Jump to content

Recommended Posts

I've added the OTL Scans based on what I was able to find in another post. I tried to run the Rootkit Unhooker exe, but was unable to run it. Went to http;//www.7-zip.org/ for the download to run it, but it wouldn't load even when I tried mirror sites.

OTL logfile created on: 12/6/2010 11:22:18 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ariel\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 127.63 Gb Free Space | 57.29% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.64 Gb Free Space | 56.41% Space Free | Partition Type: NTFS

Drive G: | 1.78 Gb Total Space | 0.00 Gb Free Space | 0.26% Space Free | Partition Type: FAT32

Drive H: | 1862.36 Gb Total Space | 1838.06 Gb Free Space | 98.70% Space Free | Partition Type: NTFS

Drive I: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AVESTRUZ-PC | User Name: Ariel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/06 11:21:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ariel\Desktop\OTL.exe

PRC - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

PRC - [2010/09/30 12:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2010/01/21 15:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

PRC - [2010/01/21 15:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

PRC - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/11/11 14:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe

PRC - [2009/09/17 18:50:48 | 000,935,240 | ---- | M] (AT&T Inc.) -- C:\Users\Ariel\AppData\Local\ATT Connect\Participant\pull.exe

PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007/02/07 23:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe

PRC - [2006/11/18 06:01:42 | 000,182,744 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

PRC - [2006/11/18 06:01:32 | 000,272,856 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

PRC - [2006/11/18 06:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

PRC - [2006/11/03 17:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe

PRC - [2006/11/02 06:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe

PRC - [2006/11/02 03:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

PRC - [2006/10/29 08:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

PRC - [2006/09/29 11:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2010/12/06 11:21:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ariel\Desktop\OTL.exe

MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/30 19:40:11 | 003,020,376 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_5632d69.dll -- (Akamai)

SRV - [2010/10/13 21:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)

SRV - [2010/10/13 21:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/19 01:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008/01/19 01:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/12/11 15:50:14 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)

SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2006/11/18 06:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®

SRV - [2006/11/18 06:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®

SRV - [2006/11/18 06:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®

SRV - [2006/11/18 05:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®

SRV - [2006/11/18 05:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv

SRV - [2006/10/29 08:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)

SRV - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DDMI2.sys -- (SDDMI2)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ariel\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2010/10/13 21:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010/10/13 21:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2010/10/13 21:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)

DRV - [2010/10/13 21:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010/10/13 21:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010/10/13 21:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010/10/13 21:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)

DRV - [2010/10/13 21:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)

DRV - [2010/10/13 21:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/04/14 02:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008/01/18 22:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2007/07/16 19:52:12 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2007/07/16 19:52:12 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2007/07/16 19:52:12 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/07/16 12:14:05 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)

DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2007/02/07 23:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2006/11/18 06:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)

DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/10/19 14:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)

DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)

DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/09/29 13:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)

DRV - [2006/09/27 15:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)

DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.gophersports.com/ [binary data]

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{6D153E92-3D8C-44E5-A919-F2DF23788F06}: C:\Windows\system32\config\systemprofile\AppData\Local\{6D153E92-3D8C-44E5-A919-F2DF23788F06} [2010/07/14 10:03:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/30 17:51:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 01:10:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/04 20:25:53 | 000,000,000 | ---D | M]

[2008/07/27 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\mozilla\Extensions

[2008/07/27 17:54:52 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\mozilla\Firefox\Profiles\f2znd2jg.default\extensions

[2008/07/27 17:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2010/10/10 16:55:41 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/07/23 16:43:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101103021018.dll (McAfee, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)

O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001..\Run: [Push Client] C:\Users\Ariel\AppData\Local\ATT Connect\Participant\pull.exe (AT&T Inc.)

O4 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001..\Run: [XCiJPtLinj.exe] C:\Users\Ariel\AppData\Local\Temp\XCiJPtLinj.exe File not found

O4 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab (Image Uploader Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Ariel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Ariel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/01/28 14:00:27 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{51422ee9-afa0-11df-9996-0019d1e49151}\Shell - "" = AutoRun

O33 - MountPoints2\{51422ee9-afa0-11df-9996-0019d1e49151}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- [2010/01/21 18:13:40 | 003,330,848 | ---- | M] (Western Digital)

O33 - MountPoints2\{f3d318d1-33c5-11dc-99f9-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{f3d318d1-33c5-11dc-99f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.Exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found

O37 - HKU\S-1-5-21-4252317979-2463070201-2997780898-1001\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 11:21:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ariel\Desktop\OTL.exe

[2010/12/04 20:24:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[1 C:\Users\Ariel\Documents\*.tmp files -> C:\Users\Ariel\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/06 11:21:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ariel\Desktop\OTL.exe

[2010/12/06 11:12:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/06 11:12:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/06 07:10:13 | 000,001,157 | ---- | M] () -- C:\ProgramData\2211656737.dat

[2010/12/05 21:23:54 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/05 21:23:54 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/05 21:12:09 | 000,395,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/12/05 21:11:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/04 20:28:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2010/12/04 20:28:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm

[2010/12/04 20:25:53 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/12/04 18:46:12 | 140,484,995 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/16 15:26:59 | 000,045,056 | ---- | M] () -- C:\Users\Ariel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/15 18:50:59 | 000,029,184 | ---- | M] () -- C:\Users\Ariel\Documents\Samantha Jensen.doc

[2010/11/15 15:43:29 | 000,012,831 | ---- | M] () -- C:\Users\Ariel\Documents\comparison essay.docx

[2010/11/11 07:09:19 | 000,026,717 | ---- | M] () -- C:\Users\Ariel\Desktop\IBERG_DEER_CAMP[3][1].docx

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[1 C:\Users\Ariel\Documents\*.tmp files -> C:\Users\Ariel\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/04 20:25:23 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/12/04 17:39:49 | 000,001,157 | ---- | C] () -- C:\ProgramData\2211656737.dat

[2010/11/15 18:08:57 | 000,029,184 | ---- | C] () -- C:\Users\Ariel\Documents\Samantha Jensen.doc

[2010/11/14 22:02:08 | 000,012,831 | ---- | C] () -- C:\Users\Ariel\Documents\comparison essay.docx

[2010/11/11 07:09:18 | 000,026,717 | ---- | C] () -- C:\Users\Ariel\Desktop\IBERG_DEER_CAMP[3][1].docx

[2010/07/14 15:03:00 | 000,000,680 | ---- | C] () -- C:\Users\Ariel\AppData\Local\d3d9caps.dat

[2010/07/13 22:11:28 | 000,000,120 | ---- | C] () -- C:\Users\Ariel\AppData\Local\Omaqado.dat

[2010/07/13 22:11:28 | 000,000,000 | ---- | C] () -- C:\Users\Ariel\AppData\Local\Hguxahinaluli.bin

[2009/08/06 18:52:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2008/03/26 11:42:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/03/15 15:46:16 | 000,464,232 | ---- | C] () -- C:\Windows\System32\LCODC26D2.dll

[2008/03/15 15:46:16 | 000,193,896 | ---- | C] () -- C:\Windows\System32\LEncAACKrn.dll

[2008/03/15 15:46:15 | 003,474,792 | ---- | C] () -- C:\Windows\System32\LDecH2643.dll

[2008/03/15 15:46:15 | 001,881,448 | ---- | C] () -- C:\Windows\System32\LDECAAC.dll

[2008/03/15 15:46:15 | 001,271,144 | ---- | C] () -- C:\Windows\System32\LEncH2644.dll

[2008/03/15 15:46:15 | 000,353,640 | ---- | C] () -- C:\Windows\System32\LEncAAC.dll

[2008/03/15 15:46:14 | 001,189,224 | ---- | C] () -- C:\Windows\System32\LDecMpg42.dll

[2008/03/15 15:46:14 | 000,705,896 | ---- | C] () -- C:\Windows\System32\LENCMPG42.dll

[2008/03/15 15:46:14 | 000,308,584 | ---- | C] () -- C:\Windows\System32\LDecVorbis.dll

[2008/03/15 15:46:14 | 000,247,144 | ---- | C] () -- C:\Windows\System32\LMOggSpl.dll

[2008/03/15 15:46:13 | 001,941,504 | ---- | C] () -- C:\Windows\System32\ltmm15.dll

[2008/03/15 15:46:13 | 000,357,736 | ---- | C] () -- C:\Windows\System32\LCodcCMP2.dll

[2007/12/24 20:28:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT

[2007/12/24 20:21:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Font Book

[2007/12/24 20:21:52 | 000,000,268 | RH-- | C] () -- C:\Users\Ariel\AppData\Roaming\Flanger

[2007/12/24 20:21:52 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT

[2007/08/01 15:39:28 | 000,045,056 | ---- | C] () -- C:\Users\Ariel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/07/26 19:57:38 | 000,000,684 | ---- | C] () -- C:\Windows\hegames.ini

[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/06/23 08:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2007/12/30 21:15:00 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Canon

[2008/05/12 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\LimeWire

[2008/01/30 08:16:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\muvee Technologies

[2007/12/24 21:50:48 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Nikon

[2010/08/26 22:57:45 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Western Digital

[2007/12/29 15:21:02 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Canon

[2007/12/25 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Nikon

[2008/03/07 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\WildTangent

[2008/01/14 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\BitTorrent

[2007/12/26 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Canon

[2008/05/12 17:40:01 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\LimeWire

[2007/12/24 20:34:28 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Nikon

[2008/01/14 13:47:41 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Participatory Culture Foundation

[2010/08/26 18:29:44 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\Western Digital

[2008/03/02 15:01:32 | 000,000,000 | ---D | M] -- C:\Users\Ariel\AppData\Roaming\WildTangent

[2008/01/06 14:49:57 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Canon

[2010/09/12 06:27:15 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Western Digital

[2008/08/19 09:19:25 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangent

[2008/02/03 12:26:24 | 000,000,000 | ---D | M] -- C:\Users\Music\AppData\Roaming\Canon

[2008/05/27 19:36:16 | 000,000,000 | ---D | M] -- C:\Users\Music\AppData\Roaming\LimeWire

[2010/08/26 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Music\AppData\Roaming\Western Digital

[2008/03/27 16:52:58 | 000,000,000 | ---D | M] -- C:\Users\Music\AppData\Roaming\WildTangent

[2007/12/31 10:04:58 | 000,000,000 | ---D | M] -- C:\Users\Pictures\AppData\Roaming\Canon

[2008/01/19 09:10:09 | 000,000,000 | ---D | M] -- C:\Users\Pictures\AppData\Roaming\Nikon

[2010/10/15 10:08:15 | 000,000,000 | ---D | M] -- C:\Users\Pictures\AppData\Roaming\Western Digital

[2010/12/05 21:10:32 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extra Text Scan

OTL Extras logfile created on: 12/6/2010 11:22:18 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ariel\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 127.63 Gb Free Space | 57.29% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.64 Gb Free Space | 56.41% Space Free | Partition Type: NTFS

Drive G: | 1.78 Gb Total Space | 0.00 Gb Free Space | 0.26% Space Free | Partition Type: FAT32

Drive H: | 1862.36 Gb Total Space | 1838.06 Gb Free Space | 98.70% Space Free | Partition Type: NTFS

Drive I: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AVESTRUZ-PC | User Name: Ariel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4252317979-2463070201-2997780898-1001\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

.cmd [@ = cmdfile] -- Reg Error: Key error. File not found

.com [@ = ComFile] -- Reg Error: Key error. File not found

.pif [@ = piffile] -- Reg Error: Key error. File not found

.txt [@ = txtfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4252317979-2463070201-2997780898-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F2332E3-B7AF-433A-B948-F17652CBC750}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{1B53DE38-0DC5-4235-B81C-2A838B98ED6E}" = lport=5353 | protocol=17 | dir=in | name=bonjour |

"{20042CBE-D46F-4503-9916-A9723EE1C6DA}" = rport=137 | protocol=17 | dir=out | app=system |

"{299F68CF-FBA3-4AF2-9048-25442D0F9244}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{376EE910-3636-445F-8012-85E4DD2EA530}" = rport=138 | protocol=17 | dir=out | app=system |

"{50D833DA-3331-4CA3-A136-A13C9770C3B1}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{568AC2D6-F4F9-4673-825D-1A1E6A9A23AC}" = rport=139 | protocol=6 | dir=out | app=system |

"{63A8B03A-9DD0-4025-9231-50802AFB089D}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |

"{63FF8E21-AD49-49FB-A049-398FC1B177AB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{651D265E-B772-4E8B-8884-ED202312907E}" = lport=49240 | protocol=6 | dir=in | name=akamai netsession interface |

"{6D23203C-D29A-4265-97E8-68007EA08FE2}" = lport=139 | protocol=6 | dir=in | app=system |

"{94A8B7A5-4AF8-441D-A5F9-DF13CEA07979}" = lport=5353 | protocol=17 | dir=in | name=bonjour |

"{9AB65823-A0F6-49E6-A732-7705ACBF6574}" = lport=137 | protocol=17 | dir=in | app=system |

"{9F29345F-C8D6-4BB3-9A42-2258848421A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A2405C01-2902-40E0-B775-11FDCFBF9574}" = rport=445 | protocol=6 | dir=out | app=system |

"{AC7539C2-B30E-437A-A8E5-27129E98C4D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B2D263F0-2012-4C8A-8FE0-4158AA7D22D0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{B889F31F-D954-4807-BCE7-7C48724974FD}" = lport=445 | protocol=6 | dir=in | app=system |

"{C0B26B81-A763-461D-B476-AE7A423ADE40}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{CB79D2BD-1C85-400B-978F-3C931E7A3F11}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E5EA089F-4E9F-40CE-9823-E1B56A828C1E}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv media server upnp discovery |

"{E8F4FC00-6E60-47C0-A29D-D4ACD082EDB2}" = lport=138 | protocol=17 | dir=in | app=system |

"{EB9EAED1-F903-4B99-BAAA-7D0655D27FAE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F272A2C1-EB8E-40C8-8CC2-6D698F92859D}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv media server discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04AACE7F-7A0A-4825-94FC-66659DAA2371}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |

"{0D769B09-5EFB-4DDD-86D8-0243639DC4D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{0E323F31-5C9A-42FC-9732-9D5375EE22BF}" = dir=in | app=c:\program files\msn messenger\livecall.exe |

"{1C621B00-0F1B-477B-91BC-A35FE6DC4EA0}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |

"{224B9235-5F19-42B3-A34C-C4F97D3D80B8}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{274DF5C3-60C6-41B8-AF4A-CCA9DA9C6196}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |

"{2DCF83E3-7F96-4B8A-B41B-4697CB4D51E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{2EF69120-1B68-4271-80D7-A811EC244000}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |

"{39D7052F-693F-4191-B0DD-EAB80B87AD2C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3A703174-BCFF-4C77-AE55-90653E17BBC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{3BF99F0B-F3C7-4271-B171-EF62E4C97AD9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{41DD59BD-EF36-4DB7-AB84-A17477CBFEB4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{4462662A-3898-4503-BCE8-A882C23B1CEB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |

"{49A19D1A-23CF-4F7C-BFF3-8B30F6E6F51B}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |

"{61AA0F7A-FA55-419A-ADF3-40DCDEBFCB2F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{66EB6A7B-1EA9-422D-8CEC-C9F0BFE7491B}" = dir=in | app=c:\program files\msn messenger\livecall.exe |

"{74623314-937E-484F-8FFF-48CF0D47AA32}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{A3EB7DAE-03D1-4438-BD3D-8A3CDA9B811D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A93BA800-8370-4B91-AE8A-A041107B0A1A}" = protocol=6 | dir=in | app=f:\my music\itunes\itunes music\itunes.exe |

"{B6E916AD-041F-4CA4-993A-ADD6F646D71C}" = protocol=17 | dir=in | app=g:\limewire\limewire.exe |

"{B94FE23E-44C3-4D07-8695-EA4A0BA8330C}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |

"{BAE78623-22FF-4200-BE51-CA253D9CA769}" = protocol=6 | dir=in | app=g:\limewire\limewire.exe |

"{BF8C07A9-71EA-4A98-B57B-B8DBE9084A93}" = protocol=17 | dir=in | app=c:\program files\airport\apagent.exe |

"{C0573564-8C4A-400E-A8B5-D3CFBE51DDD2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{C1E31C66-0121-4DAB-AE17-7957972F7794}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{C2CE3EA4-86A8-4F28-8891-E8A62469E411}" = protocol=17 | dir=in | app=f:\my music\itunes\itunes music\itunes.exe |

"{D3C08FC8-9BFF-470A-9DEE-0C53E554024E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D859B9D7-8ED4-429C-8078-3C8B6790E79F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{EBF35512-0874-4EC4-9AAD-B49C5EEDC316}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{F2BDF330-7CFC-4997-BB6B-B51010D91C48}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |

"{F2D2ADFD-4B41-44AF-B173-A8CA7D01EA0B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{F92DA353-2995-4918-9DD0-9746913062CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{FD17C447-6064-4024-A7FA-35B4638D1A9C}" = protocol=6 | dir=in | app=c:\program files\airport\apagent.exe |

"TCP Query User{0C54AC20-58DF-455F-9CE0-F40095059D56}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe |

"TCP Query User{3ACBEAB2-921A-4D83-A83B-12E4239324D6}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{60C1E0EE-3BC5-4B14-8528-30800B81A424}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{80825C98-5023-413E-A5A5-3A4CA4927C3B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{EE445CC3-5B5A-47DA-B23B-8E4A73BCAD08}C:\program files\activision value\fun labs\bgh2004season\bin\engine.exe" = protocol=6 | dir=in | app=c:\program files\activision value\fun labs\bgh2004season\bin\engine.exe |

"UDP Query User{184E2BD9-7BCC-4C02-978E-6E50FA3D7128}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{1FB63498-CF2D-4CAB-9A53-938CD98ECAFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{3868D0B1-E013-4E74-9FFB-D230EB892D46}C:\program files\activision value\fun labs\bgh2004season\bin\engine.exe" = protocol=17 | dir=in | app=c:\program files\activision value\fun labs\bgh2004season\bin\engine.exe |

"UDP Query User{3C3C4118-F0DF-48D4-BA6B-414CA9CFFAC0}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"UDP Query User{C838B7DA-9866-4B12-939B-78A96998526C}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{01949445-CB7F-436B-8ECC-771BE6184BBC}" = AT&T Connect Participant Application v8.8.53

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard

"{1A481F49-F10D-48AD-953C-F4A60334732C}" = M

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.