Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help With Bloodhound Exploit.196 Removal

Started by aherr023 , Jul 27 2009 11:37 AM

  • Please log in to reply

#16
emeraldnzl
Posted 16 August 2009 - 10:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
No need.

Those ones so far are in Norton Symantec Quarantine. In other words Norton found them and quarantined them. Kaspersky is just picking up those ones that have already been dealt with. The question I guess is, was the infection just the Bloodhound exploit, and if so, did AVP also get the file that was generating it?

I would like you to try this:

Firstly delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download Combofix from either of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Check to see that Windows Defender is turned off.

How to turn Windows Defender on or off

Applies to all editions of Windows Vista.

1. Open Windows Defender by clicking the Start button , clicking All Programs, and then clicking Windows Defender.

2. Click Tools, and then click Options.

3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save.

Administrator permission required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.s

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for review.

Tell me if you have trouble running ComboFix.
  • 0

Advertisements

#17
aherr023
Posted 17 August 2009 - 11:06 PM

aherr023

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
it won't run on vista
  • 0

#18
emeraldnzl
Posted 17 August 2009 - 11:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
It won't be Vista stopping it unless it is a 64bit version.

If it's not a 64bit version (and you should know if it is) then it won't run because the malware or an anti-malware program such as anti-virus or firewall is preventing it.

Try this:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#19
aherr023
Posted 18 August 2009 - 09:55 PM

aherr023

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL logfile created on: 8/18/2009 11:49:34 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Adrian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 35.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.43 Gb Total Space | 140.89 Gb Free Space | 49.71% Space Free | Partition Type: NTFS
Drive D: | 14.66 Gb Total Space | 7.98 Gb Free Space | 54.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADRIAN-PC
Current User Name: Adrian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
PRC - C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)
PRC - C:\Program Files (x86)\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\DWHWizrd.exe (Symantec Corporation)
PRC - C:\Users\Adrian\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AgereModemAudio [Auto | Running]) -- C:\Windows\SysNative\agr64svc.exe ()
SRV:64bit: - (STacSV [Auto | Running]) -- C:\Windows\SysNative\STacSV64.exe ()
SRV:64bit: - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KeyIso [On_Demand | Running]) -- C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 09:34:14 | 00,000,000 | ---D | M]
SRV - (Netlogon [On_Demand | Stopped]) -- C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SmcService [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (b57nd60a [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys ()
DRV:64bit: - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (CmBatt [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys ()
DRV:64bit: - (COH_Mon [On_Demand | Stopped]) -- C:\Windows\SysNative\Drivers\COH_Mon.sys ()
DRV:64bit: - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV:64bit: - (iaStor [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (igfx [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (Lbd [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys ()
DRV:64bit: - (NETw3v64 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (NETw4v64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys ()
DRV:64bit: - (R300 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (RTSTOR [On_Demand | Running]) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS ()
DRV:64bit: - (sdbus [Disabled | Stopped]) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SRTSP [System | Running]) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS ()
DRV:64bit: - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS ()
DRV:64bit: - (SRTSPX [System | Running]) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS ()
DRV:64bit: - (STHDA [On_Demand | Running]) -- C:\Windows\SysNative\drivers\stwrt64.sys ()
DRV:64bit: - (SymEvent [On_Demand | Running]) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS ()
DRV:64bit: - (SynTP [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (Teefer2 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\teefer2.sys ()
DRV:64bit: - (USBAAPL64 [On_Demand | Stopped]) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (usbaudio [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV:64bit: - (usbvideo [On_Demand | Running]) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (UVCFTR [On_Demand | Running]) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS ()
DRV:64bit: - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (WPS [System | Running]) -- C:\Windows\SysNative\drivers\wpsdrvnt.sys ()
DRV:64bit: - (WpsHelper [On_Demand | Running]) -- C:\Windows\SysNative\drivers\WpsHelper.sys ()
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\Windows\SysWow64\drivers\COH_Mon.inf ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090818.016\ENG64.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090818.016\EX64.SYS (Symantec Corporation)
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\SysWow64\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (SRTSP [System | Running]) -- C:\Windows\SysWow64\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\SysWow64\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=M-6846
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=M-6846
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=M-6846

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=M-6846
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://lms.fiu.edu/...inFrame.dowebct
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://my.fiu.edu/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/10 14:40:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/08/18 12:55:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/08/18 12:55:05 | 00,000,000 | ---D | M]

