 21:10:32 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Roaming\Windows Live Writer
[2010/12/10 21:10:32 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Local\Windows Live Writer
[2010/12/10 21:10:32 | 000,000,000 | —D | C] – C:\Users\Matt\Documents\My Weblog Posts
[2010/12/10 21:08:51 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Local{33B8A12D-B27D-461B-8D4D-AC20769A0EAE}
[2010/12/10 18:58:12 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Local\Windows Live
[2010/12/10 09:50:42 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Roaming\inkscape
[2010/12/10 09:32:59 | 000,000,000 | —D | C] – C:\Program Files\Inkscape
[2010/12/09 19:32:33 | 000,000,000 | —D | C] – C:\Users\Matt\Fat Banana Productions
[2010/12/09 16:36:18 | 000,000,000 | —D | C] – C:\Program Files\Flip Video
[2010/12/09 16:05:24 | 000,000,000 | —D | C] – C:\ProgramData\Flip Video
[2010/12/04 05:00:12 | 000,000,000 | —D | C] – C:\Users\Matt\Marketing System Review
[2010/12/03 22:04:17 | 000,000,000 | —D | C] – C:\Users\Matt\ClimateGate
[2010/12/02 05:49:48 | 000,249,856 | ---- | C] (TODO: ) – C:\windows\System32\pdfmona.dll
[2010/12/02 05:49:46 | 000,000,000 | —D | C] – C:\pdf995
[2010/11/28 23:44:48 | 000,000,000 | —D | C] – C:\Users\Matt\Hardgainers Forum
[2010/11/28 23:44:40 | 000,000,000 | —D | C] – C:\Users\Matt\New folder
[2010/11/27 02:33:08 | 000,000,000 | —D | C] – C:\Users\Matt\My Expiring Domains
[2010/11/25 22:35:56 | 000,000,000 | —D | C] – C:\Users\Matt\AppData\Roaming\DivX
[2010/11/25 22:35:35 | 000,000,000 | —D | C] – C:\Program Files\Common Files\PX Storage Engine
[2010/11/25 22:35:01 | 000,000,000 | —D | C] – C:\Program Files\Common Files\DivX Shared
[2010/11/25 22:32:57 | 000,000,000 | —D | C] – C:\Program Files\DivX
[2010/11/25 22:32:03 | 000,000,000 | —D | C] – C:\ProgramData\DivX

32

========== Files - Modified Within 30 Days ==========

[2010/12/24 17:42:43 | 000,000,878 | ---- | M] () – C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/24 17:42:30 | 000,067,584 | --S- | M] () – C:\windows\bootstat.dat
[2010/12/24 17:42:20 | 1408,045,056 | -HS- | M] () – C:\hiberfil.sys
[2010/12/24 17:41:47 | 000,016,304 | -H-- | M] () – C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/24 17:41:47 | 000,016,304 | -H-- | M] () – C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/24 17:40:27 | 000,000,098 | ---- | M] () – C:\windows\System32\drivers\etc\Hosts
[2010/12/23 22:47:04 | 000,000,882 | ---- | M] () – C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/23 20:55:57 | 000,615,360 | ---- | M] () – C:\windows\System32\perfh009.dat
[2010/12/23 20:55:57 | 000,103,702 | ---- | M] () – C:\windows\System32\perfc009.dat
[2010/12/23 18:50:09 | 000,001,181 | ---- | M] () – C:\Users\Matt\Desktop\Mad Bean.lnk
[2010/12/23 17:57:12 | 000,001,944 | ---- | M] () – C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/23 17:57:10 | 000,002,577 | ---- | M] () – C:\windows\System32\config.nt
[2010/12/21 21:17:21 | 000,002,200 | ---- | M] () – C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/21 21:11:27 | 000,001,900 | ---- | M] () – C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/21 21:04:07 | 000,001,924 | ---- | M] () – C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/17 03:48:54 | 000,011,264 | ---- | M] () – C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/16 18:03:55 | 000,356,704 | ---- | M] () – C:\windows\System32\FNTCACHE.DAT
[2010/12/13 23:56:29 | 000,001,065 | ---- | M] () – C:\Users\Matt\Desktop\E.M. HD Video Converter.lnk
[2010/12/13 23:24:37 | 000,001,137 | ---- | M] () – C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/12/13 16:54:01 | 000,001,285 | ---- | M] () – C:\Users\Matt.recently-used.xbel
[2010/12/10 09:39:27 | 000,001,004 | ---- | M] () – C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2010/12/09 16:36:23 | 000,001,063 | ---- | M] () – C:\Users\Public\Desktop\FlipShare.lnk
[2010/12/08 21:57:59 | 000,000,059 | ---- | M] () – C:\windows\wpd99.drv
[2010/12/02 05:49:48 | 000,249,856 | ---- | M] (TODO: ) – C:\windows\System32\pdfmona.dll
[2010/12/02 05:49:48 | 000,051,716 | ---- | M] () – C:\windows\System32\pdf995mon.dll
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) – C:\windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) – C:\windows\System32\drivers\mbam.sys
[2010/11/28 23:57:06 | 000,001,961 | ---- | M] () – C:\Users\Matt\Desktop\FileZilla Client.lnk

========== Files Created - No Company Name ==========

[2010/12/23 18:50:09 | 000,001,181 | ---- | C] () – C:\Users\Matt\Desktop\Mad Bean.lnk
[2010/12/23 17:48:00 | 000,001,944 | ---- | C] () – C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/21 21:17:21 | 000,002,200 | ---- | C] () – C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/21 21:14:21 | 000,000,882 | ---- | C] () – C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/21 21:14:19 | 000,000,878 | ---- | C] () – C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/21 21:04:07 | 000,001,924 | ---- | C] () – C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/21 21:04:07 | 000,001,900 | ---- | C] () – C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/13 23:56:29 | 000,001,065 | ---- | C] () – C:\Users\Matt\Desktop\E.M. HD Video Converter.lnk
[2010/12/13 23:24:37 | 000,001,137 | ---- | C] () – C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/12/13 16:54:01 | 000,001,285 | ---- | C] () – C:\Users\Matt.recently-used.xbel
[2010/12/13 13:20:19 | 000,001,961 | ---- | C] () – C:\Users\Matt\Desktop\FileZilla Client.lnk
[2010/12/10 09:39:27 | 000,001,004 | ---- | C] () – C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2010/12/09 16:36:23 | 000,001,063 | ---- | C] () – C:\Users\Public\Desktop\FlipShare.lnk
[2010/12/02 05:49:48 | 000,051,716 | ---- | C] () – C:\windows\System32\pdf995mon.dll
[2010/12/02 05:49:48 | 000,000,059 | ---- | C] () – C:\windows\wpd99.drv
[2010/11/10 06:49:44 | 000,000,010 | ---- | C] () – C:\Users\Matt\AppData\Roaming\install
[2010/11/08 14:59:39 | 000,011,264 | ---- | C] () – C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 00:01:51 | 000,155,648 | ---- | C] () – C:\windows\System32\ESGAppInfo.dll
[2010/06/22 23:53:56 | 000,000,000 | ---- | C] () – C:\windows\NDSTray.INI
[2010/06/22 23:35:10 | 000,045,056 | ---- | C] () – C:\windows\System32\HWS_Ctrl.dll
[2010/06/22 23:29:51 | 000,073,728 | ---- | C] () – C:\windows\System32\RtNicProp32.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () – C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () – C:\windows\System32\BWContextHandler.dll
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () – C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010/10/28 22:55:07 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\AVG10
[2010/12/11 20:02:17 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\CocoonSoftware
[2010/12/15 06:00:39 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\FileZilla
[2010/11/11 23:47:29 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\FrostWire
[2010/12/12 11:32:05 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\HandBrake
[2010/12/10 09:50:43 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\inkscape
[2010/12/02 05:55:18 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\pdf995
[2010/10/28 17:04:02 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\WinBatch
[2010/12/10 21:10:32 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\Windows Live Writer
[2010/11/21 04:14:57 | 000,000,000 | —D | M] – C:\Users\Matt\AppData\Roaming\Xisyaf
[2010/12/18 00:16:42 | 000,032,596 | ---- | M] () – C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

33

Files can be attached, using the Additional Options link in the reply window. You can attach .txt, .log, .jpg or .gif files to posts.

34

Seems unless I copy and paste the text directly it changes all of the characters… on my end anyways…

35

You aren’t saving the file in the correct format, In the Encoding part when you save the file, I believe that has to be in Unicode, or if that is what it is in, then ANSI.

36

Here’s the 3 big encodings… they all open the same (good) on my computer.

EDIT: Odd, now all 3 are opening fine after uploading too :-\

37

Yes strange that, hopefully essexboy will be able to analyse the log/s. Not sure what he is up to on Christmas day.

38

Hopefully spending it with family. I’m in no hurry.

39

The files have to be saved in ANSI format.

When the OTL scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). Thank you.

40

Has the popup gone now ?

The logs appear OK