tmcclure

ive read it and thank you for your help. everything is great

My computer has been running fine other than the ip blocks.... even those are remedied now i believe... the only ip blocks i have recieved since yesterday have been intentional tests.... Although there is anouther computer connected to my router, which may not be so clean, could that affect this computer?

all keygens.... kinda freaked me out... C:\Users\Big T\Documents\Vuze Downloads\Bejeweled_2_Deluxe-popcapgames\Bejeweled2Setup-en.exe Win32/TrojanDownloader.VB.ONX trojan deleted - quarantined C:\Users\Big T\Downloads\Apps\Adobe.rar probably a variant of Win32/Agent trojan deleted - quarantined C:\Users\Big T\Downloads\Games\Portable Elf Bowling 7 17 The Last Insult[g3n].exe probably a variant of Win32/Agent trojan deleted - quarantined C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T].rar multiple threats deleted - quarantined C:\Users\Big T\Downloads\Vuze\VST & VSTi Plugins\VSTi\Rob Papen Predator 1.1.0 VSTi\Rob Papen Predator 1.1.0 (Keygen).exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T]\[ - VSTi - ]\FXpansion.Guru.v1.5.12.VSTi.RTAS.Incl.KeyGen-NGEN\KeyGen\nGen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T]\[ - VSTi - ]\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T]\[ - VSTi - ]\Novation.V-Station.VSTi.v1.5.incl.Keygen-AiR\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T]\[ - VSTi - ]\Spectralhead.Audio.Silverbox.VSTi.v1.0.incl.Keygen-AiR\Keygen.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined

about 20 = 30 every hour

I believe the last fix helped a lot.. there have been only 1 attempt since my restart 30 mins ago thats down from about 22:06:55 Big T MESSAGE IP Protection stopped 22:06:56 Big T MESSAGE IP Protection started successfully 22:35:59 Big T IP-BLOCK 121.9.45.20 ------------------------------------------------------------------------------------------------------------------------------------------------------ Here is the report All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Big T ->Temp folder emptied: 209989820 bytes ->Temporary Internet Files folder emptied: 29834345 bytes ->Java cache emptied: 81316061 bytes ->FireFox cache emptied: 103160160 bytes ->Flash cache emptied: 76956 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mcx1-BIGT-COM ->Temp folder emptied: 516 bytes ->Temporary Internet Files folder emptied: 119524 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 62601872 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes RecycleBin emptied: 1465541166 bytes Total Files Cleaned = 1,862.00 mb OTL by OldTimer - Version 3.2.7.0 log created on 07052010_215913 Files\Folders moved on Reboot... C:\Users\Big T\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...

yes my firewall is on. i also reset my router when you asked.