[2008/06/20 15:00:36 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Extensions
[2008/06/20 15:00:36 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/18 00:13:44 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\ir3k8um0.default\extensions
[2009/07/14 17:37:44 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\ir3k8um0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/13 12:22:12 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\ir3k8um0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/08/18 00:13:44 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/08/18 12:55:05 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/14 18:15:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/15 13:32:10 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/31 17:42:06 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/18 12:54:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/18 12:54:39 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2008/11/06 12:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/08/18 12:54:53 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2009/03/19 12:06:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/08/18 12:55:00 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/18 12:55:00 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/18 12:55:00 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/18 12:55:00 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/08/18 12:55:00 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/18 12:55:00 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/18 12:55:00 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (721 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O4 - Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWow64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWow64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWow64\browseui.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 04:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{d0257e37-a5f4-11dd-8536-00e0b8e746f6}\Shell - "" = AutoRun
O33 - MountPoints2\{d0257e37-a5f4-11dd-8536-00e0b8e746f6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/18 23:47:05 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
[2009/08/18 10:40:52 | 00,038,698 | ---- | C] () -- C:\Users\Adrian\Desktop\zooey-deschanel-0g.jpg
[2009/08/18 10:40:10 | 00,103,029 | ---- | C] () -- C:\Users\Adrian\Desktop\1243630050-zooey-deschanel.jpg
[2009/08/18 01:06:13 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/08/18 01:06:12 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CF31570.exe
[2009/08/18 01:06:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/18 00:58:12 | 03,124,187 | R--- | C] () -- C:\Users\Adrian\Desktop\Combo-Fix.exe
[2009/08/16 13:33:45 | 02,560,000 | ---- | C] () -- C:\Users\Adrian\Desktop\infections pt 1.doc
[2009/08/15 13:16:55 | 42,849,32096 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/12 12:58:36 | 00,034,787 | ---- | C] () -- C:\Users\Adrian\Desktop\6013_1095415514579_1502310007_30251002_7224071_n.jpg
[2009/08/12 03:31:52 | 00,028,445 | ---- | C] () -- C:\Users\Adrian\Desktop\484deca0e949__1249816681000.jpeg
[2009/08/12 03:31:28 | 00,023,505 | ---- | C] () -- C:\Users\Adrian\Desktop\26fe08ab854e__1249816712000.jpeg
[2009/08/12 03:30:38 | 00,024,226 | ---- | C] () -- C:\Users\Adrian\Desktop\fc16139aad4c__1249816863000.jpeg
[2009/08/12 03:30:26 | 00,028,037 | ---- | C] () -- C:\Users\Adrian\Desktop\ffdef68513ff__1249816924000.jpeg
[2009/08/12 03:30:14 | 00,034,124 | ---- | C] () -- C:\Users\Adrian\Desktop\08f2c0cb20b0__1249817180000.jpeg
[2009/08/12 03:29:58 | 00,026,374 | ---- | C] () -- C:\Users\Adrian\Desktop\d29e993e3327__1249817515000.jpeg
[2009/08/12 03:29:28 | 00,037,181 | ---- | C] () -- C:\Users\Adrian\Desktop\c38aefbd4072__1249818181000.jpeg
[2009/08/12 03:29:10 | 00,044,237 | ---- | C] () -- C:\Users\Adrian\Desktop\497bc62028d1__1249818338000.jpeg
[2009/08/12 03:28:54 | 00,045,230 | ---- | C] () -- C:\Users\Adrian\Desktop\ec7a9b96ad4d__1249818818000.jpeg
[2009/08/12 03:28:37 | 00,045,147 | ---- | C] () -- C:\Users\Adrian\Desktop\e09cc38f911e__1249818862000.jpeg
[2009/08/12 03:28:22 | 00,055,020 | ---- | C] () -- C:\Users\Adrian\Desktop\f751c80afd49__1249818890000.jpeg
[2009/08/12 03:26:45 | 00,053,627 | ---- | C] () -- C:\Users\Adrian\Desktop\8ec6acad6467__1249818983000.jpeg
[2009/08/12 03:26:15 | 00,054,441 | ---- | C] () -- C:\Users\Adrian\Desktop\suckmahniggasdick.jpeg
[2009/08/11 21:44:14 | 02,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2009/08/11 21:44:13 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2009/08/11 21:43:25 | 00,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2009/08/11 21:43:25 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
[2009/08/11 21:43:21 | 00,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2009/08/11 21:43:16 | 00,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2009/08/11 21:43:16 | 00,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2009/08/11 21:43:16 | 00,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2009/08/11 21:43:15 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2009/08/11 21:43:02 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/08/11 21:42:55 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/08/11 21:42:54 | 00,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2009/08/11 21:42:54 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2009/08/11 21:42:52 | 00,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2009/08/11 21:42:52 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2009/08/11 21:42:51 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2009/08/11 21:42:51 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2009/08/11 21:42:51 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2009/08/11 21:42:51 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2009/08/11 21:42:50 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/08/11 21:42:49 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/08/11 21:42:49 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2009/08/11 21:42:49 | 00,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2009/08/11 21:42:49 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2009/08/11 21:42:49 | 00,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2009/08/04 04:23:17 | 01,504,396 | -H-- | C] () -- C:\Users\Adrian\AppData\Local\IconCache.db
[2009/08/03 13:16:30 | 00,000,000 | ---D | C] -- C:\ProgramData\is-EBJ3U
[2009/08/02 14:31:35 | 00,000,000 | ---D | C] -- C:\ProgramData\is-I9FEA
[2009/08/02 14:19:25 | 00,024,488 | ---- | C] () -- C:\Users\Adrian\Desktop\Need-Help-Bloodhound-Exploit-196-Removal-t246960.html&pid=1594703.htm
[2009/07/30 05:27:26 | 00,000,771 | ---- | C] () -- C:\Users\Adrian\Documents\My Sharing Folders.lnk
[2009/07/29 23:21:55 | 40,763,960 | ---- | C] ( ) -- C:\Users\Adrian\Desktop\setup_7.0.0.290_30.07.2009_05-19.exe
[2009/07/29 16:13:22 | 05,685,248 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/07/29 16:13:21 | 07,005,184 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/07/29 16:13:18 | 03,583,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/07/29 16:13:18 | 00,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/07/29 16:13:18 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/07/29 16:13:16 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/07/29 16:13:16 | 01,418,752 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/07/29 16:13:15 | 01,014,272 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/07/29 16:13:14 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/07/29 16:13:14 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/07/29 16:13:14 | 00,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/07/29 16:13:13 | 00,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/07/29 16:13:13 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/07/29 16:13:13 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/07/29 16:13:13 | 00,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/07/29 16:13:13 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/07/29 16:13:12 | 00,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2009/07/29 16:13:12 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2009/07/29 16:13:12 | 00,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2009/07/29 16:13:12 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2009/07/29 16:13:12 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/07/29 16:13:12 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/07/29 16:13:11 | 01,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2009/07/29 16:13:11 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2009/07/29 16:13:11 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2009/07/29 16:13:11 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009/07/29 16:13:11 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/07/29 16:13:11 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/07/29 16:13:10 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/07/29 16:13:10 | 01,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/07/29 15:57:52 | 75,670,5043 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/07/29 14:27:40 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CF17941.exe
[2009/07/29 14:26:25 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CF17552.exe
[2009/07/29 14:26:25 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\swsc.exe
[2009/07/29 14:26:25 | 00,008,704 | ---- | C] () -- C:\Windows\SysNative\drivers\PROCEXP90.SYS
[2009/07/29 14:25:34 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.execf
[2009/07/27 13:47:29 | 00,469,504 | ---- | C] ( ) -- C:\Users\Adrian\Desktop\RootRepeal.exe
[2009/07/23 14:41:06 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/07/23 14:22:56 | 00,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Malwarebytes
[2009/07/23 14:22:54 | 00,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/23 14:22:51 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/07/23 14:22:48 | 00,022,040 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/07/23 13:43:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/23 13:43:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/07/20 17:41:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2009/07/20 13:44:27 | 00,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\Downloaded Installations
[2008/06/22 20:04:24 | 00,744,188 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/03/21 07:14:25 | 01,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/03/21 07:14:25 | 01,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/03/21 07:14:25 | 00,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/10/12 23:20:06 | 00,151,417 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:34:27 | 00,000,169 | ---- | C] () -- C:\Windows\win.ini

