Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Got a Virus will not run any programs or open exe files [Solved]

Started by robinsontb21 , May 27 2010 10:33 PM

This topic is locked

#1
robinsontb21

Posted 27 May 2010 - 10:33 PM

Member

Member
24 posts

Hello I got a virus or malware and it will not allow me to open or run any virus program or open exe files including OTL.exe please helps thanks

#2
robinsontb21

Posted 27 May 2010 - 10:35 PM

Member

Topic Starter
Member
24 posts

keep getting a fake security warning and pop ups asking me to purchase fake security software

#3
robinsontb21

Posted 27 May 2010 - 10:53 PM

Member

Topic Starter
Member
24 posts

can not run exe helper either

#4
robinsontb21

Posted 27 May 2010 - 10:56 PM

Member

Topic Starter
Member
24 posts

Can not open it but here is my exehelper text log

Attached Files

exehelperlog.txt 52bytes 152 downloads

#5
robinsontb21

Posted 28 May 2010 - 07:33 AM

Member

Topic Starter
Member
24 posts

please some one help me????

#6
robinsontb21

Posted 28 May 2010 - 10:42 AM

Member

Topic Starter
Member
24 posts

Was able to run my enet virus protection but it says no virus found and the problem still persist. I have an icon in my quick launch for some bogus security software and everytime I try to open a program like malwarebytes or exe file it closes it and get security pop ups some one please help I need my computer ASAP and cant do anything till it's fixed thank you

#7
robinsontb21

Posted 29 May 2010 - 06:51 PM

Member

Topic Starter
Member
24 posts

OTL EXE Text File:

OTL logfile created on: 5/29/2010 8:37:26 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Adam Robinson\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 19.11 Gb Free Space | 27.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJXLCK91
Current User Name: Adam Robinson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/29 18:49:26 | 000,099,584 | ---- | M] (eSXi) -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe
PRC - [2010/05/28 00:31:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam Robinson\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/06 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/11/12 17:33:36 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/05/05 00:32:12 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 06:44:20 | 006,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
PRC - [2007/08/30 10:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/09/30 10:51:24 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
PRC - [2005/09/08 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/10 10:12:14 | 000,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/05/28 00:31:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam Robinson\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/10 11:36:24 | 000,233,472 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/11/16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)

========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/16 10:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/11/16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/04/07 15:33:08 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/04/07 15:33:08 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/17 23:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/14 19:04:24 | 000,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/28 22:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 05:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 07:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2002/06/30 23:30:16 | 000,095,232 | R--- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ubVeo532.sys -- (DCamUSBVeo532)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {DE2EB073-84DF-46aa-9A76-7B54C75366FA}:1.1
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 18:24:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/20 15:45:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/12/07 23:02:05 | 000,000,000 | ---D | M]

[2010/05/13 00:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Extensions
[2010/05/13 00:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Extensions\[email protected]
[2010/05/28 00:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions
[2007/02/22 20:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{051ce736-d132-4374-9d36-eb192ef3110c}
[2007/10/21 17:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{13407856-f9ea-4536-bd03-70fb56d5d0cd}
[2009/09/02 21:29:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/21 17:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{34c409b0-936e-11db-b606-0800200c9a66}
[2009/10/31 15:31:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/20 19:10:50 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2008/02/10 19:13:39 | 000,000,000 | ---D | M] (RedSoxfox) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{8110DDD0-A510-11DB-AFC3-767255D89593}
[2007/10/21 17:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{a83be38c-7731-4a6d-9059-4864a7fd55c8}
[2008/02/10 19:13:38 | 000,000,000 | ---D | M] (KC Chiefs Theme) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{ac0620f0-8f75-11db-b606-0800200c9a66}
[2007/10/21 17:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{b31ac1df-926d-44b1-aeeb-8c732e0b9b1e}
[2010/01/26 04:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\{DE2EB073-84DF-46aa-9A76-7B54C75366FA}
[2009/03/27 14:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\extensions\moveplayer@movenetworks(2).com
[2009/08/26 21:30:54 | 000,004,212 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\searchplugins\aim-search.xml
[2008/12/11 13:12:22 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\searchplugins\conduit.xml
[2010/04/02 19:28:57 | 000,005,511 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Application Data\Mozilla\Firefox\Profiles\bxuwy0i1.default\searchplugins\food-network-recipes.xml
[2010/05/28 00:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 15:46:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/20 15:45:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2008/11/25 04:10:17 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/04/16 20:25:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [asam] C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe (eSXi)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [asam] C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe (eSXi)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Adam Robinson\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ebates.com ([www] * in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 06:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPEG - C:\WINDOWS\System32\JPEGCODE.DLL (Zoran Microelectronics Ltd.)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\JPEGCODE.DLL (Zoran Microelectronics Ltd.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/29 18:53:02 | 000,000,000 | ---D | C] -- C:\43fa1245e02a53e835d4b88f
[2010/05/29 18:50:28 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe
[2010/05/29 18:49:23 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\syssvc.exe
[2010/05/28 01:44:04 | 000,000,000 | ---D | C] -- C:\3c9c326763a75bff0b347447f3
[2010/05/28 01:44:01 | 000,000,000 | ---D | C] -- C:\1d9c0be6c1c7aadb8a4813d7e7b5
[2010/05/28 01:43:58 | 000,000,000 | ---D | C] -- C:\095e7bb09506cabafdf3
[2010/05/28 00:57:41 | 000,000,000 | ---D | C] -- C:\c604713f52de80a37f3f96181c392c
[2010/05/28 00:30:20 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam Robinson\Desktop\OTL.exe
[2010/05/27 23:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\refsjqylh
[2010/05/19 03:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Robinson\Application Data\Research In Motion
[2010/05/19 03:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/19 03:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/05/19 03:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/05/18 23:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Robinson\Desktop\Bar Harbor 5-16-10
[2010/05/15 02:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\WinZip
[2010/05/15 02:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/05/15 02:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/05/13 00:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/05/13 00:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Robinson\Application Data\uTorrent
[2010/05/13 00:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Robinson\My Documents\LimeWire
[2010/05/13 00:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Robinson\Application Data\LimeWire
[2010/05/13 00:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/05/03 19:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/05/03 19:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/05/03 19:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/05/02 23:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/20 16:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/04/20 15:58:31 | 000,212,992 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranDefrag.dll
[2010/04/20 15:58:30 | 000,229,376 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranDC.exe
[2010/04/20 15:58:30 | 000,108,544 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranDefragBT.exe
[2010/04/20 15:58:29 | 000,233,472 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranDefragS.exe
[2010/04/20 15:58:28 | 001,114,112 | ---- | C] (Puran Software) -- C:\WINDOWS\System32\PuranFD.exe
[2010/04/20 15:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2010/04/20 15:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/20 15:46:19 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adam Robinson\Desktop\TFC.exe
[2010/04/20 15:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/19 14:32:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/16 20:08:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/15 19:20:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Adam Robinson\IECompatCache
[2010/04/15 19:17:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Adam Robinson\PrivacIE
[2010/04/15 19:15:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Adam Robinson\IETldCache
[2010/04/15 19:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/15 19:09:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/15 18:43:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/15 18:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/15 00:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Total Immersion
[2010/04/11 16:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/04/01 18:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/01 18:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/01 18:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/24 19:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/03/08 13:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/07 15:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real

========== Files - Modified Within 90 Days ==========

[2010/05/29 20:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/29 19:54:54 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2D3F7BEF-E97F-4067-B62E-ACA974D94C48}.job
[2010/05/29 19:01:12 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/29 18:59:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/29 18:59:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/29 18:58:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/29 18:57:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/29 18:57:42 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/29 18:57:17 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\ntuser.dat
[2010/05/29 18:57:12 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Adam Robinson\ntuser.ini
[2010/05/29 18:54:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 18:50:59 | 000,000,025 | ---- | M] () -- C:\WINDOWS\herjek.config
[2010/05/29 18:49:26 | 000,099,584 | ---- | M] (eSXi) -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\syssvc.exe
[2010/05/29 18:49:26 | 000,099,584 | ---- | M] (eSXi) -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe
[2010/05/28 00:51:46 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\exeHelper.com
[2010/05/28 00:48:56 | 003,700,374 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\ComboFix.exe
[2010/05/28 00:31:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam Robinson\Desktop\OTL.exe
[2010/05/28 00:27:01 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System32\npd6.d
[2010/05/28 00:18:28 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 19:03:09 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/22 19:31:03 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/05/22 19:31:03 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/05/19 03:16:58 | 001,022,052 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\My Documents\LoaderBackup-(2010-05-19).ipd
[2010/05/16 01:44:13 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\DivX Movies.lnk
[2010/05/16 01:43:55 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/16 01:42:55 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/16 01:32:00 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\Microsoft Office FrontPage 2003.lnk
[2010/05/16 00:35:13 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/05/15 02:47:04 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/05/15 02:47:04 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/05/14 19:09:59 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/13 15:39:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/13 00:23:18 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/05/13 00:22:28 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\LimeWire 5.5.8.lnk
[2010/05/12 00:12:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 19:27:37 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/20 16:09:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\SpywareBlaster.lnk
[2010/04/20 15:58:31 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\Puran Defrag.lnk
[2010/04/20 15:46:42 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam Robinson\Desktop\TFC.exe
[2010/04/20 15:22:15 | 000,111,080 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/20 15:21:16 | 000,369,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/16 20:25:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/16 20:25:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/15 18:43:32 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/01 18:24:05 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/22 15:00:16 | 000,012,819 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\highwire_globalcategories.csv
[2010/03/22 15:00:13 | 000,007,237 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\bulkexport.csv
[2010/03/22 14:31:27 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\Adam Robinson\Desktop\template.csv
[2010/03/15 07:25:34 | 000,481,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/15 07:25:33 | 000,086,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/15 07:25:32 | 000,578,686 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/08 13:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/05 21:36:02 | 000,089,032 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/05 21:14:04 | 000,001,160 | ---- | M] () -- C:\WINDOWS\win.ini

========== Files Created - No Company Name ==========

[2010/05/29 18:54:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 18:50:59 | 000,000,025 | ---- | C] () -- C:\WINDOWS\herjek.config
[2010/05/28 00:51:42 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Desktop\exeHelper.com
[2010/05/28 00:46:37 | 003,700,374 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Desktop\ComboFix.exe
[2010/05/22 19:31:03 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/05/22 19:31:03 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/05/19 03:16:58 | 001,022,052 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\My Documents\LoaderBackup-(2010-05-19).ipd
[2010/05/19 03:14:33 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/05/16 01:43:55 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/16 01:42:55 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/15 02:47:04 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/05/15 02:47:04 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/05/13 00:46:19 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/05/13 00:23:18 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/05/13 00:22:28 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Desktop\LimeWire 5.5.8.lnk
[2010/05/03 19:27:32 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/04/20 16:09:09 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Desktop\SpywareBlaster.lnk
[2010/04/20 15:58:37 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\npd6.d
[2010/04/20 15:58:31 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Desktop\Puran Defrag.lnk
[2010/04/15 18:43:31 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/15 18:43:26 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/11 16:33:45 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/01 18:29:10 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/01 18:24:05 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/24 19:39:32 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Desktop\DivX Movies.lnk
[2010/03/22 15:00:16 | 000,012,819 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Desktop\highwire_globalcategories.csv
[2010/03/22 15:00:13 | 000,007,237 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Desktop\bulkexport.csv
[2010/03/22 14:31:27 | 000,002,472 | ---- | C] () -- C:\Documents and Settings\Adam Robinson\Desktop\template.csv
[2009/05/28 23:18:06 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/02/17 19:18:36 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/02/17 19:18:36 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/02/17 19:18:35 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/02/17 19:18:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/02/17 19:18:31 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/02/17 19:18:23 | 000,581,632 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/17 10:59:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/22 21:00:42 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/14 22:20:05 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2007/01/14 19:36:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/12/04 20:20:43 | 000,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/06/24 16:43:20 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\B8774A724F.sys
[2006/05/16 00:11:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/05/04 12:50:57 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2006/05/04 12:49:55 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2006/05/04 12:49:55 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2006/05/04 12:49:55 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2006/05/04 12:49:55 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2006/05/04 12:49:55 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2006/05/04 12:49:54 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2006/05/04 12:49:53 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2006/05/04 12:49:53 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2006/05/04 12:49:51 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2006/05/04 12:49:51 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2006/05/04 12:49:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2006/05/04 12:49:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2006/05/04 12:49:46 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2006/05/04 12:49:46 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2006/05/04 12:49:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2006/05/04 12:49:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2006/05/04 12:49:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2006/04/18 04:08:15 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\Veo532ut.dll
[2006/04/05 09:34:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/03/12 21:30:04 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\4F724A77B8.sys
[2006/03/02 13:35:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/01 15:58:19 | 000,000,070 | ---- | C] () -- C:\WINDOWS\8CD1C4B0.ini
[2006/03/01 15:53:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/26 15:43:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/26 15:40:27 | 000,000,722 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/26 15:06:12 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/01 12:53:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 11:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/08/26 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\acccore
[2009/03/27 15:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Aim
[2009/01/04 08:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Atari
[2010/01/18 14:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Dealio
[2010/05/29 20:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\DNA
[2008/05/01 11:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\eBay
[2009/09/17 16:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\GetRightToGo
[2006/06/09 18:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Kazaa Lite
[2006/03/01 16:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Leadertech
[2010/01/26 02:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Likno
[2010/05/29 19:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\LimeWire
[2008/06/15 00:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Listing & Factory 2008
[2009/03/27 12:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\MSNInstaller
[2010/05/19 03:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Research In Motion
[2010/01/18 14:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Search Settings
[2007/01/14 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Ulead Systems
[2010/05/29 19:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\uTorrent
[2007/11/01 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Viewpoint
[2009/04/03 15:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Windows Desktop Search
[2009/10/16 01:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Windows Search
[2006/03/01 15:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Robinson\Application Data\Zero Knowledge
[2009/08/26 21:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/10/27 20:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2007/10/27 21:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/05/28 23:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/06/15 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/12/12 01:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2006/03/09 16:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
[2008/03/08 14:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2006/06/12 14:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa
[2006/05/11 23:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/03/14 01:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/05/19 03:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/02/24 17:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/01/11 01:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/05/28 23:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/05/29 18:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/05 01:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/10/30 22:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/17 02:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2008/06/19 01:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/05/15 02:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/03/01 15:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zero Knowledge
[2010/05/29 19:01:12 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/05/29 19:54:54 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2D3F7BEF-E97F-4067-B62E-ACA974D94C48}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/03/01 15:25:49 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/04/15 18:43:32 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/03/28 19:50:07 | 000,000,127 | ---- | M] () -- C:\CountCyclesWMVDecLog.txt
[2007/04/14 18:32:47 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2006/02/26 15:09:48 | 000,006,317 | RH-- | M] () -- C:\dell.sdr
[2010/04/14 13:16:13 | 000,001,332 | ---- | M] () -- C:\dlcj.log
[2010/05/03 19:28:02 | 000,027,321 | ---- | M] () -- C:\dlcjscan.log
[2010/05/29 18:57:42 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2006/04/18 03:29:02 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/03/27 11:50:41 | 000,001,622 | ---- | M] () -- C:\InstallHelper.log
[2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/08/26 21:30:37 | 000,003,726 | -H-- | M] () -- C:\IPH.PH
[2009/01/04 07:56:05 | 000,000,244 | ---- | M] () -- C:\ituninst.bat
[2007/05/05 22:23:07 | 000,000,958 | ---- | M] () -- C:\log.txt
[2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/31 23:23:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/07/09 18:09:23 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2010/05/29 18:57:40 | 2621,440,000 | -HS- | M] () -- C:\pagefile.sys
[2006/05/04 12:59:38 | 000,000,172 | ---- | M] () -- C:\setupfax.log
[2006/02/26 15:32:10 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2007/10/31 00:14:35 | 000,023,542 | ---- | M] () -- C:\VETlog.dmp
[2007/10/31 00:14:35 | 000,002,056 | ---- | M] () -- C:\VETlog.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 06:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 06:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 06:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65B37BC1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#8
robinsontb21

Posted 29 May 2010 - 06:52 PM

Member

Topic Starter
Member
24 posts

Extras Text File:

OTL Extras logfile created on: 5/29/2010 8:37:26 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Adam Robinson\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 19.11 Gb Free Space | 27.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJXLCK91
Current User Name: Adam Robinson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\K-Lite\kazaa.core" = C:\Program Files\K-Lite\kazaa.core:*:Enabled:Kazaa -- (Sharman Networks)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"c:\documents and settings\adam robinson\local settings\application data\asam.exe" = c:\documents and settings\adam robinson\local settings\application data\asam.exe:*:Enabled:enable -- (eSXi)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A9741D4-AAD3-40E5-B451-5882D92EA037}" = DSC3000 Drivers
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{439800C9-FD42-4EA3-94D2-063DF0926873}" = Match-Up!
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{93487BEC-C9B1-4928-AFEC-80D024D83A62}" = Seo Blog Submitter Demo
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"3D Windows XP" = 3D Windows XP Screen Saver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"Amazing Windows XP Screen Saver_is1" = Amazing Windows XP Screen Saver 1.2
"AnarkClient" = Anark Client 1.0
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DSC3000(Documents)" = DSC3000(Documents)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESET Online Scanner" = ESET Online Scanner v3
"GameSpy 3D" = GameSpy 3D
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PROR" = Microsoft Office Professional 2007 Trial
"PROSet" = Intel® PRO Network Connections Drivers
"Puran Defrag_is1" = Puran Defrag 7.0
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.3
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Weather Channel Screensaver" = The Weather Channel Screensaver
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/26/2009 12:27:41 AM | Computer Name = DJXLCK91 | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
mso9.dll, version 9.0.0.2720, fault address 0x0000faf8.

Error - 9/26/2009 12:27:48 AM | Computer Name = DJXLCK91 | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
mso9.dll, version 9.0.0.2720, fault address 0x0000faf8.

Error - 10/7/2009 9:52:44 PM | Computer Name = DJXLCK91 | Source = Application Hang | ID = 1002
Description = Hanging application FRONTPG.EXE, version 11.0.8164.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2009 9:53:00 PM | Computer Name = DJXLCK91 | Source = Application Hang | ID = 1002
Description = Hanging application FRONTPG.EXE, version 11.0.8164.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/29/2010 6:56:41 PM | Computer Name = DJXLCK91 | Source = Service Control Manager | ID = 7034
Description = The QBCFMonitorService service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/29/2010 6:56:41 PM | Computer Name = DJXLCK91 | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/29/2010 6:56:42 PM | Computer Name = DJXLCK91 | Source = Service Control Manager | ID = 7034
Description = The dlcj_device service terminated unexpectedly. It has done this
1 time(s).

Error - 5/29/2010 6:56:42 PM | Computer Name = DJXLCK91 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/29/2010 6:56:42 PM | Computer Name = DJXLCK91 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/29/2010 7:02:42 PM | Computer Name = DJXLCK91 | Source = DCOM | ID = 10010
Description = The server {1434DD3D-0AF6-41E0-BB71-8C86010D9AF5} did not register
with DCOM within the required timeout.

Error - 5/29/2010 7:03:13 PM | Computer Name = DJXLCK91 | Source = DCOM | ID = 10010
Description = The server {1434DD3D-0AF6-41E0-BB71-8C86010D9AF5} did not register
with DCOM within the required timeout.

Error - 5/29/2010 7:31:45 PM | Computer Name = DJXLCK91 | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 5/29/2010 8:37:55 PM | Computer Name = DJXLCK91 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/29/2010 8:37:56 PM | Computer Name = DJXLCK91 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >

#9
RPMcMurphy

Posted 29 May 2010 - 08:08 PM

Trusted Helper

Malware Removal
930 posts

Hello robinsontb21 and welcome to Geeks to Go! I’ll be happy to look over your log and help you with your issues. It will be very helpful if you follow these guidelines:

Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please follow my instructions carefully and in the order they are posted.
Any colored text in my posts indicates a clickable link.
You should print any instructions I give you for ease of use and reference.
If you have any questions at all, please stop and ask before proceeding.

You are infected with a trojan know to sometimes have backdoor properties. Backdoor Trojans are very dangerous because they use advanced techniques (backdoors) to steal sensitive information which they send back to the hacker. All passwords should be changed immediately using a different computer and, if necessary, banking and credit card institutions should be notified of the possible security breach.

Posted Image

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

http://download.blee...inler/rkill.exe
http://download.blee...inler/rkill.com
http://download.blee...inler/rkill.scr
http://download.blee...inler/rkill.pif

Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try to run GMER (instructions below).

Posted Image

Download GMER Rootkit Scanner from here to your desktop.

Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you have trouble running GEMR:

Make sure that your security software is disabled
Uncheck the box next to "Files" this time also
If you still can't run it, try in the Safe Mode

Please include the following in your next post:

GMER log

#10
robinsontb21

Posted 29 May 2010 - 09:25 PM

Member

Topic Starter
Member
24 posts

Was able to get the rkill file to run now just waiting for gmer to run takes forever to finish on my computer. Was able to finally be malwarebytes to run and it found and hopefully eliminated 9 known items

#11
robinsontb21

Posted 30 May 2010 - 01:58 PM

Member

Topic Starter
Member
24 posts

GMER Text File:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-30 15:09:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADAMRO~1\LOCALS~1\Temp\pfloapob.sys

---- System - GMER 1.0.15 ----

SSDT 8A012580 ZwAssignProcessToJobObject
SSDT 8A013100 ZwDebugActiveProcess
SSDT 8A012B30 ZwDuplicateObject
SSDT 8A011CC0 ZwOpenProcess
SSDT 8A011FC0 ZwOpenThread
SSDT 8A0129C0 ZwProtectVirtualMemory
SSDT 8A012860 ZwSetContextThread
SSDT 8A0126E0 ZwSetInformationThread
SSDT 8A00F700 ZwSetSecurityObject
SSDT 8A012420 ZwSuspendProcess
SSDT 8A0122C0 ZwSuspendThread
SSDT 8A011E50 ZwTerminateProcess
SSDT 8A012150 ZwTerminateThread
SSDT 8A012F50 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F09360, 0x32DEFD, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xBA453760]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1172] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2036] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \FileSystem\Fastfat \Fat A9F76D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#12
robinsontb21

Posted 30 May 2010 - 01:59 PM

Member

Topic Starter
Member
24 posts

Malwarebytes text file:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4155

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/30/2010 2:35:42 AM
mbam-log-2010-05-30 (02-35-42).txt

Scan type: Quick scan
Objects scanned: 146102
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asam (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.

#13
RPMcMurphy

Posted 30 May 2010 - 02:13 PM

Trusted Helper

Malware Removal
930 posts

Hello,

MBAM looks like it got most of it. Please run these now:

Posted Image

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
PRC - [2010/05/29 18:49:26 | 000,099,584 | ---- | M] (eSXi) -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O4 - HKLM..\Run: [asam] C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe (eSXi)
O4 - HKCU..\Run: [asam] C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe (eSXi)
[2010/05/29 18:53:02 | 000,000,000 | ---D | C] -- C:\43fa1245e02a53e835d4b88f
[2010/05/29 18:50:28 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe
[2010/05/29 18:49:23 | 000,099,584 | ---- | C] (eSXi) -- C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\syssvc.exe
[2010/05/29 18:50:59 | 000,000,025 | ---- | M] () -- C:\WINDOWS\herjek.config
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

:Commands
[EmptyFlash]
[EmptyTemp]
[Purity]

Then click the Run Fix button at the top
Let the program run unhindered, it will reboot when it is done and produce a log

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:dir
C:\3c9c326763a75bff0b347447f3
C:\1d9c0be6c1c7aadb8a4813d7e7b5
C:\095e7bb09506cabafdf3
C:\c604713f52de80a37f3f96181c392c
C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\refsjqylh

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please include the following in your next post:

OTL Fix log

SystemLook log

#14
robinsontb21

Posted 30 May 2010 - 06:08 PM

Member

Topic Starter
Member
24 posts

OTL Fix Log:

All processes killed
========== OTL ==========
No active process named asam.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\asam not found.
File C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\asam not found.
File C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe not found.
C:\43fa1245e02a53e835d4b88f folder moved successfully.
File C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\asam.exe not found.
File C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\syssvc.exe not found.
File C:\WINDOWS\herjek.config not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Adam Robinson
->Flash cache emptied: 3381 bytes

User: Administrator

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Adam Robinson
->Temp folder emptied: 357108 bytes
->Temporary Internet Files folder emptied: 1671108 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87930264 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 2968 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1093460 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 87.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05302010_200107

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15
robinsontb21

Posted 30 May 2010 - 06:09 PM

Member

Topic Starter
Member
24 posts

System Look File Log:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:07 on 30/05/2010 by Adam Robinson (Administrator - Elevation successful)

========== dir ==========

C:\3c9c326763a75bff0b347447f3 - Parameters: "(none)"

---Files---
mrtstub.exe --a--- 57800 bytes [01:30 02/03/2010] [01:30 02/03/2010]

---Folders---
None found.

C:\1d9c0be6c1c7aadb8a4813d7e7b5 - Parameters: "(none)"

---Files---
mrt.exe --a--- 31648712 bytes [05:44 28/05/2010] [05:44 28/05/2010]
mrtstub.exe --a--- 57800 bytes [01:30 02/03/2010] [01:30 02/03/2010]

---Folders---
None found.

C:\095e7bb09506cabafdf3 - Parameters: "(none)"

---Files---
mrtstub.exe --a--- 57800 bytes [01:30 02/03/2010] [01:30 02/03/2010]

---Folders---
None found.

C:\c604713f52de80a37f3f96181c392c - Parameters: "(none)"

---Files---
mrtstub.exe --a--- 57800 bytes [01:30 02/03/2010] [01:30 02/03/2010]

---Folders---
None found.

C:\Documents and Settings\Adam Robinson\Local Settings\Application Data\refsjqylh - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-=End Of File=-