i have microsoft security essentials... idk why it didnt show... anyway, i am still having that problem... here is the protection log from the past 30 minutes 00:04:19 Big T IP-BLOCK 95.143.192.30 00:04:19 Big T IP-BLOCK 95.143.193.5 00:04:27 Big T IP-BLOCK 94.96.15.208 00:04:59 Big T IP-BLOCK 95.143.193.5 00:05:07 Big T IP-BLOCK 95.143.192.30 00:06:11 Big T IP-BLOCK 83.233.165.43 00:06:11 Big T IP-BLOCK 95.143.192.240 00:06:19 Big T IP-BLOCK 95.143.192.30 00:06:19 Big T IP-BLOCK 95.143.193.5 00:06:27 Big T IP-BLOCK 94.96.175.36 00:06:43 Big T IP-BLOCK 67.212.69.254 00:06:59 Big T IP-BLOCK 67.212.69.254 00:07:07 Big T IP-BLOCK 89.28.108.160 00:07:15 Big T IP-BLOCK 95.211.10.39 00:07:55 Big T IP-BLOCK 95.143.192.30 00:08:11 Big T IP-BLOCK 208.73.210.28 00:08:20 Big T IP-BLOCK 85.159.232.28 00:09:08 Big T IP-BLOCK 94.228.210.47 00:09:08 Big T IP-BLOCK 94.228.210.41 00:09:08 Big T IP-BLOCK 94.228.210.41 00:09:08 Big T IP-BLOCK 94.228.210.41 00:09:08 Big T IP-BLOCK 94.228.210.47 00:09:08 Big T IP-BLOCK 217.199.218.103 00:09:56 Big T IP-BLOCK 121.10.120.182 00:09:56 Big T IP-BLOCK 121.10.120.182 00:10:12 Big T IP-BLOCK 95.143.192.240 00:10:36 Big T IP-BLOCK 94.96.198.249 00:10:36 Big T IP-BLOCK 95.143.192.30 00:10:36 Big T IP-BLOCK 95.143.193.5 00:11:48 Big T IP-BLOCK 94.96.152.199 00:13:41 Big T IP-BLOCK 94.96.152.12 00:17:09 Big T IP-BLOCK 94.96.34.203 00:21:42 Big T IP-BLOCK 206.53.50.243 00:21:42 Big T IP-BLOCK 89.149.217.43 00:21:42 Big T IP-BLOCK 188.65.50.18 00:21:50 Big T IP-BLOCK 222.65.111.34 00:22:22 Big T IP-BLOCK 89.28.48.239 00:23:02 Big T IP-BLOCK 94.96.162.239

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4263 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 7/1/2010 3:48:32 AM mbam-log-2010-07-01 (03-48-32).txt Scan type: Quick scan Objects scanned: 134965 Time elapsed: 4 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

i just rebooted my computer about 15 minutes ago and i have yet to see a blocked ip. i think its fixed but would you mind leaving the topic unlocked for the full 5 fay period though, just in case it isnt rectified?

yes... i still get them... as i began to type this message i got 5 different blocks

Windows IP Configuration Host Name . . . . . . . . . . . . : BigT-Com Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.net Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet Physical Address. . . . . . . . . : 00-26-18-99-72-DF DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5d5:5700:92b0:ff5e%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, June 29, 2010 4:47:16 AM Lease Expires . . . . . . . . . . : Friday, July 02, 2010 2:20:05 AM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 251667596 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-20-72-C5-00-26-18-99-72-DF DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter 6TO4 Adapter: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e74:244f:afc:b768:6176(Preferred) Link-local IPv6 Address . . . . . : fe80::244f:afc:b768:6176%14(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 7: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Reusable Microsoft 6To4 Adapter: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.gateway.2wire.net: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.69%19(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Disabled Server: home Address: 192.168.1.254 Name: google.com Address: 72.14.209.104 Server: home Address: 192.168.1.254 Name: yahoo.com Addresses: 209.191.122.70 67.195.160.76 69.147.125.65 72.30.2.43 98.137.149.56 Pinging google.com [72.14.209.104] with 32 bytes of data: Reply from 72.14.209.104: bytes=32 time=98ms TTL=47 Reply from 72.14.209.104: bytes=32 time=84ms TTL=47 Ping statistics for 72.14.209.104: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 84ms, Maximum = 98ms, Average = 91ms Pinging yahoo.com [98.137.149.56] with 32 bytes of data: Reply from 98.137.149.56: bytes=32 time=92ms TTL=47 Reply from 98.137.149.56: bytes=32 time=140ms TTL=47 Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 92ms, Maximum = 140ms, Average = 116ms =========================================================================== Interface List 11...00 26 18 99 72 df ......NVIDIA nForce 10/100 Mbps Ethernet 1...........................Software Loopback Interface 1 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3 17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.69 276 192.168.1.69 255.255.255.255 On-link 192.168.1.69 276 192.168.1.255 255.255.255.255 On-link 192.168.1.69 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.69 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.69 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 14 58 ::/0 On-link 1 306 ::1/128 On-link 14 58 2001::/32 On-link 14 306 2001:0:4137:9e74:244f:afc:b768:6176/128 On-link 11 276 fe80::/64 On-link 14 306 fe80::/64 On-link 19 281 fe80::5efe:192.168.1.69/128 On-link 11 276 fe80::5d5:5700:92b0:ff5e/128 On-link 14 306 fe80::244f:afc:b768:6176/128 On-link 1 306 ff00::/8 On-link 14 306 ff00::/8 On-link 11 276 ff00::/8 On-link =========================================================================== Persistent Routes: None

i have uninstalled the adobe software as well as removed that line from my host file... what is next?

well mbam is constantly blocking attempts to connect to malicious ip's. even when im not connected to the internet, the attempts are still being made, so i it must be local, but the scans i have done havent found anything... i've done MBAM scans as well as Microsoft security essential scans. i update before i scan every time.. Here OTL log OTL logfile created on: 6/30/2010 2:19:14 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Big T\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 69.00% Memory free 15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684.78 Gb Total Space | 82.73 Gb Free Space | 12.08% Space Free | Partition Type: NTFS Drive D: | 13.86 Gb Total Space | 1.96 Gb Free Space | 14.11% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BIGT-COM Current User Name: Big T Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/30 13:58:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Big T\Desktop\OTL.exe PRC - [2010/06/26 03:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/05/14 02:24:16 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/04/29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/03/04 17:52:02 | 001,318,912 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe PRC - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009/08/28 11:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009/07/25 11:22:36 | 000,376,320 | ---- | M] (Image-Line) -- C:\Program Files (x86)\Image-Line\FL Studio 9\FL.exe PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2008/03/14 03:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2008/03/14 03:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2008/03/14 03:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (SafeList) ========== MOD - [2010/06/30 13:58:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Big T\Desktop\OTL.exe MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009/12/17 18:09:00 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/06/17 03:14:42 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/12/26 05:34:24 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009/12/17 18:13:58 | 001,394,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2009/12/17 18:08:54 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009/07/13 15:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2008/03/14 03:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd) SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/04/29 14:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010/03/18 19:00:50 | 000,055,296 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010/03/16 02:06:16 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/03/03 08:45:00 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/11/08 22:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009/10/16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007/05/01 02:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2010/02/28 07:36:21 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64) DRV - [2009/10/14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009/06/10 16:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009/06/10 16:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2009/04/06 16:32:46 | 000,015,504 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mbam.sys -- (MBAMProtector) DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/ IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1 FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.6 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100629 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/29 03:07:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/29 03:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/20 00:47:07 | 000,000,000 | ---D | M] [2010/06/29 03:07:54 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Extensions [2010/03/28 21:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big T\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/02 10:16:49 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Extensions\MediaCoder [2009/10/17 22:39:59 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com [2010/06/30 12:01:18 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions [2010/06/30 12:01:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/06/29 03:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} [2010/06/29 03:25:49 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010/06/29 03:23:40 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010/06/29 03:20:14 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2010/06/29 03:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/06/29 03:11:10 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010/06/29 03:23:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/06/29 03:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2010/06/29 03:52:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/06/29 03:54:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/06/30 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\nasanightlaunch@example.com [2010/06/29 03:20:14 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\piclens@cooliris.com [2010/06/29 03:07:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2009/09/24 10:03:01 | 000,000,789 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O3 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108291 O7 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\..Trusted Domains: blackberry.com ([mobileapps] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Big T\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Big T\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1b6aae88-d0bf-11de-815c-0026189972df}\Shell - "" = AutoRun O33 - MountPoints2\{1b6aae88-d0bf-11de-815c-0026189972df}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O33 - MountPoints2\{1b6aaff9-d0bf-11de-815c-0026189972df}\Shell - "" = AutoRun O33 - MountPoints2\{1b6aaff9-d0bf-11de-815c-0026189972df}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O33 - MountPoints2\{1d6ecda4-a4eb-11de-a9fc-0026189972df}\Shell - "" = AutoRun O33 - MountPoints2\{1d6ecda4-a4eb-11de-a9fc-0026189972df}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O33 - MountPoints2\{40174647-30d3-11df-90b5-0026189972df}\Shell - "" = AutoRun O33 - MountPoints2\{40174647-30d3-11df-90b5-0026189972df}\Shell\AutoRun\command - "" = F:\win\CDSplash.exe -- File not found O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/30 13:58:08 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Big T\Desktop\OTL.exe [2010/06/30 02:00:00 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\Adobe [2010/06/29 04:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010/06/29 03:07:48 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\Mozilla [2010/06/29 03:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010/06/28 21:36:14 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\vlc [2010/06/28 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\Applied Acoustics Systems [2010/06/28 13:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AAS [2010/06/28 12:19:26 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2010/06/28 12:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LUXONIX [2010/06/28 12:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments [2010/06/26 19:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Participatory Culture Foundation [2010/06/26 19:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer [2010/06/26 02:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010/06/25 13:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/06/25 13:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/06/25 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/06/25 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010/06/23 19:43:20 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\cache [2010/06/23 03:00:45 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010/06/23 03:00:45 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010/06/23 03:00:45 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010/06/23 03:00:45 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010/06/23 03:00:45 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010/06/23 03:00:45 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010/06/23 03:00:45 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010/06/23 03:00:44 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010/06/22 22:18:04 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010/06/22 22:18:04 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010/06/22 22:18:04 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010/06/22 22:18:03 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010/06/22 22:18:03 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010/06/22 22:18:03 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010/06/22 22:18:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010/06/22 19:17:43 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010/06/21 15:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade [2010/06/21 15:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aspyr [2010/06/20 00:15:51 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\Adobe [2010/06/20 00:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2010/06/18 19:16:40 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\rere Megab_files [2010/06/18 00:47:51 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\Audacity files [2010/06/17 23:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2010/06/17 21:03:27 | 000,090,112 | ---- | C] (Saikeware Technology Co., Ltd. CHINA) -- C:\Windows\SysWow64\MijFrc.dll [2010/06/17 21:03:27 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\MotioninJoy [2010/06/17 21:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MotioninJoy [2010/06/17 21:03:26 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll [2010/06/17 21:03:26 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys [2010/06/17 21:03:26 | 000,055,296 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys [2010/06/17 21:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy [2010/06/17 20:59:25 | 000,046,592 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll [2010/06/17 20:59:25 | 000,019,456 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusbd-9x.exe [2010/06/17 20:59:25 | 000,018,944 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusbd-nt.exe [2010/06/17 20:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibUSB-Win32-0.1.10.1 [2010/06/15 17:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GSi [2010/06/15 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sfArk [2010/06/14 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Big T\.idlerc [2010/06/14 17:34:32 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\mb beezy_files [2010/06/13 14:58:36 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll [2010/06/13 14:58:35 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll [2010/06/13 14:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software [2010/06/13 14:56:57 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\Propellerhead Software [2010/06/12 09:38:32 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\New folder [2010/06/10 12:54:14 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010/06/10 12:54:14 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/06/10 12:54:14 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010/06/10 12:54:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/06/09 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Big T\Desktop\Adobe CS5 [2010/06/07 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\HP [2010/06/07 19:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com [2010/06/06 22:35:57 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\C++ practice [2010/06/06 10:03:42 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\Cooliris [2010/06/05 08:20:39 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\HandBrake [2010/06/05 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\HandBrake [2010/06/05 08:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handbrake [2010/06/04 22:20:28 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2010/06/04 22:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation [2010/06/04 20:07:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010/06/04 20:06:59 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\Games for Windows - LIVE Demos [2010/06/04 20:05:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2010/06/04 20:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010/06/04 12:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aquaria [2010/06/03 17:05:04 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\IObit [2010/06/02 14:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI MP4 Converter [2010/06/02 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\Broad Intelligence [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/30 14:19:45 | 006,029,312 | ---- | M] () -- C:\Users\Big T\ntuser.dat [2010/06/30 13:58:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Big T\Desktop\OTL.exe [2010/06/30 01:55:58 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/30 01:55:58 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/30 01:11:41 | 000,293,376 | ---- | M] () -- C:\Users\Big T\Desktop\qnd1s2ei.exe [2010/06/30 01:11:20 | 000,525,824 | ---- | M] () -- C:\Users\Big T\Desktop\dds.scr [2010/06/30 01:09:18 | 000,050,477 | ---- | M] () -- C:\Users\Big T\Desktop\Defogger.exe [2010/06/29 04:53:07 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/06/29 04:53:07 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/06/29 04:53:07 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/06/29 04:47:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/29 04:47:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/29 04:45:49 | 001,189,875 | -H-- | M] () -- C:\Users\Big T\AppData\Local\IconCache.db [2010/06/29 04:43:03 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/06/29 02:51:52 | 000,098,544 | ---- | M] () -- C:\Users\Big T\Documents\cc_20100629_025145.reg [2010/06/29 02:28:49 | 002,027,030 | ---- | M] () -- C:\Users\Big T\Documents\bookmarks.html [2010/06/29 02:28:39 | 001,472,475 | ---- | M] () -- C:\Users\Big T\Documents\New Bookmarks.json [2010/06/28 21:35:57 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010/06/27 04:07:12 | 000,022,016 | ---- | M] () -- C:\Users\Big T\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/26 19:15:25 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\VistaGlazz.lnk [2010/06/25 13:24:01 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/06/25 00:55:53 | 022,102,384 | ---- | M] () -- C:\Users\Big T\AppData\Local\rx_image.Cache [2010/06/25 00:55:52 | 001,431,332 | ---- | M] () -- C:\Users\Big T\AppData\Local\rx_audio.Cache [2010/06/23 03:16:26 | 000,524,288 | -HS- | M] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010/06/23 03:16:26 | 000,524,288 | -HS- | M] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010/06/23 03:16:26 | 000,065,536 | -HS- | M] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TM.blf [2010/06/21 18:20:52 | 005,018,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/06/21 18:19:18 | 005,767,168 | -HS- | M] () -- C:\Users\Big T\NTUSER.DAT_tureg_old [2010/06/21 15:28:57 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Tony Hawks Pro Skater 4.lnk [2010/06/20 00:15:11 | 000,121,144 | ---- | M] () -- C:\Users\Big T\AppData\Local\GDIPFONTCACHEV1.DAT [2010/06/20 00:12:24 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk [2010/06/18 19:16:41 | 000,018,498 | ---- | M] () -- C:\Users\Big T\Documents\rere Megab.htm [2010/06/18 15:22:27 | 000,019,109 | ---- | M] () -- C:\Windows\hpqins13.dat [2010/06/18 12:24:20 | 000,001,156 | ---- | M] () -- C:\Users\Big T\AppData\Roaming\wklnhst.dat [2010/06/18 12:23:11 | 000,676,864 | ---- | M] () -- C:\Users\Big T\Documents\Ma.wps [2010/06/17 23:15:22 | 000,000,945 | ---- | M] () -- C:\Users\Big T\Desktop\Audacity.lnk [2010/06/17 21:13:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010/06/17 21:13:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2010/06/17 21:03:27 | 000,000,949 | ---- | M] () -- C:\Users\Big T\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk [2010/06/17 21:03:27 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk [2010/06/15 21:43:51 | 000,291,345 | ---- | M] () -- C:\Users\Big T\Documents\QuicksortIsOptimal.pdf [2010/06/15 13:41:06 | 002,657,900 | ---- | M] () -- C:\Users\Big T\Documents\driver hanfbook aurelia.PDF [2010/06/14 17:34:32 | 000,018,524 | ---- | M] () -- C:\Users\Big T\Documents\mb beezy.htm [2010/06/14 12:10:36 | 000,000,396 | ---- | M] () -- C:\Users\Big T\Documents\key [2010/06/13 14:58:36 | 000,233,472 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll [2010/06/13 14:58:35 | 000,368,640 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll [2010/06/07 23:11:16 | 000,019,527 | ---- | M] () -- C:\Windows\hpqins13.dat.temp [2010/06/07 23:10:30 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2010/06/07 19:26:10 | 000,002,383 | ---- | M] () -- C:\Users\Public\Desktop\Beneath a Steel Sky.lnk [2010/06/06 20:41:37 | 000,022,099 | ---- | M] () -- C:\Users\Big T\Documents\Supply List.ods [2010/06/05 08:51:12 | 000,001,898 | ---- | M] () -- C:\Users\Big T\Documents\mobile.xml [2010/06/04 19:57:57 | 1149,759,532 | ---- | M] () -- C:\Users\Big T\Documents\1.rar [2010/06/04 12:17:36 | 000,001,876 | ---- | M] () -- C:\Users\Big T\Desktop\Aquaria Config.lnk [2010/06/04 12:17:36 | 000,001,867 | ---- | M] () -- C:\Users\Big T\Desktop\Aquaria.lnk [2010/06/02 14:43:43 | 000,001,065 | ---- | M] () -- C:\Users\Big T\Desktop\WinAVI MP4 Converter.lnk [2010/06/01 22:27:11 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Media Sync.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/30 01:11:11 | 000,293,376 | ---- | C] () -- C:\Users\Big T\Desktop\qnd1s2ei.exe [2010/06/30 01:10:54 | 000,525,824 | ---- | C] () -- C:\Users\Big T\Desktop\dds.scr [2010/06/30 01:09:17 | 000,050,477 | ---- | C] () -- C:\Users\Big T\Desktop\Defogger.exe [2010/06/29 04:43:03 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/06/29 02:51:48 | 000,098,544 | ---- | C] () -- C:\Users\Big T\Documents\cc_20100629_025145.reg [2010/06/29 02:28:48 | 002,027,030 | ---- | C] () -- C:\Users\Big T\Documents\bookmarks.html [2010/06/29 02:28:38 | 001,472,475 | ---- | C] () -- C:\Users\Big T\Documents\New Bookmarks.json [2010/06/28 21:35:57 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010/06/26 19:15:25 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\VistaGlazz.lnk [2010/06/25 13:24:01 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/06/21 18:22:48 | 000,524,288 | -HS- | C] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010/06/21 18:22:48 | 000,524,288 | -HS- | C] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010/06/21 18:22:48 | 000,065,536 | -HS- | C] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TM.blf [2010/06/21 18:19:14 | 000,000,000 | -HS- | C] () -- C:\Users\Big T\NTUSER.DAT_tureg_new.LOG2 [2010/06/21 18:19:14 | 000,000,000 | -HS- | C] () -- C:\Users\Big T\NTUSER.DAT_tureg_new.LOG1 [2010/06/21 15:28:57 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Tony Hawks Pro Skater 4.lnk [2010/06/20 00:12:24 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk [2010/06/18 19:16:40 | 000,018,498 | ---- | C] () -- C:\Users\Big T\Documents\rere Megab.htm [2010/06/18 15:22:27 | 000,019,527 | ---- | C] () -- C:\Windows\hpqins13.dat.temp [2010/06/18 12:23:10 | 000,676,864 | ---- | C] () -- C:\Users\Big T\Documents\Ma.wps [2010/06/17 23:15:22 | 000,000,945 | ---- | C] () -- C:\Users\Big T\Desktop\Audacity.lnk [2010/06/17 21:13:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010/06/17 21:13:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2010/06/17 21:03:27 | 000,000,949 | ---- | C] () -- C:\Users\Big T\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk [2010/06/17 21:03:27 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk [2010/06/17 20:59:25 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2010/06/15 21:43:51 | 000,291,345 | ---- | C] () -- C:\Users\Big T\Documents\QuicksortIsOptimal.pdf [2010/06/15 13:44:14 | 002,657,900 | ---- | C] () -- C:\Users\Big T\Documents\driver hanfbook aurelia.PDF [2010/06/14 17:34:31 | 000,018,524 | ---- | C] () -- C:\Users\Big T\Documents\mb beezy.htm [2010/06/14 12:10:36 | 000,000,396 | ---- | C] () -- C:\Users\Big T\Documents\key [2010/06/14 11:49:49 | 000,520,267 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll [2010/06/07 23:10:30 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2010/06/07 23:09:58 | 000,000,736 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/06/07 23:09:57 | 000,019,109 | ---- | C] () -- C:\Windows\hpqins13.dat [2010/06/07 19:26:10 | 000,002,383 | ---- | C] () -- C:\Users\Public\Desktop\Beneath a Steel Sky.lnk [2010/06/06 19:47:44 | 000,022,099 | ---- | C] () -- C:\Users\Big T\Documents\Supply List.ods [2010/06/05 08:51:12 | 000,001,898 | ---- | C] () -- C:\Users\Big T\Documents\mobile.xml [2010/06/04 19:49:01 | 1149,759,532 | ---- | C] () -- C:\Users\Big T\Documents\1.rar [2010/06/04 12:17:36 | 000,001,876 | ---- | C] () -- C:\Users\Big T\Desktop\Aquaria Config.lnk [2010/06/04 12:17:36 | 000,001,867 | ---- | C] () -- C:\Users\Big T\Desktop\Aquaria.lnk [2010/06/02 14:43:43 | 000,001,065 | ---- | C] () -- C:\Users\Big T\Desktop\WinAVI MP4 Converter.lnk [2010/06/01 22:27:11 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Media Sync.lnk [2010/05/08 16:06:20 | 005,423,104 | ---- | C] () -- C:\Windows\SysWow64\tlpsplib10.dll [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/02/21 03:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009/09/25 05:37:42 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2009/09/24 17:43:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/08/16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/05/29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/05/29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/04/16 14:26:28 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll [2009/04/16 14:26:28 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll [2007/02/05 18:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C8B8CEBD < End of report > Extra log OTL Extras logfile created on: 6/30/2010 2:19:14 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Big T\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 69.00% Memory free 15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684.78 Gb Total Space | 82.73 Gb Free Space | 12.08% Space Free | Partition Type: NTFS Drive D: | 13.86 Gb Total Space | 1.96 Gb Free Space | 14.11% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BIGT-COM Current User Name: Big T Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "$INSTDIR\FlvDetector.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found "$INSTDIR\FlvDetector.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst "{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.4.0002 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4723f199-fa64-4233-8e6e-9fccc95a18ef}" = Python 2.6.5 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes "{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}" = Microsoft SQL Server 2008 Setup Support Files (English) "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "HP Photosmart Essential" = HP Photosmart Essential 3.5 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Essentials" = Microsoft Security Essentials "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "TeraCopy_is1" = TeraCopy 2.01 "VistaGlazz_is1" = VistaGlazz 2.0 "WinRAR archiver" = WinRAR archiver "x64 Components_is1" = x64 Components v2.4.9 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1BD05B04-7A33-409A-A714-613163E41935}" = BlackBerry Desktop Software 5.0.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{22439E2F-1CF7-4F8B-992A-3AA3C0553929}" = Yu-Gi-Oh! ONLINE 3 "{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0 "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 20 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry

i have mbam pro and all the time mbam continuously blocks attempts for ip to connect to the internet. upon looking them up they usually are from china with no domain name so they are most likely malicious yet when i scan with mbam it doesnt detect anything. i dont know if i can track down what is causing this by myself... i may have something deeper in my system i do not know. and that is what brings me here... please help me... and thank you in advance. here is my latest MBAM Scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4253 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 6/29/2010 4:59:43 AM mbam-log-2010-06-29 (04-59-43).txt Scan type: Quick scan Objects scanned: 134227 Time elapsed: 4 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:02:39 AM, on 6/29/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Users\Big T\Downloads\Apps\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O13 - Gopher Prefix: O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8097 bytes