========== Files - Modified Within 30 Days ==========

[2009/08/18 23:47:14 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
[2009/08/18 22:32:41 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/18 22:32:40 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/18 10:40:52 | 00,038,698 | ---- | M] () -- C:\Users\Adrian\Desktop\zooey-deschanel-0g.jpg
[2009/08/18 10:40:10 | 00,103,029 | ---- | M] () -- C:\Users\Adrian\Desktop\1243630050-zooey-deschanel.jpg
[2009/08/18 09:52:18 | 00,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/18 01:06:12 | 00,008,704 | ---- | M] () -- C:\Windows\SysNative\drivers\PROCEXP90.SYS
[2009/08/18 01:06:06 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.execf
[2009/08/18 01:06:06 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CF31570.exe
[2009/08/18 01:00:01 | 03,124,187 | R--- | M] () -- C:\Users\Adrian\Desktop\Combo-Fix.exe
[2009/08/17 14:01:32 | 00,009,728 | ---- | M] () -- C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 02:38:04 | 00,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/08/16 13:33:46 | 02,560,000 | ---- | M] () -- C:\Users\Adrian\Desktop\infections pt 1.doc
[2009/08/16 12:39:41 | 00,789,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/08/16 12:39:41 | 00,663,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/08/16 12:39:41 | 00,129,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/08/16 12:34:25 | 00,000,169 | ---- | M] () -- C:\Windows\win.ini
[2009/08/16 12:32:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/16 12:32:42 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/16 12:32:33 | 42,849,32096 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/16 05:17:44 | 01,504,396 | -H-- | M] () -- C:\Users\Adrian\AppData\Local\IconCache.db
[2009/08/12 12:58:37 | 00,034,787 | ---- | M] () -- C:\Users\Adrian\Desktop\6013_1095415514579_1502310007_30251002_7224071_n.jpg
[2009/08/12 03:31:53 | 00,028,445 | ---- | M] () -- C:\Users\Adrian\Desktop\484deca0e949__1249816681000.jpeg
[2009/08/12 03:31:28 | 00,023,505 | ---- | M] () -- C:\Users\Adrian\Desktop\26fe08ab854e__1249816712000.jpeg
[2009/08/12 03:30:38 | 00,024,226 | ---- | M] () -- C:\Users\Adrian\Desktop\fc16139aad4c__1249816863000.jpeg
[2009/08/12 03:30:27 | 00,028,037 | ---- | M] () -- C:\Users\Adrian\Desktop\ffdef68513ff__1249816924000.jpeg
[2009/08/12 03:30:14 | 00,034,124 | ---- | M] () -- C:\Users\Adrian\Desktop\08f2c0cb20b0__1249817180000.jpeg
[2009/08/12 03:29:58 | 00,026,374 | ---- | M] () -- C:\Users\Adrian\Desktop\d29e993e3327__1249817515000.jpeg
[2009/08/12 03:29:28 | 00,037,181 | ---- | M] () -- C:\Users\Adrian\Desktop\c38aefbd4072__1249818181000.jpeg
[2009/08/12 03:29:10 | 00,044,237 | ---- | M] () -- C:\Users\Adrian\Desktop\497bc62028d1__1249818338000.jpeg
[2009/08/12 03:28:54 | 00,045,230 | ---- | M] () -- C:\Users\Adrian\Desktop\ec7a9b96ad4d__1249818818000.jpeg
[2009/08/12 03:28:38 | 00,045,147 | ---- | M] () -- C:\Users\Adrian\Desktop\e09cc38f911e__1249818862000.jpeg
[2009/08/12 03:28:22 | 00,055,020 | ---- | M] () -- C:\Users\Adrian\Desktop\f751c80afd49__1249818890000.jpeg
[2009/08/12 03:26:45 | 00,053,627 | ---- | M] () -- C:\Users\Adrian\Desktop\8ec6acad6467__1249818983000.jpeg
[2009/08/12 03:26:15 | 00,054,441 | ---- | M] () -- C:\Users\Adrian\Desktop\suckmahniggasdick.jpeg
[2009/08/02 14:19:26 | 00,024,488 | ---- | M] () -- C:\Users\Adrian\Desktop\Need-Help-Bloodhound-Exploit-196-Removal-t246960.html&pid=1594703.htm
[2009/07/30 05:27:26 | 00,000,771 | ---- | M] () -- C:\Users\Adrian\Documents\My Sharing Folders.lnk
[2009/07/29 23:43:18 | 40,763,960 | ---- | M] ( ) -- C:\Users\Adrian\Desktop\setup_7.0.0.290_30.07.2009_05-19.exe
[2009/07/29 21:20:46 | 26,162,632 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/07/29 15:59:21 | 75,670,5043 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/29 14:27:34 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CF17941.exe
[2009/07/29 14:25:35 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CF17552.exe
[2009/07/23 14:22:54 | 00,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== LOP Check ==========

[2009/07/23 14:22:56 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming
[2008/06/20 14:11:36 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\acccore
[2009/08/18 23:52:14 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\BitTorrent
[2008/08/28 10:55:52 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\CiscoCAA
[2009/01/06 11:00:29 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\desksware
[2008/12/11 16:25:33 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Deusty
[2009/08/18 23:49:25 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DNA
[2008/11/02 18:19:55 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Download Manager
[2006/11/02 11:07:25 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Media Center Programs
[2008/11/18 18:16:29 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\OpenOffice.org
[2008/06/22 15:04:16 | 00,000,000 | RH-D | M] -- C:\Users\Adrian\AppData\Roaming\SecuROM
[2008/10/21 18:07:32 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Template
[2008/06/21 14:00:35 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\WildTangent
[2009/08/18 09:52:18 | 00,000,496 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/08/16 12:32:54 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/16 05:21:44 | 00,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0

#20
aherr023
Posted 18 August 2009 - 09:56 PM

aherr023

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL Extras logfile created on: 8/18/2009 11:49:34 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Adrian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 35.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.43 Gb Total Space | 140.89 Gb Free Space | 49.71% Space Free | Partition Type: NTFS
Drive D: | 14.66 Gb Total Space | 7.98 Gb Free Space | 54.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADRIAN-PC
Current User Name: Adrian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0479696D-30BF-438F-B98C-AD218A9535AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1247232C-FF47-4181-8FFB-C61B4C094718}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D3581CA-EB24-4C97-9896-776E5F919DA3}" = lport=139 | protocol=6 | dir=in | app=system |
"{29D0044C-9FB6-4EC3-9C03-8ED6339609E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2F5742C5-DCF0-4DDF-8BC6-188D2C402F35}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3798452C-3B1E-4E09-B305-AB17265B25AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{387C9D5F-A0D6-4502-8EA2-EE39F51F716F}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B6E0414-D6B4-44CE-9B7E-6406E36AB210}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5DA7320C-0C64-4F90-A293-BA3FA99CC880}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F1E49EA-55FB-4F06-9209-201C01B552A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{87836190-912E-42B6-AD3B-0438D3CF0D8F}" = rport=138 | protocol=17 | dir=out | app=system |
"{9943998B-EBB9-4A4E-9F01-ECE6285B54A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9F512E0C-74F3-43CB-855C-F27EA0AC58FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A324CF29-8037-42F0-B61E-DCF2EABF02A1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB67A738-F3C2-4A82-8B82-A0ED58DFA059}" = rport=137 | protocol=17 | dir=out | app=system |
"{BFFEDE74-1E0B-435C-923E-AD7685BD0C85}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1DF4218-F4BA-4B88-B718-469741E78EDD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9B0D8A0-7126-4522-AABD-754830B08D7D}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE73B143-55C3-43DC-8BDC-1629D5F3AC9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EC46AC60-10FB-402B-9CA4-ABA45D6A61D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074A8D2-CFA5-41DF-A13A-A990110D1894}" = protocol=1 | dir=in | [email protected],-28543 |
"{00C44A72-13C8-44DE-9E94-499A2A7A6AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{17380AC6-8F8F-47FE-8DB8-699BB7AAE961}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{1CAD56D3-3A9E-44C1-9D1D-F36408162F99}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{22DAEFB4-6C16-4A85-96A3-0C8D3C1C2E83}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{26BC6B17-172E-4EAA-A4AA-CA4D156DE5DF}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{2889ED86-1B5B-4F36-8D1A-8A32BCBC430C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{29C6B870-C0C0-4036-90D6-04219CA1F980}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{31DAE3E3-8209-4926-A040-9E681CEABB54}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3511CA60-F53D-494C-88AE-F4E8C9A382BC}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{35C887D0-CB76-494D-98EB-EBF40C62FF22}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{37DCB309-84B4-4867-BD61-6F7EF78AB0E4}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{39320140-39AF-4402-A9F9-10359B11DF87}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{462D950C-B04A-4773-B005-5030C63735FA}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{50A0051D-79FB-4298-8CBE-2E322401A9AA}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{564633E2-D464-4AC3-AFEF-024DE6EBDDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{5E5A6C88-2753-47E7-BDAD-53ED1DB2BCE4}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{603E3ED4-F323-4747-A234-A2A7FE19D2E7}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{646A9FFE-2275-4EBC-9C75-63A2EBA70147}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{6FE3D19D-414C-42F7-9F9F-8E66E5C75DB7}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{76699617-0D9D-4537-8C05-4C0B6372D334}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{7BB7B9C0-4AA1-41BD-9E8C-56B0EE3A591F}" = protocol=58 | dir=in | [email protected],-28545 |
"{82BEDFB8-1F64-4B26-860A-7795904B5977}" = protocol=58 | dir=out | [email protected],-28546 |
"{87218F71-6641-42B6-9EA2-229A18CFBFC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{89D35EFB-F6AD-4DFC-8602-277DA317A440}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9DD356B8-03B8-43DF-AEEE-0794840AE1E5}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{AB5CC9E8-5F2B-4E20-B82D-AD50EC3DFB4A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AB6AB647-021E-458C-A9D0-42FFB4B63C73}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{BA61782C-1E35-479E-BE5B-687FCFA6D9D8}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{BFAE3B95-5219-4875-8123-FDEA4E92C1DA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{C49FF5D0-F588-4C61-9E03-F31CE0F1F816}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{C5094723-2BC9-4AE4-95F1-D03A52AAD776}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C854E4F4-FE64-4EAF-8CA9-08D352473A75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9FD4981-06B8-4BAC-97AC-5D129A2BE7BD}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{CBD46D6D-B3B2-4982-BEE0-D19973A76852}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{CDB4E20C-1376-4294-A904-920082486CAF}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{D4859F64-B2DE-467B-9616-8E6CA080594F}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D9D75732-13F6-4FA6-8C37-475813905A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{E6BAEA37-4B06-42DA-844C-5AF59AC95EE2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{EF6667E0-7AD7-4C2F-9F29-713357A4B71B}" = protocol=1 | dir=out | [email protected],-28544 |
"{F2C8A93A-75DA-4A17-96A1-2A4A57522588}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"TCP Query User{3DE7EEE2-2704-45A6-9B1B-39AABC615EB1}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{BD9736AB-1B33-47F4-BA49-8F6123138F57}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"UDP Query User{419769B4-D5C8-4D25-AAAE-411B0EB172BF}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"UDP Query User{43F1B91C-FE43-42A5-A134-5465CB3064D6}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{200CD93B-AE9B-4780-A5BE-F32027257DD7}" = Apple Mobile Device Support
"{411B5FE1-049B-439D-8F41-DDC24494A2FD}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{AEEE3540-F708-453C-910E-0CE78AF433CA}" = Symantec Endpoint Protection
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{09FC2D20-3BFD-4A8E-A239-682539AAB2FF}" = TigerLogic ChunkIt!-Firefox XPI
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24A55F97-AA44-4EDB-BEA1-CD51441B2AD4}" = Mojo
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"OpenAL" = OpenAL
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent gateway Master Uninstall" = Gateway Games
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2009 9:53:10 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH119B.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 8/18/2009 9:53:11 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH119B.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 8/18/2009 9:53:14 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH1591.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 8/18/2009 9:53:15 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH1591.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 8/18/2009 9:53:18 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH18EB.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 8/18/2009 9:53:16 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH18EB.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 8/18/2009 9:53:19 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH1B5B.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 8/18/2009 9:53:21 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH1B5B.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 8/18/2009 9:53:24 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH1E67.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 8/18/2009 9:53:25 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\Users\Adrian\AppData\Local\Temp\DWH1E67.tmp
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

[ Media Center Events ]
Error - 8/28/2008 12:23:26 PM | Computer Name = Adrian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/3/2009 2:00:21 AM | Computer Name = Adrian-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/21/2009 8:11:48 PM | Computer Name = Adrian-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 8/1/2009 12:49:43 AM | Computer Name = Adrian-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 8/15/2009 1:30:58 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/15/2009 8:57:48 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/16/2009 5:19:06 AM | Computer Name = Adrian-PC | Source = HTTP | ID = 15016
Description =

Error - 8/16/2009 5:19:19 AM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/16/2009 12:32:54 PM | Computer Name = Adrian-PC | Source = HTTP | ID = 15016
Description =

Error - 8/16/2009 12:33:06 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/16/2009 3:57:36 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/17/2009 3:45:38 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/18/2009 6:11:04 AM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/18/2009 7:49:58 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7031
Description =


< End of report >
  • 0

#21
emeraldnzl
Posted 18 August 2009 - 10:43 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Aha it is a 64bit version of Vista. :)

Now

Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

Next

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#22
aherr023
Posted 20 August 2009 - 09:56 AM

aherr023

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
here's the log. symantec is still finding the virus like mad

Malwarebytes' Anti-Malware 1.40
Database version: 2664
Windows 6.0.6001 Service Pack 1

8/20/2009 11:51:33 AM
mbam-log-2009-08-20 (11-51-33).txt

Scan type: Quick Scan
Objects scanned: 101504
Time elapsed: 1 hour(s), 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#23
emeraldnzl
Posted 20 August 2009 - 01:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello aherr023,

There are a number of pictures showing in your logs. Several downloaded on the 12th of August. These can be added by malware or alternatively you may have put them there yourself. I have scheduled them for removal under :Files below but if you put them there yourself do not include them in the fix.

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes

:OTL
O33 - MountPoints2\{d0257e37-a5f4-11dd-8536-00e0b8e746f6}\Shell - "" = AutoRun
O33 - MountPoints2\{d0257e37-a5f4-11dd-8536-00e0b8e746f6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

:Files
C:\Users\Adrian\Desktop\6013_1095415514579_1502310007_30251002_7224071_n.jpg
C:\Users\Adrian\Desktop\484deca0e949__1249816681000.jpeg
C:\Users\Adrian\Desktop\26fe08ab854e__1249816712000.jpeg
C:\Users\Adrian\Desktop\fc16139aad4c__1249816863000.jpeg
C:\Users\Adrian\Desktop\ffdef68513ff__1249816924000.jpeg
C:\Users\Adrian\Desktop\08f2c0cb20b0__1249817180000.jpeg
C:\Users\Adrian\Desktop\d29e993e3327__1249817515000.jpeg
C:\Users\Adrian\Desktop\c38aefbd4072__1249818181000.jpeg
C:\Users\Adrian\Desktop\497bc62028d1__1249818338000.jpeg
C:\Users\Adrian\Desktop\ec7a9b96ad4d__1249818818000.jpeg
C:\Users\Adrian\Desktop\e09cc38f911e__1249818862000.jpeg
C:\Users\Adrian\Desktop\f751c80afd49__1249818890000.jpeg
C:\Users\Adrian\Desktop\8ec6acad6467__1249818983000.jpeg
C:\Users\Adrian\Desktop\suckmahniggasdick.jpeg

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

By the way you can delete items in Norton Symantec quarantine if you wish. Kaspersky AVP may have got rid them but for you information this is what you do.

How to delete a quarantined file if it is not needed:
  • Open the Symantec AntiVirus console.
  • To view the Quarantine list, open the View menu, and select Quarantine.
  • If there are any items present in the Quarantine list, select them and press the Delete button below the list. This will delete the infected file(s) from your computer.
  • When you are finished, close Symantec Endpoint Protection and reboot your computer.

Now

As mentioned earlier the question is, did Kaspersky AVP get the root of the infection or was there something more that needs to be dealt with?

Not a great deal showing up in that MBAM log.

How is your computer now? Are you still getting those alerts from Norton?
  • 0

#24
aherr023
Posted 27 August 2009 - 02:40 PM

aherr023

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
when i try to pull up the quarantine symantec stops responding and shuts down. those pictures were not the problem, ran the fix but i'm still getting heavy amounts of the virus
  • 0

#25
emeraldnzl
Posted 27 August 2009 - 03:20 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello aherr023,
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Now

  • Download OTL to your desktop. This is a new version.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

Advertisements

#26
aherr023
Posted 29 August 2009 - 11:41 AM

aherr023

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL logfile created on: 8/29/2009 1:18:16 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Adrian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.35% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.43 Gb Total Space | 145.00 Gb Free Space | 51.16% Space Free | Partition Type: NTFS
Drive D: | 14.66 Gb Total Space | 7.98 Gb Free Space | 54.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADRIAN-PC
Current User Name: Adrian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe ()
PRC - C:\Program Files (x86)\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Users\Adrian\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AgereModemAudio [Auto | Running]) -- C:\Windows\SysNative\agr64svc.exe ()
SRV:64bit: - (STacSV [Auto | Running]) -- C:\Windows\SysNative\STacSV64.exe ()
SRV:64bit: - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KeyIso [On_Demand | Running]) -- C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 09:34:14 | 00,000,000 | ---D | M]
SRV - (Netlogon [On_Demand | Stopped]) -- C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SmcService [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (b57nd60a [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys ()
DRV:64bit: - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (CmBatt [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys ()
DRV:64bit: - (COH_Mon [On_Demand | Stopped]) -- C:\Windows\SysNative\Drivers\COH_Mon.sys ()
DRV:64bit: - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV:64bit: - (iaStor [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (igfx [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (Lbd [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys ()
DRV:64bit: - (NETw3v64 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (NETw4v64 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys ()
DRV:64bit: - (R300 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (RTSTOR [On_Demand | Running]) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS ()
DRV:64bit: - (sdbus [Disabled | Stopped]) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SRTSP [System | Running]) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS ()
DRV:64bit: - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS ()
DRV:64bit: - (SRTSPX [System | Running]) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS ()
DRV:64bit: - (STHDA [On_Demand | Running]) -- C:\Windows\SysNative\drivers\stwrt64.sys ()
DRV:64bit: - (SymEvent [On_Demand | Running]) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS ()
DRV:64bit: - (SynTP [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (Teefer2 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\teefer2.sys ()
DRV:64bit: - (USBAAPL64 [On_Demand | Stopped]) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (usbaudio [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV:64bit: - (usbvideo [On_Demand | Running]) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()
DRV:64bit: - (UVCFTR [On_Demand | Running]) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS ()
DRV:64bit: - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (WPS [System | Running]) -- C:\Windows\SysNative\drivers\wpsdrvnt.sys ()
DRV:64bit: - (WpsHelper [On_Demand | Running]) -- C:\Windows\SysNative\drivers\WpsHelper.sys ()
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\Windows\SysWow64\drivers\COH_Mon.inf ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090829.007\ENG64.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090829.007\EX64.SYS (Symantec Corporation)
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\SysWow64\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (SRTSP [System | Running]) -- C:\Windows\SysWow64\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\SysWow64\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\SysWow64\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=M-6846
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=M-6846
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=M-6846

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=M-6846
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://lms.fiu.edu/...inFrame.dowebct
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://my.fiu.edu/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/10 14:40:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/08/18 12:55:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/08/20 10:34:59 | 00,000,000 | ---D | M]

[2008/06/20 15:00:36 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Extensions
[2008/06/20 15:00:36 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/29 13:08:54 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\ir3k8um0.default\extensions
[2009/07/14 17:37:44 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\ir3k8um0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/13 12:22:12 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\ir3k8um0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/08/29 13:08:54 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/08/18 12:55:05 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/14 18:15:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/15 13:32:10 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/31 17:42:06 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/18 12:54:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/18 12:54:39 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2008/11/06 12:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/08/18 12:54:53 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2009/03/19 12:06:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/19 12:06:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/18 12:55:00 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/18 12:55:00 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/18 12:55:00 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/18 12:55:00 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/08/18 12:55:00 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/18 12:55:00 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/18 12:55:00 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (721 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 04:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/29 13:16:37 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
[2009/08/26 03:01:45 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2009/08/26 03:01:45 | 00,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009/08/26 01:49:07 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2009/08/26 01:49:07 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2009/08/26 01:49:06 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2009/08/26 01:49:06 | 04,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/08/23 06:11:26 | 00,011,976 | ---- | C] () -- C:\Users\Adrian\Desktop\oldie.odt
[2009/08/21 13:19:53 | 00,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2009/08/21 13:19:52 | 01,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2009/08/21 13:19:52 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/08/21 13:19:51 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kerberos.dll
[2009/08/21 13:19:51 | 00,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2009/08/21 13:19:49 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/08/21 13:19:49 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll
[2009/08/21 13:19:48 | 00,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2009/08/21 13:19:47 | 00,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2009/08/21 13:19:45 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schannel.dll
[2009/08/21 13:19:44 | 00,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2009/08/21 13:19:44 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll
[2009/08/21 13:19:44 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2009/08/20 12:05:02 | 00,000,000 | ---D | C] -- C:\Users\Adrian\Documents\guitar
[2009/08/20 03:01:43 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2009/08/20 03:01:43 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2009/08/20 03:01:42 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2009/08/20 03:01:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/08/18 01:06:13 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/08/18 01:06:12 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CF31570.exe
[2009/08/15 13:16:55 | 42,849,32096 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/11 21:44:14 | 02,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2009/08/11 21:44:13 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2009/08/11 21:43:25 | 00,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2009/08/11 21:43:25 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
[2009/08/11 21:43:21 | 00,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2009/08/11 21:43:16 | 00,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2009/08/11 21:43:16 | 00,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2009/08/11 21:43:16 | 00,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2009/08/11 21:43:15 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2009/08/11 21:43:02 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/08/11 21:42:55 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/08/11 21:42:54 | 00,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2009/08/11 21:42:54 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2009/08/11 21:42:52 | 00,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2009/08/11 21:42:52 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2009/08/11 21:42:51 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2009/08/11 21:42:51 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2009/08/11 21:42:51 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2009/08/11 21:42:51 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2009/08/11 21:42:50 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/08/11 21:42:49 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/08/11 21:42:49 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2009/08/11 21:42:49 | 00,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2009/08/11 21:42:49 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2009/08/11 21:42:49 | 00,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2009/08/04 04:23:17 | 03,158,427 | -H-- | C] () -- C:\Users\Adrian\AppData\Local\IconCache.db
[2009/08/03 13:16:30 | 00,000,000 | ---D | C] -- C:\ProgramData\is-EBJ3U
[2009/08/02 14:31:35 | 00,000,000 | ---D | C] -- C:\ProgramData\is-I9FEA
[2009/07/14 17:15:00 | 00,178,432 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/06/22 20:04:24 | 00,744,188 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/03/21 07:14:25 | 01,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/03/21 07:14:25 | 01,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/03/21 07:14:25 | 00,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:34:27 | 00,000,169 | ---- | C] () -- C:\Windows\win.ini

========== Files - Modified Within 30 Days ==========

[2009/08/29 13:19:26 | 00,789,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/08/29 13:19:26 | 00,663,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/08/29 13:19:26 | 00,129,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/08/29 13:16:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Desktop\OTL.exe
[2009/08/29 13:13:21 | 00,000,169 | ---- | M] () -- C:\Windows\win.ini
[2009/08/29 13:11:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/29 13:11:34 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/29 13:11:34 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/29 13:11:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/29 13:11:17 | 42,849,32096 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/27 17:38:37 | 03,158,427 | -H-- | M] () -- C:\Users\Adrian\AppData\Local\IconCache.db
[2009/08/26 17:18:48 | 00,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/08/24 09:52:20 | 00,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/23 06:11:27 | 00,011,976 | ---- | M] () -- C:\Users\Adrian\Desktop\oldie.odt
[2009/08/18 01:06:12 | 00,008,704 | ---- | M] () -- C:\Windows\SysNative\drivers\PROCEXP90.SYS
[2009/08/18 01:06:06 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.execf
[2009/08/18 01:06:06 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CF31570.exe
[2009/08/17 14:01:32 | 00,009,728 | ---- | M] () -- C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/08/03 13:36:08 | 00,022,040 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

========== LOP Check ==========

[2009/07/23 14:22:56 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming
[2008/06/20 14:11:36 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\acccore
[2009/08/27 14:00:52 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\BitTorrent
[2008/08/28 10:55:52 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\CiscoCAA
[2009/01/06 11:00:29 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\desksware
[2008/12/11 16:25:33 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Deusty
[2009/08/29 13:12:20 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DNA
[2008/11/02 18:19:55 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Download Manager
[2006/11/02 11:07:25 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Media Center Programs
[2008/11/18 18:16:29 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\OpenOffice.org
[2008/06/22 15:04:16 | 00,000,000 | RH-D | M] -- C:\Users\Adrian\AppData\Roaming\SecuROM
[2008/10/21 18:07:32 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Template
[2008/06/21 14:00:35 | 00,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\WildTangent
[2009/08/24 09:52:20 | 00,000,496 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/08/29 13:11:39 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/29 13:09:25 | 00,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0

#27
aherr023
Posted 29 August 2009 - 11:43 AM

aherr023

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL Extras logfile created on: 8/29/2009 1:18:16 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Adrian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.35% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.43 Gb Total Space | 145.00 Gb Free Space | 51.16% Space Free | Partition Type: NTFS
Drive D: | 14.66 Gb Total Space | 7.98 Gb Free Space | 54.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADRIAN-PC
Current User Name: Adrian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\SysNative\ieframe.DLL ()
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0479696D-30BF-438F-B98C-AD218A9535AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1247232C-FF47-4181-8FFB-C61B4C094718}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D3581CA-EB24-4C97-9896-776E5F919DA3}" = lport=139 | protocol=6 | dir=in | app=system |
"{29D0044C-9FB6-4EC3-9C03-8ED6339609E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2F5742C5-DCF0-4DDF-8BC6-188D2C402F35}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3798452C-3B1E-4E09-B305-AB17265B25AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{387C9D5F-A0D6-4502-8EA2-EE39F51F716F}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B6E0414-D6B4-44CE-9B7E-6406E36AB210}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5DA7320C-0C64-4F90-A293-BA3FA99CC880}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F1E49EA-55FB-4F06-9209-201C01B552A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{87836190-912E-42B6-AD3B-0438D3CF0D8F}" = rport=138 | protocol=17 | dir=out | app=system |
"{9943998B-EBB9-4A4E-9F01-ECE6285B54A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9F512E0C-74F3-43CB-855C-F27EA0AC58FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A324CF29-8037-42F0-B61E-DCF2EABF02A1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB67A738-F3C2-4A82-8B82-A0ED58DFA059}" = rport=137 | protocol=17 | dir=out | app=system |
"{BFFEDE74-1E0B-435C-923E-AD7685BD0C85}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1DF4218-F4BA-4B88-B718-469741E78EDD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9B0D8A0-7126-4522-AABD-754830B08D7D}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE73B143-55C3-43DC-8BDC-1629D5F3AC9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EC46AC60-10FB-402B-9CA4-ABA45D6A61D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074A8D2-CFA5-41DF-A13A-A990110D1894}" = protocol=1 | dir=in | [email protected],-28543 |
"{00C44A72-13C8-44DE-9E94-499A2A7A6AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{17380AC6-8F8F-47FE-8DB8-699BB7AAE961}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{1CAD56D3-3A9E-44C1-9D1D-F36408162F99}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{22DAEFB4-6C16-4A85-96A3-0C8D3C1C2E83}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{26BC6B17-172E-4EAA-A4AA-CA4D156DE5DF}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{2889ED86-1B5B-4F36-8D1A-8A32BCBC430C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{29C6B870-C0C0-4036-90D6-04219CA1F980}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{31DAE3E3-8209-4926-A040-9E681CEABB54}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3511CA60-F53D-494C-88AE-F4E8C9A382BC}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{35C887D0-CB76-494D-98EB-EBF40C62FF22}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{37DCB309-84B4-4867-BD61-6F7EF78AB0E4}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{39320140-39AF-4402-A9F9-10359B11DF87}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{462D950C-B04A-4773-B005-5030C63735FA}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{50A0051D-79FB-4298-8CBE-2E322401A9AA}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{564633E2-D464-4AC3-AFEF-024DE6EBDDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{5E5A6C88-2753-47E7-BDAD-53ED1DB2BCE4}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{603E3ED4-F323-4747-A234-A2A7FE19D2E7}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{646A9FFE-2275-4EBC-9C75-63A2EBA70147}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{6FE3D19D-414C-42F7-9F9F-8E66E5C75DB7}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{76699617-0D9D-4537-8C05-4C0B6372D334}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{7BB7B9C0-4AA1-41BD-9E8C-56B0EE3A591F}" = protocol=58 | dir=in | [email protected],-28545 |
"{82BEDFB8-1F64-4B26-860A-7795904B5977}" = protocol=58 | dir=out | [email protected],-28546 |
"{87218F71-6641-42B6-9EA2-229A18CFBFC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{89D35EFB-F6AD-4DFC-8602-277DA317A440}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9DD356B8-03B8-43DF-AEEE-0794840AE1E5}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{AB5CC9E8-5F2B-4E20-B82D-AD50EC3DFB4A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AB6AB647-021E-458C-A9D0-42FFB4B63C73}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{BA61782C-1E35-479E-BE5B-687FCFA6D9D8}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{BFAE3B95-5219-4875-8123-FDEA4E92C1DA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{C49FF5D0-F588-4C61-9E03-F31CE0F1F816}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{C5094723-2BC9-4AE4-95F1-D03A52AAD776}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C854E4F4-FE64-4EAF-8CA9-08D352473A75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9FD4981-06B8-4BAC-97AC-5D129A2BE7BD}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{CBD46D6D-B3B2-4982-BEE0-D19973A76852}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{CDB4E20C-1376-4294-A904-920082486CAF}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{D4859F64-B2DE-467B-9616-8E6CA080594F}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D9D75732-13F6-4FA6-8C37-475813905A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{E6BAEA37-4B06-42DA-844C-5AF59AC95EE2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{EF6667E0-7AD7-4C2F-9F29-713357A4B71B}" = protocol=1 | dir=out | [email protected],-28544 |
"{F2C8A93A-75DA-4A17-96A1-2A4A57522588}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"TCP Query User{3DE7EEE2-2704-45A6-9B1B-39AABC615EB1}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{BD9736AB-1B33-47F4-BA49-8F6123138F57}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"UDP Query User{419769B4-D5C8-4D25-AAAE-411B0EB172BF}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"UDP Query User{43F1B91C-FE43-42A5-A134-5465CB3064D6}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{200CD93B-AE9B-4780-A5BE-F32027257DD7}" = Apple Mobile Device Support
"{411B5FE1-049B-439D-8F41-DDC24494A2FD}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{AEEE3540-F708-453C-910E-0CE78AF433CA}" = Symantec Endpoint Protection
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{09FC2D20-3BFD-4A8E-A239-682539AAB2FF}" = TigerLogic ChunkIt!-Firefox XPI
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24A55F97-AA44-4EDB-BEA1-CD51441B2AD4}" = Mojo
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"OpenAL" = OpenAL
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"WildTangent gateway Master Uninstall" = Gateway Games
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2009 4:38:47 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQC257.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 8/27/2009 4:38:47 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQC43C.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 8/27/2009 4:38:48 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQC43C.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 8/27/2009 4:38:48 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9256.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 8/27/2009 4:38:48 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9256.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 8/27/2009 4:38:49 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9469.tmp
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 8/27/2009 4:38:49 PM | Computer Name = Adrian-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.Exploit.196 in File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9469.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 8/28/2009 11:35:14 AM | Computer Name = Adrian-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/29/2009 12:48:42 PM | Computer Name = Adrian-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/29/2009 1:11:53 PM | Computer Name = Adrian-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 8/28/2008 12:23:26 PM | Computer Name = Adrian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/3/2009 2:00:21 AM | Computer Name = Adrian-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/21/2009 8:11:48 PM | Computer Name = Adrian-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 8/1/2009 12:49:43 AM | Computer Name = Adrian-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 8/28/2009 11:35:06 AM | Computer Name = Adrian-PC | Source = HTTP | ID = 15016
Description =

Error - 8/28/2009 11:35:14 AM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/28/2009 11:39:40 AM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/29/2009 12:48:36 PM | Computer Name = Adrian-PC | Source = HTTP | ID = 15016
Description =

Error - 8/29/2009 12:48:42 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/29/2009 12:54:40 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/29/2009 12:55:11 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/29/2009 12:57:16 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/29/2009 1:11:40 PM | Computer Name = Adrian-PC | Source = HTTP | ID = 15016
Description =

Error - 8/29/2009 1:11:53 PM | Computer Name = Adrian-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#28
emeraldnzl
Posted 29 August 2009 - 03:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello aherr023,

Question: Is your Norton anti-virus out of date?

If so I will recommend a couple of good free programs you can choose from.

Now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes

:OTL
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
:Services

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP