Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware on a slow computer?

Started by rvold7871 , May 27 2011 02:28 PM

  • This topic is locked This topic is locked

#1
rvold7871
Posted 27 May 2011 - 02:28 PM

rvold7871

    Member

  • Member
  • PipPipPip
  • 153 posts
Hi all. I believe my work computer is infected with what I think is a rootkit. Every three minutes or so, Malwarebytes claims it has "successfully blocked access to a potentially malicious website" and then leaves an IP address, some of which I have included. I have run a Malwarebytes scan which came up clean, a DDS scan (which I am unable to interpret), and an OTL file as seen below. Any help would be greatly appreciated!!!

Here is a small list of what Malwarebytes comes up with.

15:28:14 Nutrition City MESSAGE Protection started successfully
15:28:21 Nutrition City MESSAGE IP Protection started successfully
15:35:06 Nutrition City IP-BLOCK 89.28.5.194 (Type: outgoing)
15:38:01 Nutrition City IP-BLOCK 121.10.120.182 (Type: incoming)
15:38:11 Nutrition City IP-BLOCK 121.10.120.182 (Type: incoming)
15:38:16 Nutrition City IP-BLOCK 218.10.141.206 (Type: incoming)
15:39:12 Nutrition City IP-BLOCK 89.28.5.194 (Type: incoming)
15:48:45 Nutrition City IP-BLOCK 89.28.5.194 (Type: outgoing)
15:54:27 Nutrition City IP-BLOCK 89.28.97.165 (Type: incoming)
16:04:16 Nutrition City IP-BLOCK 91.212.124.137 (Type: outgoing)
16:14:49 Nutrition City IP-BLOCK 89.28.117.99 (Type: incoming)
16:21:01 Nutrition City IP-BLOCK 83.128.67.242 (Type: outgoing)
16:39:51 Nutrition City MESSAGE Protection started successfully
16:40:21 Nutrition City MESSAGE IP Protection started successfully
16:43:45 Nutrition City IP-BLOCK 89.28.114.213 (Type: outgoing)
16:53:10 Nutrition City IP-BLOCK 83.128.116.65 (Type: incoming)
17:14:16 Nutrition City IP-BLOCK 83.128.116.65 (Type: outgoing)
17:14:29 Nutrition City IP-BLOCK 85.234.172.253 (Type: outgoing)
17:30:09 (null) MESSAGE Protection started successfully
17:30:51 Nutrition City MESSAGE IP Protection started successfully
17:35:56 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)
17:41:50 Nutrition City IP-BLOCK 83.128.116.65 (Type: incoming)
17:58:48 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)
17:59:55 Nutrition City IP-BLOCK 121.10.120.182 (Type: incoming)
18:02:29 Nutrition City IP-BLOCK 220.248.164.230 (Type: outgoing)
18:03:40 Nutrition City IP-BLOCK 62.45.197.24 (Type: incoming)
18:17:17 Nutrition City IP-BLOCK 206.53.58.4 (Type: outgoing)
18:18:17 Nutrition City IP-BLOCK 219.152.137.191 (Type: outgoing)
18:21:46 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)
18:39:31 (null) MESSAGE Protection started successfully
18:40:15 Nutrition City MESSAGE IP Protection started successfully
18:41:42 Nutrition City IP-BLOCK 195.216.173.146 (Type: incoming)
18:44:48 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
18:54:08 Nutrition City IP-BLOCK 58.241.13.210 (Type: incoming)
18:55:24 Nutrition City IP-BLOCK 58.241.13.210 (Type: outgoing)
19:00:18 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
19:11:24 Nutrition City IP-BLOCK 58.241.13.210 (Type: outgoing)
19:16:31 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
19:25:10 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
19:25:15 Nutrition City IP-BLOCK 195.161.7.14 (Type: outgoing)
19:30:11 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
19:30:38 Nutrition City IP-BLOCK 222.173.162.34 (Type: incoming)
19:31:31 Nutrition City IP-BLOCK 91.188.34.73 (Type: incoming)
19:39:11 Nutrition City IP-BLOCK 89.28.68.74 (Type: outgoing)
19:40:09 Nutrition City IP-BLOCK 89.28.15.247 (Type: outgoing)
19:45:48 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
19:55:40 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
19:55:49 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
19:55:57 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
20:00:46 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:10:18 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)
20:16:11 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:16:21 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:24:42 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
20:25:52 Nutrition City IP-BLOCK 89.28.16.18 (Type: incoming)
20:30:16 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:30:28 Nutrition City IP-BLOCK 195.161.7.14 (Type: incoming)
20:40:54 Nutrition City IP-BLOCK 62.45.252.67 (Type: outgoing)
20:41:26 Nutrition City IP-BLOCK 222.65.89.230 (Type: outgoing)
20:45:59 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
20:46:07 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
20:54:34 Nutrition City IP-BLOCK 87.248.188.212 (Type: outgoing)
20:54:52 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
20:54:57 Nutrition City IP-BLOCK 195.161.7.14 (Type: outgoing)
21:09:39 Nutrition City IP-BLOCK 89.28.124.173 (Type: outgoing)
21:23:02 Nutrition City IP-BLOCK 195.161.7.14 (Type: outgoing)
21:23:10 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
21:23:22 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)
21:30:59 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
21:38:39 Nutrition City IP-BLOCK 212.117.179.53 (Type: outgoing)
21:46:33 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
21:54:14 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)
22:00:44 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:09:50 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
22:10:30 Nutrition City IP-BLOCK 58.240.147.170 (Type: outgoing)
22:14:44 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:14:52 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:24:27 Nutrition City IP-BLOCK 89.28.86.218 (Type: outgoing)
22:24:38 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
22:25:16 Nutrition City IP-BLOCK 188.130.176.49 (Type: outgoing)
22:29:05 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:39:31 Nutrition City IP-BLOCK 89.28.86.218 (Type: outgoing)
22:39:44 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
22:44:24 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:44:32 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:54:47 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
22:59:32 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
22:59:38 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:02:13 Nutrition City IP-BLOCK 58.241.13.210 (Type: incoming)
23:13:48 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:13:57 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:25:00 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
23:25:37 Nutrition City IP-BLOCK 222.69.130.90 (Type: outgoing)
23:25:47 Nutrition City IP-BLOCK 195.161.7.23 (Type: outgoing)
23:29:34 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:29:43 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:34:40 Nutrition City IP-BLOCK 89.28.16.226 (Type: incoming)
23:38:59 Nutrition City IP-BLOCK 58.241.13.210 (Type: outgoing)
23:39:33 Nutrition City IP-BLOCK 89.149.194.179 (Type: outgoing)
23:44:06 Nutrition City IP-BLOCK 195.24.78.75 (Type: incoming)
23:45:16 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:45:25 Nutrition City IP-BLOCK 195.161.25.14 (Type: incoming)
23:53:03 Nutrition City IP-BLOCK 195.161.25.14 (Type: outgoing)
23:53:15 Nutrition City IP-BLOCK 91.188.34.73 (Type: outgoing)


OTL logfile created on: 5/26/2011 5:48:46 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Nutrition City\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.37 Mb Total Physical Memory | 153.29 Mb Available Physical Memory | 15.10% Memory free
2.38 Gb Paging File | 1.73 Gb Available in Paging File | 72.46% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.60 Gb Total Space | 22.94 Gb Free Space | 45.33% Space Free | Partition Type: NTFS

Computer Name: NUTRITIONCITY | User Name: Nutrition City | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 17:48:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nutrition City\My Documents\Downloads\OTL.exe
PRC - [2011/05/21 18:21:19 | 000,551,800 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/27 15:01:24 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/08/27 14:59:38 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/03 17:06:00 | 000,188,416 | ---- | M] (SEIKO EPSON Corp.) -- C:\WINDOWS\system32\ESDUSBMon.exe
PRC - [2004/06/23 15:04:38 | 000,077,824 | ---- | M] (SEIKO EPSON Corp.) -- C:\WINDOWS\system32\EpStsSrv.exe
PRC - [2003/07/23 16:57:24 | 006,336,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Retail Management System\Store Operations\SOPOSUSER.exe
PRC - [2002/01/30 08:33:14 | 000,077,824 | ---- | M] () -- C:\Program Files\EPSON\ESM2\eEBSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 17:48:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nutrition City\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/08 13:42:07 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/08/27 14:59:38 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/08/27 14:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 07:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2008/11/06 14:57:32 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/06/23 15:04:38 | 000,077,824 | ---- | M] (SEIKO EPSON Corp.) [Auto | Running] -- C:\WINDOWS\System32\EpStsSrv.exe -- (EPSON ESCPOS Status Service)
SRV - [2002/01/30 08:33:14 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\EPSON\ESM2\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/26 17:28:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl1b814ff4.sys -- (MpKsl1b814ff4)
DRV - [2011/05/26 16:36:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl7432cfd4.sys -- (MpKsl7432cfd4)
DRV - [2011/05/25 18:14:33 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7695176-E9CC-4950-B637-6D479CE35B5A}\MpKsl4465fa6a.sys -- (MpKsl4465fa6a)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/08/12 00:11:27 | 000,177,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\XRNBO.sys -- (XRNBO)
DRV - [2010/02/24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/13 18:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/07 15:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/07/01 16:52:20 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/01 02:30:00 | 000,054,784 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EpsCe.sys -- (EpsCe)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 04:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 04:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 04:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 04:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/14 13:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/05/19 15:48:24 | 000,070,016 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/20 13:44:48 | 000,005,652 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/07/14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/05/11 19:11:02 | 000,099,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2004/04/28 10:03:08 | 000,328,448 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2003/07/23 16:57:51 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2003/07/23 16:57:41 | 000,020,032 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...-inc&channel=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.google.../?fr=yff35-sfp"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 18:46:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 20:14:29 | 000,000,000 | ---D | M]

[2008/10/05 16:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nutrition City\Application Data\Mozilla\Extensions
[2011/05/24 10:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nutrition City\Application Data\Mozilla\Firefox\Profiles\3f60xnqt.default\extensions
[2010/09/18 12:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nutrition City\Application Data\Mozilla\Firefox\Profiles\3f60xnqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/18 23:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nutrition City\Application Data\Mozilla\Firefox\Profiles\3f60xnqt.default\extensions\[email protected]
[2009/10/30 16:41:53 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\Nutrition City\Application Data\Mozilla\Firefox\Profiles\3f60xnqt.default\searchplugins\bing--google.xml
[2011/05/19 18:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 00:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/19 00:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2011/04/30 13:01:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
File not found (No name found) --
[2009/12/11 13:36:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\NUTRITION CITY\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NUTRITION CITY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3F60XNQT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\NUTRITION CITY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3F60XNQT.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2008/05/06 16:25:10 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/07 13:09:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: plentyoffish.com ([www] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://ncmpls.viewne...00/JpegInst.cab (pmjpegaudio Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1203400379750 (MUWebControl Class)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://ncmpls.viewne...om/MpegInst.cab (pmpeg4cam Class)
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} http://192.168.0.253/JpegInst.cab (pmjpegcam Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nutrition City\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nutrition City\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3197c4fe-94a8-11dc-92db-0014229ff624}\Shell - "" = AutoRun
O33 - MountPoints2\{3197c4fe-94a8-11dc-92db-0014229ff624}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3197c4fe-94a8-11dc-92db-0014229ff624}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cea31a1c-73e4-11df-9397-0014229ff624}\Shell\AutoRun\command - "" = E:\mi9al8rs.exe
O33 - MountPoints2\{cea31a1c-73e4-11df-9397-0014229ff624}\Shell\open\Command - "" = E:\mi9al8rs.exe
O33 - MountPoints2\{d155cb4c-9bc5-11dd-932a-0014229ff624}\Shell - "" = AutoRun
O33 - MountPoints2\{d155cb4c-9bc5-11dd-932a-0014229ff624}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d155cb4c-9bc5-11dd-932a-0014229ff624}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e624d808-d47e-11dd-9332-0014229ff624}\Shell - "" = AutoRun
O33 - MountPoints2\{e624d808-d47e-11dd-9332-0014229ff624}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e624d808-d47e-11dd-9332-0014229ff624}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (defrag_native) - C:\WINDOWS\System32\defrag_native.exe (UltraDefrag Development Team)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2011/05/26 15:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nutrition City\My Documents\Ryan
[2011/05/26 15:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/26 15:24:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/26 15:24:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/19 21:38:01 | 000,114,688 | ---- | C] (RICOH) -- C:\WINDOWS\System32\RicohMediadriverVer.dll
[2011/05/19 19:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nutrition City\Local Settings\Application Data\uTorrent
[2011/05/19 19:15:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nutrition City\Recent
[2011/05/19 15:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nutrition City\Local Settings\Application Data\VS Revo Group
[2011/05/19 15:27:16 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/05/19 15:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/05/19 15:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/05/19 03:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Best Uninstall Tool
[2011/05/19 03:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Best Uninstall Tool
[2011/05/19 00:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\ScottradeELITE
[2011/05/18 23:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/18 23:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nutrition City\WINDOWS
[2011/05/18 23:52:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2011/05/18 23:52:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/17 16:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/14 18:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/07 13:27:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER(2)
[2011/05/07 13:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client(2)
[2011/05/07 12:52:46 | 000,000,000 | ---D | C] -- C:\cmdcons
[2011/05/07 12:47:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/07 12:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nutrition City\My Documents\HP_WebRelease
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2011/05/26 17:34:37 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/05/26 17:33:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/26 17:30:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/26 17:30:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/26 17:28:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 17:28:24 | 1064,763,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 17:28:20 | 000,000,098 | ---- | M] () -- C:\fraglist.luar
[2011/05/26 15:40:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Nutrition City\defogger_reenable
[2011/05/26 15:24:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 18:12:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/05/21 18:26:33 | 000,012,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\D7B90406.bin
[2011/05/19 21:33:16 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Nutrition City\Desktop\Driver Genius Professional Edition.lnk
[2011/05/19 21:15:43 | 001,160,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/19 21:07:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/19 19:19:54 | 000,002,285 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/05/19 18:57:59 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/19 18:46:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Nutrition City\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/19 18:46:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/19 15:27:22 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/05/19 03:05:53 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/05/19 03:05:42 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Nutrition City\Desktop\Best Uninstall Tool.lnk
[2011/05/19 01:28:04 | 000,664,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/19 01:28:04 | 000,143,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/19 01:00:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/19 00:50:56 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/14 17:16:38 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Nutrition City\Local Settings\Application Data\housecall.guid.cache
[2011/05/07 13:09:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/26 17:28:20 | 000,000,098 | ---- | C] () -- C:\fraglist.luar
[2011/05/26 15:40:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Nutrition City\defogger_reenable
[2011/05/26 15:24:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 23:34:15 | 1064,763,392 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/19 21:01:19 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/19 19:17:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/19 19:02:53 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/19 18:46:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/19 15:27:22 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/05/19 03:05:53 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/05/19 03:05:42 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Nutrition City\Desktop\Best Uninstall Tool.lnk
[2011/05/14 17:16:38 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Nutrition City\Local Settings\Application Data\housecall.guid.cache
[2011/05/07 12:52:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/07 12:52:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/24 02:49:00 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a_gui.exe
[2010/09/24 02:49:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.exe
[2010/09/24 02:48:58 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2010/08/12 00:11:58 | 000,012,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\D7B90406.bin
[2010/08/12 00:11:26 | 000,177,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\XRNBO.sys
[2010/05/11 13:02:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PT27F.DLL
[2010/05/11 13:02:03 | 000,000,972 | ---- | C] () -- C:\WINDOWS\System32\PT27L.INI
[2010/01/26 15:26:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2009/09/28 15:24:17 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/05 17:11:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\mp4spvd.dll
[2008/10/05 16:16:39 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Nutrition City\Local Settings\Application Data\fusioncache.dat
[2008/08/27 11:14:13 | 000,102,006 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2008/08/27 11:14:13 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/12/26 11:49:40 | 000,001,138 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/11/26 06:32:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2007/11/26 06:28:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2007/11/26 06:28:58 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2007/11/26 06:28:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2007/11/26 06:28:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2007/11/17 13:19:30 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\EpsStmEW.DLL
[2007/11/17 13:19:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SharpImg.dll
[2007/10/02 10:08:30 | 000,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2007/10/02 10:08:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2007/10/02 10:08:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LxrUnplug.exe
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/01 16:52:20 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2007/07/01 16:51:43 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\QLSlksvr.dll
[2007/07/01 16:51:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\QLSimgsvr.dll
[2007/07/01 16:51:41 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\QLSPortMonitorInstaller.dll
[2007/07/01 16:51:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\QLSwinpt.dll
[2007/07/01 16:51:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\qlsbcchk.dll
[2007/07/01 16:51:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\QLSColorXForm.dll
[2007/07/01 16:51:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\QLSHASP.dll
[2007/07/01 16:51:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\QLSMacroWork.dll
[2007/07/01 16:51:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\QLSDataWriterMon.dll
[2007/07/01 16:51:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\QLSDataWriterMonUI.dll
[2007/07/01 16:51:40 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\qlsbc32.dll
[2007/07/01 16:51:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Astro32.dll
[2007/07/01 16:51:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\QLSbmger.dll
[2007/07/01 16:51:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\QLSbmfre.dll
[2007/07/01 16:51:40 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\QLScvger.dll
[2007/07/01 16:51:40 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\QLScvfre.dll
[2007/07/01 16:51:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\QLSadtxt.dll
[2007/07/01 16:51:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LKsvrger.dll
[2007/07/01 16:51:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LKsvrfre.dll
[2007/07/01 16:51:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dirport.dll
[2007/07/01 16:51:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AST32ger.dll
[2007/07/01 16:51:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AST32fre.dll
[2007/07/01 16:51:40 | 000,040,756 | ---- | C] () -- C:\WINDOWS\System32\QLSPM_LANG.DAT
[2007/07/01 16:51:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Q97comm.dll
[2007/07/01 16:51:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\QLSALFSvr.dll
[2007/07/01 16:51:40 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\QLSSV_LANG.DAT
[2007/07/01 16:51:40 | 000,005,451 | ---- | C] () -- C:\WINDOWS\System32\QLSDB_LANG.DAT
[2007/07/01 16:51:40 | 000,003,048 | ---- | C] () -- C:\WINDOWS\System32\QLSQU_LANG.DAT
[2007/03/11 15:39:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2007/03/11 15:39:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2007/01/22 23:55:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/01/13 06:28:59 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/01/13 03:25:12 | 000,091,648 | ---- | C] () -- C:\WINDOWS\gzip.exe
[2006/12/29 08:22:43 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2006/12/23 11:12:25 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/12 08:24:34 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/08/27 19:07:11 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/08/27 19:07:10 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/08/27 19:06:42 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/08/27 19:06:42 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/08/27 19:06:41 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/08/11 21:46:23 | 000,000,504 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/07/23 13:50:00 | 000,005,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2006/05/18 12:39:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\qllmk08O.dll
[2006/03/22 12:47:45 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/22 12:47:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\3ACE6F9E19.sys
[2006/03/16 16:44:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/16 16:31:17 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/16 16:30:08 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/03/16 16:23:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/16 16:21:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/16 16:18:07 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/03/16 15:53:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/03/16 15:52:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/06 01:00:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2005/07/06 01:00:26 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/07/06 01:00:26 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:07:24 | 000,004,349 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 001,160,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,664,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,143,252 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/11/19 17:36:30 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2003/11/19 17:36:26 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2003/07/23 16:57:53 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/03/11 15:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2006/10/15 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2006/10/15 20:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2006/08/11 21:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/10/12 08:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/12/14 17:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2006/10/15 20:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2009/09/17 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/19 19:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/08 13:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/10/12 08:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2006/03/16 16:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/08 13:40:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/12/14 16:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nutrition City\Application Data\.BitTornado
[2009/10/15 19:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nutrition City\Application Data\Chessmaster Challenge
[2009/06/10 03:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nutrition City\Application Data\GlarySoft
[2009/10/15 19:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nutrition City\Application Data\SpinTop
[2010/10/08 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nutrition City\Application Data\TuneUp Software
[2011/05/26 17:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nutrition City\Application Data\uTorrent
[2009/06/10 03:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nutrition City\Application Data\Windows Desktop Search
[2009/06/10 03:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nutrition City\Application Data\Windows Search
[2011/05/26 17:34:37 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/05/26 17:33:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\netware.drv:SummaryInformation
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP