Jump to content

mbam constantly blocking harmful ip connection attempts


Recommended Posts

i have mbam pro and all the time mbam continuously blocks attempts for ip to connect to the internet. upon looking them up they usually are from china with no domain name so they are most likely malicious yet when i scan with mbam it doesnt detect anything. i dont know if i can track down what is causing this by myself... i may have something deeper in my system i do not know. and that is what brings me here... please help me... and thank you in advance.

here is my latest MBAM Scan

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4253

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/29/2010 4:59:43 AM

mbam-log-2010-06-29 (04-59-43).txt

Scan type: Quick scan

Objects scanned: 134227

Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is HJT Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:02:39 AM, on 6/29/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Users\Big T\Downloads\Apps\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O13 - Gopher Prefix:

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8097 bytes

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)

Link to post
Share on other sites

well mbam is constantly blocking attempts to connect to malicious ip's. even when im not connected to the internet, the attempts are still being made, so i it must be local, but the scans i have done havent found anything... i've done MBAM scans as well as Microsoft security essential scans. i update before i scan every time..

Here OTL log

OTL logfile created on: 6/30/2010 2:19:14 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Big T\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 69.00% Memory free

15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 684.78 Gb Total Space | 82.73 Gb Free Space | 12.08% Space Free | Partition Type: NTFS

Drive D: | 13.86 Gb Total Space | 1.96 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BIGT-COM

Current User Name: Big T

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/30 13:58:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Big T\Desktop\OTL.exe

PRC - [2010/06/26 03:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/14 02:24:16 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/03/04 17:52:02 | 001,318,912 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe

PRC - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2009/08/28 11:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/07/25 11:22:36 | 000,376,320 | ---- | M] (Image-Line) -- C:\Program Files (x86)\Image-Line\FL Studio 9\FL.exe

PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2008/03/14 03:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

PRC - [2008/03/14 03:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

PRC - [2008/03/14 03:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (SafeList) ==========

MOD - [2010/06/30 13:58:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Big T\Desktop\OTL.exe

MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009/12/17 18:09:00 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010/06/17 03:14:42 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/12/26 05:34:24 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2009/12/17 18:13:58 | 001,394,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2009/12/17 18:08:54 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)

SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2009/07/13 15:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2008/03/14 03:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)

SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/29 14:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/03/18 19:00:50 | 000,055,296 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV:64bit: - [2010/03/16 02:06:16 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/03/03 08:45:00 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/11/24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/11/08 22:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/10/16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2007/05/01 02:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV - [2010/02/28 07:36:21 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)

DRV - [2009/10/14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/06/10 16:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

DRV - [2009/06/10 16:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

DRV - [2009/04/06 16:32:46 | 000,015,504 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mbam.sys -- (MBAMProtector)

DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/

IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2

FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1

FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.6

FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100629

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/29 03:07:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/29 03:07:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/20 00:47:07 | 000,000,000 | ---D | M]

[2010/06/29 03:07:54 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Extensions

[2010/03/28 21:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big T\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/06/02 10:16:49 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Extensions\MediaCoder

[2009/10/17 22:39:59 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com

[2010/06/30 12:01:18 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions

[2010/06/30 12:01:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/29 03:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}

[2010/06/29 03:25:49 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2010/06/29 03:23:40 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

[2010/06/29 03:20:14 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

[2010/06/29 03:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2010/06/29 03:11:10 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2010/06/29 03:23:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/06/29 03:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

[2010/06/29 03:52:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/06/29 03:54:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/06/30 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\nasanightlaunch@example.com

[2010/06/29 03:20:14 | 000,000,000 | ---D | M] -- C:\Users\Big T\AppData\Roaming\Mozilla\Firefox\Profiles\y8wuw2pb.default\extensions\piclens@cooliris.com

[2010/06/29 03:07:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/09/24 10:03:01 | 000,000,789 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O3 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108291

O7 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2099552444-334440546-1167893179-1000\..Trusted Domains: blackberry.com ([mobileapps] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O24 - Desktop WallPaper: C:\Users\Big T\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Big T\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{1b6aae88-d0bf-11de-815c-0026189972df}\Shell - "" = AutoRun

O33 - MountPoints2\{1b6aae88-d0bf-11de-815c-0026189972df}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found

O33 - MountPoints2\{1b6aaff9-d0bf-11de-815c-0026189972df}\Shell - "" = AutoRun

O33 - MountPoints2\{1b6aaff9-d0bf-11de-815c-0026189972df}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found

O33 - MountPoints2\{1d6ecda4-a4eb-11de-a9fc-0026189972df}\Shell - "" = AutoRun

O33 - MountPoints2\{1d6ecda4-a4eb-11de-a9fc-0026189972df}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\{40174647-30d3-11df-90b5-0026189972df}\Shell - "" = AutoRun

O33 - MountPoints2\{40174647-30d3-11df-90b5-0026189972df}\Shell\AutoRun\command - "" = F:\win\CDSplash.exe -- File not found

O33 - MountPoints2\M\Shell - "" = AutoRun

O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/30 13:58:08 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Big T\Desktop\OTL.exe

[2010/06/30 02:00:00 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\Adobe

[2010/06/29 04:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware

[2010/06/29 03:07:48 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\Mozilla

[2010/06/29 03:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2010/06/28 21:36:14 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\vlc

[2010/06/28 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\Applied Acoustics Systems

[2010/06/28 13:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AAS

[2010/06/28 12:19:26 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll

[2010/06/28 12:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LUXONIX

[2010/06/28 12:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments

[2010/06/26 19:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Participatory Culture Foundation

[2010/06/26 19:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer

[2010/06/26 02:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/06/25 13:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/06/25 13:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/06/25 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/06/25 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010/06/23 19:43:20 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\cache

[2010/06/23 03:00:45 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2010/06/23 03:00:45 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2010/06/23 03:00:45 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2010/06/23 03:00:45 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/06/23 03:00:45 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2010/06/23 03:00:45 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2010/06/23 03:00:45 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2010/06/23 03:00:44 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2010/06/22 22:18:04 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/06/22 22:18:04 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/06/22 22:18:04 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/06/22 22:18:03 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/06/22 22:18:03 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/06/22 22:18:03 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/06/22 22:18:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/06/22 19:17:43 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2010/06/21 15:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade

[2010/06/21 15:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aspyr

[2010/06/20 00:15:51 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\Adobe

[2010/06/20 00:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared

[2010/06/18 19:16:40 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\rere Megab_files

[2010/06/18 00:47:51 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\Audacity files

[2010/06/17 23:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2010/06/17 21:03:27 | 000,090,112 | ---- | C] (Saikeware Technology Co., Ltd. CHINA) -- C:\Windows\SysWow64\MijFrc.dll

[2010/06/17 21:03:27 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\MotioninJoy

[2010/06/17 21:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MotioninJoy

[2010/06/17 21:03:26 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll

[2010/06/17 21:03:26 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys

[2010/06/17 21:03:26 | 000,055,296 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys

[2010/06/17 21:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy

[2010/06/17 20:59:25 | 000,046,592 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll

[2010/06/17 20:59:25 | 000,019,456 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusbd-9x.exe

[2010/06/17 20:59:25 | 000,018,944 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusbd-nt.exe

[2010/06/17 20:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibUSB-Win32-0.1.10.1

[2010/06/15 17:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GSi

[2010/06/15 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sfArk

[2010/06/14 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\Big T\.idlerc

[2010/06/14 17:34:32 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\mb beezy_files

[2010/06/13 14:58:36 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll

[2010/06/13 14:58:35 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll

[2010/06/13 14:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software

[2010/06/13 14:56:57 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\Propellerhead Software

[2010/06/12 09:38:32 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\New folder

[2010/06/10 12:54:14 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010/06/10 12:54:14 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010/06/10 12:54:14 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010/06/10 12:54:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010/06/09 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Big T\Desktop\Adobe CS5

[2010/06/07 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\HP

[2010/06/07 19:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com

[2010/06/06 22:35:57 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\C++ practice

[2010/06/06 10:03:42 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\Cooliris

[2010/06/05 08:20:39 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\HandBrake

[2010/06/05 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\HandBrake

[2010/06/05 08:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handbrake

[2010/06/04 22:20:28 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2010/06/04 22:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation

[2010/06/04 20:07:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2010/06/04 20:06:59 | 000,000,000 | ---D | C] -- C:\Users\Big T\Documents\Games for Windows - LIVE Demos

[2010/06/04 20:05:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2010/06/04 20:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2010/06/04 12:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aquaria

[2010/06/03 17:05:04 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Roaming\IObit

[2010/06/02 14:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI MP4 Converter

[2010/06/02 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Big T\AppData\Local\Broad Intelligence

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/30 14:19:45 | 006,029,312 | ---- | M] () -- C:\Users\Big T\ntuser.dat

[2010/06/30 13:58:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Big T\Desktop\OTL.exe

[2010/06/30 01:55:58 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/30 01:55:58 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/30 01:11:41 | 000,293,376 | ---- | M] () -- C:\Users\Big T\Desktop\qnd1s2ei.exe

[2010/06/30 01:11:20 | 000,525,824 | ---- | M] () -- C:\Users\Big T\Desktop\dds.scr

[2010/06/30 01:09:18 | 000,050,477 | ---- | M] () -- C:\Users\Big T\Desktop\Defogger.exe

[2010/06/29 04:53:07 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/06/29 04:53:07 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/06/29 04:53:07 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/06/29 04:47:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/29 04:47:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/29 04:45:49 | 001,189,875 | -H-- | M] () -- C:\Users\Big T\AppData\Local\IconCache.db

[2010/06/29 04:43:03 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk

[2010/06/29 02:51:52 | 000,098,544 | ---- | M] () -- C:\Users\Big T\Documents\cc_20100629_025145.reg

[2010/06/29 02:28:49 | 002,027,030 | ---- | M] () -- C:\Users\Big T\Documents\bookmarks.html

[2010/06/29 02:28:39 | 001,472,475 | ---- | M] () -- C:\Users\Big T\Documents\New Bookmarks.json

[2010/06/28 21:35:57 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/06/27 04:07:12 | 000,022,016 | ---- | M] () -- C:\Users\Big T\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/26 19:15:25 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\VistaGlazz.lnk

[2010/06/25 13:24:01 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/25 00:55:53 | 022,102,384 | ---- | M] () -- C:\Users\Big T\AppData\Local\rx_image.Cache

[2010/06/25 00:55:52 | 001,431,332 | ---- | M] () -- C:\Users\Big T\AppData\Local\rx_audio.Cache

[2010/06/23 03:16:26 | 000,524,288 | -HS- | M] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/23 03:16:26 | 000,524,288 | -HS- | M] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/23 03:16:26 | 000,065,536 | -HS- | M] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TM.blf

[2010/06/21 18:20:52 | 005,018,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/06/21 18:19:18 | 005,767,168 | -HS- | M] () -- C:\Users\Big T\NTUSER.DAT_tureg_old

[2010/06/21 15:28:57 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Tony Hawks Pro Skater 4.lnk

[2010/06/20 00:15:11 | 000,121,144 | ---- | M] () -- C:\Users\Big T\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/06/20 00:12:24 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk

[2010/06/18 19:16:41 | 000,018,498 | ---- | M] () -- C:\Users\Big T\Documents\rere Megab.htm

[2010/06/18 15:22:27 | 000,019,109 | ---- | M] () -- C:\Windows\hpqins13.dat

[2010/06/18 12:24:20 | 000,001,156 | ---- | M] () -- C:\Users\Big T\AppData\Roaming\wklnhst.dat

[2010/06/18 12:23:11 | 000,676,864 | ---- | M] () -- C:\Users\Big T\Documents\Ma.wps

[2010/06/17 23:15:22 | 000,000,945 | ---- | M] () -- C:\Users\Big T\Desktop\Audacity.lnk

[2010/06/17 21:13:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2010/06/17 21:13:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf

[2010/06/17 21:03:27 | 000,000,949 | ---- | M] () -- C:\Users\Big T\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk

[2010/06/17 21:03:27 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk

[2010/06/15 21:43:51 | 000,291,345 | ---- | M] () -- C:\Users\Big T\Documents\QuicksortIsOptimal.pdf

[2010/06/15 13:41:06 | 002,657,900 | ---- | M] () -- C:\Users\Big T\Documents\driver hanfbook aurelia.PDF

[2010/06/14 17:34:32 | 000,018,524 | ---- | M] () -- C:\Users\Big T\Documents\mb beezy.htm

[2010/06/14 12:10:36 | 000,000,396 | ---- | M] () -- C:\Users\Big T\Documents\key

[2010/06/13 14:58:36 | 000,233,472 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll

[2010/06/13 14:58:35 | 000,368,640 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll

[2010/06/07 23:11:16 | 000,019,527 | ---- | M] () -- C:\Windows\hpqins13.dat.temp

[2010/06/07 23:10:30 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

[2010/06/07 19:26:10 | 000,002,383 | ---- | M] () -- C:\Users\Public\Desktop\Beneath a Steel Sky.lnk

[2010/06/06 20:41:37 | 000,022,099 | ---- | M] () -- C:\Users\Big T\Documents\Supply List.ods

[2010/06/05 08:51:12 | 000,001,898 | ---- | M] () -- C:\Users\Big T\Documents\mobile.xml

[2010/06/04 19:57:57 | 1149,759,532 | ---- | M] () -- C:\Users\Big T\Documents\1.rar

[2010/06/04 12:17:36 | 000,001,876 | ---- | M] () -- C:\Users\Big T\Desktop\Aquaria Config.lnk

[2010/06/04 12:17:36 | 000,001,867 | ---- | M] () -- C:\Users\Big T\Desktop\Aquaria.lnk

[2010/06/02 14:43:43 | 000,001,065 | ---- | M] () -- C:\Users\Big T\Desktop\WinAVI MP4 Converter.lnk

[2010/06/01 22:27:11 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Media Sync.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/30 01:11:11 | 000,293,376 | ---- | C] () -- C:\Users\Big T\Desktop\qnd1s2ei.exe

[2010/06/30 01:10:54 | 000,525,824 | ---- | C] () -- C:\Users\Big T\Desktop\dds.scr

[2010/06/30 01:09:17 | 000,050,477 | ---- | C] () -- C:\Users\Big T\Desktop\Defogger.exe

[2010/06/29 04:43:03 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk

[2010/06/29 02:51:48 | 000,098,544 | ---- | C] () -- C:\Users\Big T\Documents\cc_20100629_025145.reg

[2010/06/29 02:28:48 | 002,027,030 | ---- | C] () -- C:\Users\Big T\Documents\bookmarks.html

[2010/06/29 02:28:38 | 001,472,475 | ---- | C] () -- C:\Users\Big T\Documents\New Bookmarks.json

[2010/06/28 21:35:57 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/06/26 19:15:25 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\VistaGlazz.lnk

[2010/06/25 13:24:01 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/21 18:22:48 | 000,524,288 | -HS- | C] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

[2010/06/21 18:22:48 | 000,524,288 | -HS- | C] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

[2010/06/21 18:22:48 | 000,065,536 | -HS- | C] () -- C:\Users\Big T\ntuser.dat{fe008d74-7d8a-11df-b373-806e6f6e6963}.TM.blf

[2010/06/21 18:19:14 | 000,000,000 | -HS- | C] () -- C:\Users\Big T\NTUSER.DAT_tureg_new.LOG2

[2010/06/21 18:19:14 | 000,000,000 | -HS- | C] () -- C:\Users\Big T\NTUSER.DAT_tureg_new.LOG1

[2010/06/21 15:28:57 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Tony Hawks Pro Skater 4.lnk

[2010/06/20 00:12:24 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Audition 3.0.lnk

[2010/06/18 19:16:40 | 000,018,498 | ---- | C] () -- C:\Users\Big T\Documents\rere Megab.htm

[2010/06/18 15:22:27 | 000,019,527 | ---- | C] () -- C:\Windows\hpqins13.dat.temp

[2010/06/18 12:23:10 | 000,676,864 | ---- | C] () -- C:\Users\Big T\Documents\Ma.wps

[2010/06/17 23:15:22 | 000,000,945 | ---- | C] () -- C:\Users\Big T\Desktop\Audacity.lnk

[2010/06/17 21:13:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2010/06/17 21:13:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf

[2010/06/17 21:03:27 | 000,000,949 | ---- | C] () -- C:\Users\Big T\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk

[2010/06/17 21:03:27 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk

[2010/06/17 20:59:25 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys

[2010/06/15 21:43:51 | 000,291,345 | ---- | C] () -- C:\Users\Big T\Documents\QuicksortIsOptimal.pdf

[2010/06/15 13:44:14 | 002,657,900 | ---- | C] () -- C:\Users\Big T\Documents\driver hanfbook aurelia.PDF

[2010/06/14 17:34:31 | 000,018,524 | ---- | C] () -- C:\Users\Big T\Documents\mb beezy.htm

[2010/06/14 12:10:36 | 000,000,396 | ---- | C] () -- C:\Users\Big T\Documents\key

[2010/06/14 11:49:49 | 000,520,267 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll

[2010/06/07 23:10:30 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk

[2010/06/07 23:09:58 | 000,000,736 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/06/07 23:09:57 | 000,019,109 | ---- | C] () -- C:\Windows\hpqins13.dat

[2010/06/07 19:26:10 | 000,002,383 | ---- | C] () -- C:\Users\Public\Desktop\Beneath a Steel Sky.lnk

[2010/06/06 19:47:44 | 000,022,099 | ---- | C] () -- C:\Users\Big T\Documents\Supply List.ods

[2010/06/05 08:51:12 | 000,001,898 | ---- | C] () -- C:\Users\Big T\Documents\mobile.xml

[2010/06/04 19:49:01 | 1149,759,532 | ---- | C] () -- C:\Users\Big T\Documents\1.rar

[2010/06/04 12:17:36 | 000,001,876 | ---- | C] () -- C:\Users\Big T\Desktop\Aquaria Config.lnk

[2010/06/04 12:17:36 | 000,001,867 | ---- | C] () -- C:\Users\Big T\Desktop\Aquaria.lnk

[2010/06/02 14:43:43 | 000,001,065 | ---- | C] () -- C:\Users\Big T\Desktop\WinAVI MP4 Converter.lnk

[2010/06/01 22:27:11 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Media Sync.lnk

[2010/05/08 16:06:20 | 005,423,104 | ---- | C] () -- C:\Windows\SysWow64\tlpsplib10.dll

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/02/21 03:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009/09/25 05:37:42 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI

[2009/09/24 17:43:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/08/16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/05/29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/05/29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/04/16 14:26:28 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll

[2009/04/16 14:26:28 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll

[2007/02/05 18:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C8B8CEBD

< End of report >

Extra log

OTL Extras logfile created on: 6/30/2010 2:19:14 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Big T\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 69.00% Memory free

15.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 684.78 Gb Total Space | 82.73 Gb Free Space | 12.08% Space Free | Partition Type: NTFS

Drive D: | 13.86 Gb Total Space | 1.96 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BIGT-COM

Current User Name: Big T

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2099552444-334440546-1167893179-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"$INSTDIR\FlvDetector.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found

"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found

"$INSTDIR\FlvDetector.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found

"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst

"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support

"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.4.0002

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4723f199-fa64-4233-8e6e-9fccc95a18ef}" = Python 2.6.5 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes

"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}" = Microsoft SQL Server 2008 Setup Support Files (English)

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Essentials" = Microsoft Security Essentials

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"TeraCopy_is1" = TeraCopy 2.01

"VistaGlazz_is1" = VistaGlazz 2.0

"WinRAR archiver" = WinRAR archiver

"x64 Components_is1" = x64 Components v2.4.9

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1BD05B04-7A33-409A-A714-613163E41935}" = BlackBerry Desktop Software 5.0.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{22439E2F-1CF7-4F8B-992A-3AA3C0553929}" = Yu-Gi-Oh! ONLINE 3

"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 20

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry

Link to post
Share on other sites

Hello again,

First of all this: I found the following entry in your log:

O1 - Hosts: 127.0.0.1 activate.adobe.com
This indicates you are using a pirated version of Adobe software. Since such pirated/cracked applications often bring malware with them (see also the information below).

Therefore please remove this software before continuing with the cleanup. If you do not do so, the risk is that you will end up with unusable programs. Our tools will remove possible malware components of the illegal software and leave the application corrupt.

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Hello again,

First of all, please reset your router. It should have a button for that on the backside.

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0

Go to the File menu at the top of the Notepad and select Save as.

Select save in: desktop

Fill in File name: test.bat

Save as type: All file types (*.*)

Click save.

Close the Notepad.

Locate and double-click tast.bat on the desktop.

A notepad opens, copy and paste the content it (log1.txt) to your reply.

Link to post
Share on other sites

Windows IP Configuration

Host Name . . . . . . . . . . . . : BigT-Com

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet

Physical Address. . . . . . . . . : 00-26-18-99-72-DF

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::5d5:5700:92b0:ff5e%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Tuesday, June 29, 2010 4:47:16 AM

Lease Expires . . . . . . . . . . : Friday, July 02, 2010 2:20:05 AM

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DHCPv6 IAID . . . . . . . . . . . : 251667596

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-20-72-C5-00-26-18-99-72-DF

DNS Servers . . . . . . . . . . . : 192.168.1.254

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e74:244f:afc:b768:6176(Preferred)

Link-local IPv6 Address . . . . . : fe80::244f:afc:b768:6176%14(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.69%19(Preferred)

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.1.254

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: home

Address: 192.168.1.254

Name: google.com

Address: 72.14.209.104

Server: home

Address: 192.168.1.254

Name: yahoo.com

Addresses: 209.191.122.70

67.195.160.76

69.147.125.65

72.30.2.43

98.137.149.56

Pinging google.com [72.14.209.104] with 32 bytes of data:

Reply from 72.14.209.104: bytes=32 time=98ms TTL=47

Reply from 72.14.209.104: bytes=32 time=84ms TTL=47

Ping statistics for 72.14.209.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 84ms, Maximum = 98ms, Average = 91ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=92ms TTL=47

Reply from 98.137.149.56: bytes=32 time=140ms TTL=47

Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 140ms, Average = 116ms

===========================================================================

Interface List

11...00 26 18 99 72 df ......NVIDIA nForce 10/100 Mbps Ethernet

1...........................Software Loopback Interface 1

13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2

16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3

17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4

18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5

19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 20

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.69 276

192.168.1.69 255.255.255.255 On-link 192.168.1.69 276

192.168.1.255 255.255.255.255 On-link 192.168.1.69 276

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.69 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.69 276

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

14 58 ::/0 On-link

1 306 ::1/128 On-link

14 58 2001::/32 On-link

14 306 2001:0:4137:9e74:244f:afc:b768:6176/128

On-link

11 276 fe80::/64 On-link

14 306 fe80::/64 On-link

19 281 fe80::5efe:192.168.1.69/128

On-link

11 276 fe80::5d5:5700:92b0:ff5e/128

On-link

14 306 fe80::244f:afc:b768:6176/128

On-link

1 306 ff00::/8 On-link

14 306 ff00::/8 On-link

11 276 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4263

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/1/2010 3:48:32 AM

mbam-log-2010-07-01 (03-48-32).txt

Scan type: Quick scan

Objects scanned: 134965

Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello again, do you have any issues left?

INSTALL ANTIVIRUS

---------------------------

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Link to post
Share on other sites

i have microsoft security essentials... idk why it didnt show...

anyway, i am still having that problem...

here is the protection log from the past 30 minutes

00:04:19 Big T IP-BLOCK 95.143.192.30

00:04:19 Big T IP-BLOCK 95.143.193.5

00:04:27 Big T IP-BLOCK 94.96.15.208

00:04:59 Big T IP-BLOCK 95.143.193.5

00:05:07 Big T IP-BLOCK 95.143.192.30

00:06:11 Big T IP-BLOCK 83.233.165.43

00:06:11 Big T IP-BLOCK 95.143.192.240

00:06:19 Big T IP-BLOCK 95.143.192.30

00:06:19 Big T IP-BLOCK 95.143.193.5

00:06:27 Big T IP-BLOCK 94.96.175.36

00:06:43 Big T IP-BLOCK 67.212.69.254

00:06:59 Big T IP-BLOCK 67.212.69.254

00:07:07 Big T IP-BLOCK 89.28.108.160

00:07:15 Big T IP-BLOCK 95.211.10.39

00:07:55 Big T IP-BLOCK 95.143.192.30

00:08:11 Big T IP-BLOCK 208.73.210.28

00:08:20 Big T IP-BLOCK 85.159.232.28

00:09:08 Big T IP-BLOCK 94.228.210.47

00:09:08 Big T IP-BLOCK 94.228.210.41

00:09:08 Big T IP-BLOCK 94.228.210.41

00:09:08 Big T IP-BLOCK 94.228.210.41

00:09:08 Big T IP-BLOCK 94.228.210.47

00:09:08 Big T IP-BLOCK 217.199.218.103

00:09:56 Big T IP-BLOCK 121.10.120.182

00:09:56 Big T IP-BLOCK 121.10.120.182

00:10:12 Big T IP-BLOCK 95.143.192.240

00:10:36 Big T IP-BLOCK 94.96.198.249

00:10:36 Big T IP-BLOCK 95.143.192.30

00:10:36 Big T IP-BLOCK 95.143.193.5

00:11:48 Big T IP-BLOCK 94.96.152.199

00:13:41 Big T IP-BLOCK 94.96.152.12

00:17:09 Big T IP-BLOCK 94.96.34.203

00:21:42 Big T IP-BLOCK 206.53.50.243

00:21:42 Big T IP-BLOCK 89.149.217.43

00:21:42 Big T IP-BLOCK 188.65.50.18

00:21:50 Big T IP-BLOCK 222.65.111.34

00:22:22 Big T IP-BLOCK 89.28.48.239

00:23:02 Big T IP-BLOCK 94.96.162.239

Link to post
Share on other sites

Hello again,

Please let me know how things are after running the following fix.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

I believe the last fix helped a lot.. there have been only 1 attempt since my restart 30 mins ago

thats down from about

22:06:55 Big T MESSAGE IP Protection stopped

22:06:56 Big T MESSAGE IP Protection started successfully

22:35:59 Big T IP-BLOCK 121.9.45.20

------------------------------------------------------------------------------------------------------------------------------------------------------

Here is the report

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Big T

->Temp folder emptied: 209989820 bytes

->Temporary Internet Files folder emptied: 29834345 bytes

->Java cache emptied: 81316061 bytes

->FireFox cache emptied: 103160160 bytes

->Flash cache emptied: 76956 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mcx1-BIGT-COM

->Temp folder emptied: 516 bytes

->Temporary Internet Files folder emptied: 119524 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 62601872 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes

RecycleBin emptied: 1465541166 bytes

Total Files Cleaned = 1,862.00 mb

OTL by OldTimer - Version 3.2.7.0 log created on 07052010_215913

Files\Folders moved on Reboot...

C:\Users\Big T\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hello again,

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

all keygens.... kinda freaked me out...

C:\Users\Big T\Documents\Vuze Downloads\Bejeweled_2_Deluxe-popcapgames\Bejeweled2Setup-en.exe Win32/TrojanDownloader.VB.ONX trojan deleted - quarantined

C:\Users\Big T\Downloads\Apps\Adobe.rar probably a variant of Win32/Agent trojan deleted - quarantined

C:\Users\Big T\Downloads\Games\Portable Elf Bowling 7 17 The Last Insult[g3n].exe probably a variant of Win32/Agent trojan deleted - quarantined

C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T].rar multiple threats deleted - quarantined

C:\Users\Big T\Downloads\Vuze\VST & VSTi Plugins\VSTi\Rob Papen Predator 1.1.0 VSTi\Rob Papen Predator 1.1.0 (Keygen).exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T]\[ - VSTi - ]\FXpansion.Guru.v1.5.12.VSTi.RTAS.Incl.KeyGen-NGEN\KeyGen\nGen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T]\[ - VSTi - ]\Novation.Bass-Station.VSTi.v1.5.incl.Keygen-AiR\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T]\[ - VSTi - ]\Novation.V-Station.VSTi.v1.5.incl.Keygen-AiR\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

C:\Users\Big T\Downloads\Vuze\VsT pack By [bIG T]\[ - VSTi - ]\Spectralhead.Audio.Silverbox.VSTi.v1.0.incl.Keygen-AiR\Keygen.exe probably a variant of Win32/Spy.Agent trojan cleaned by deleting - quarantined

Link to post
Share on other sites

Hello again,

As explained before it really is not a good idea to continue using cracks/keygens or otherwise illegal software. Do not be surprised you keep getting infected if you continue to use this.

Except for the IP blocks, how is your computer running now? Do the blocks also occur when your computer is not connected to the internet (power down router)?

Link to post
Share on other sites

My computer has been running fine other than the ip blocks.... even those are remedied now i believe... the only ip blocks i have recieved since yesterday have been intentional tests.... Although there is anouther computer connected to my router, which may not be so clean, could that affect this computer?

Link to post
Share on other sites

Yes, that is possible, depending a bit on the type of malware it is infected with. Best would be to disconnect it from the router and make first sure its clean (you can post a new topic for it if you wish; make sure to specify this is about another computer, not the same one as in this topic).

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :D

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Run OTL and click the Cleanup button, allow a reboot. This will remove all tools and logs we used.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.