Jump to content

Recommended Posts

I was infected by the Windows Vista Security virus. I used malwarebytes to scan and delete all infected objects. Upon reboot all my icons on the desktop and start bar are missing. All photos and videos are missing to and I have some of my girlfriend that I need back. I also have the google redirect virus after I thought I had got rid of it the first time. I have windows vista running. Any help would be greatly appreciated

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Link to post
Share on other sites

OTL logfile created on: 5/25/2011 7:03:18 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Brandon\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 62.09% Memory free

6.08 Gb Paging File | 5.00 Gb Available in Paging File | 82.33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287.21 Gb Total Space | 197.55 Gb Free Space | 68.78% Space Free | Partition Type: NTFS

Drive D: | 10.88 Gb Total Space | 1.24 Gb Free Space | 11.42% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brandon\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)

PRC - C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)

PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)

PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\SMINST\BLService.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Brandon\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)

SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)

SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()

========== Driver Services (SafeList) ==========

DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV - (hitmanpro35) -- C:\Windows\System32\drivers\hitmanpro35.sys ()

DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()

DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)

DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)

DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)

DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)

DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 63 5E E8 0C 7A CF 16 45 82 13 C0 22 44 B7 87 2C [binary data]

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/04/01 23:05:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 12:35:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 12:35:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/05/04 21:55:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins

[2010/12/22 21:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions

[2011/05/25 19:00:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\604mzrbk.default\extensions

[2011/01/04 22:09:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\604mzrbk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/08 00:35:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\604mzrbk.default\extensions\{6136fd78-fa00-4166-9f3f-ead678534731}

[2011/03/12 04:15:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\604mzrbk.default\extensions\personas@christopher.beard

[2011/05/06 18:21:19 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\604mzrbk.default\extensions\testpilot@labs.mozilla.com

[2011/05/20 18:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/22 21:41:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010/12/22 21:41:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/24 23:16:33 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)

O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found

O4 - HKLM..\RunOnceEx: [Title] File not found

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img32.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img32.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 21:41:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/05/19 23:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2011/05/19 22:41:07 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\{41BDC9C0-28BD-41C4-A094-31F0CDCE83E8}

[2011/05/19 01:01:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/05/19 01:01:44 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011/05/19 01:01:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011/05/19 01:01:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/05/19 01:01:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011/05/19 01:01:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011/05/19 01:01:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/05/19 01:01:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011/05/19 01:01:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011/05/19 01:01:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/05/19 01:01:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/05/19 01:01:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/05/19 01:01:43 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011/05/19 01:01:43 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/05/19 01:01:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/05/19 01:01:43 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011/05/19 01:01:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011/05/19 01:01:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/05/19 01:01:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/05/19 01:01:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/05/19 01:01:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/05/19 01:01:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/05/19 01:01:42 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/05/19 01:01:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/05/19 01:01:42 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/05/19 01:01:42 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/05/19 01:01:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/05/19 01:01:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011/05/19 01:01:42 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011/05/19 01:01:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011/05/19 01:01:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/05/19 01:01:42 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/05/19 01:01:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011/05/19 01:01:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011/05/19 01:01:42 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011/05/19 01:01:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011/05/19 01:01:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011/05/19 01:01:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/05/19 01:01:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/05/14 04:29:55 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/05/11 23:46:43 | 000,000,000 | ---D | C] -- C:\Windows\en

[2011/05/11 23:40:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2011/05/11 23:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2011/05/11 23:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2011/05/11 23:32:35 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll

[2011/05/11 23:32:35 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll

[2011/05/11 23:32:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll

[2011/05/11 23:32:31 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll

[2011/05/11 23:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/05/11 23:26:31 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2011/05/11 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire

[2011/05/04 21:43:17 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\Return of the Incredible Machine - Contraptions

[2011/05/04 21:42:23 | 000,655,430 | ---- | C] (Dynamix, Inc.) -- C:\Users\Brandon\Desktop\Contraptions.exe

[2011/05/04 20:10:37 | 000,000,000 | ---D | C] -- C:\Users\Brandon\FrostWire

[2011/05/04 20:00:01 | 000,000,000 | ---D | C] -- C:\cdc9e8d7cc0cdc449be67219cd8a

[2011/04/26 22:47:32 | 000,136,680 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys

[2011/04/26 22:47:32 | 000,121,192 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys

[2011/04/26 22:47:32 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys

[2011/04/26 22:47:32 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys

[2011/04/26 22:47:32 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys

[2011/04/26 22:47:32 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys

[2011/04/26 22:47:32 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys

[2011/04/26 22:41:58 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys

[2011/04/26 22:41:58 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys

[2011/04/26 22:41:58 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys

[2011/04/26 22:41:58 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys

[2011/04/26 22:41:58 | 000,000,000 | ---D | C] -- C:\Users\Brandon\{6334c59b-9817-4203-826d-acec5e5444f6}

[2011/04/26 22:41:57 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys

[2011/04/26 22:41:57 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys

[2011/04/26 22:41:57 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys

[2011/04/26 18:15:10 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2011/04/26 18:15:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2011/04/26 18:14:37 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/05/25 19:02:09 | 000,000,822 | ---- | M] () -- C:\Users\Brandon\Desktop\OTL - Shortcut.lnk

[2011/05/25 19:01:11 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/25 19:01:11 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/25 18:50:33 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371925116-372754621-2023285688-1000UA.job

[2011/05/25 18:50:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/24 22:52:19 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371925116-372754621-2023285688-1000Core.job

[2011/05/22 21:42:33 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/22 21:42:33 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/22 21:36:01 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/22 21:27:24 | 000,024,064 | ---- | M] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/22 16:08:41 | 000,606,104 | ---- | M] () -- C:\Windows\unhide(2).exe

[2011/05/21 12:56:20 | 000,010,122 | ---- | M] () -- C:\Users\Brandon\Documents\MY_AUDIO_052111_1.p2g

[2011/05/19 22:41:08 | 000,000,120 | ---- | M] () -- C:\Users\Brandon\AppData\Local\Qnuko.dat

[2011/05/19 22:41:08 | 000,000,000 | ---- | M] () -- C:\Users\Brandon\AppData\Local\Qxumuvayadepiri.bin

[2011/05/19 22:41:00 | 000,009,224 | -HS- | M] () -- C:\Users\Brandon\AppData\Local\7hn5e2f7f5qufoh8wiu4258

[2011/05/19 22:41:00 | 000,009,224 | -HS- | M] () -- C:\ProgramData\7hn5e2f7f5qufoh8wiu4258

[2011/05/19 18:09:03 | 000,008,778 | -HS- | M] () -- C:\Users\Brandon\AppData\Local\i4m7488cx068t8smn2yvovc217y31a8h10x

[2011/05/19 18:09:03 | 000,008,778 | -HS- | M] () -- C:\ProgramData\i4m7488cx068t8smn2yvovc217y31a8h10x

[2011/05/19 01:01:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011/05/19 01:01:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011/05/19 01:01:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/05/19 01:01:44 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011/05/19 01:01:44 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011/05/19 01:01:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/05/19 01:01:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011/05/19 01:01:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011/05/19 01:01:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/05/19 01:01:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011/05/19 01:01:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011/05/19 01:01:43 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/05/19 01:01:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/05/19 01:01:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/05/19 01:01:43 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011/05/19 01:01:43 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/05/19 01:01:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/05/19 01:01:43 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011/05/19 01:01:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011/05/19 01:01:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/05/19 01:01:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/05/19 01:01:43 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011/05/19 01:01:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/05/19 01:01:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/05/19 01:01:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/05/19 01:01:42 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/05/19 01:01:42 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/05/19 01:01:42 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/05/19 01:01:42 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/05/19 01:01:42 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/05/19 01:01:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011/05/19 01:01:42 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011/05/19 01:01:42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011/05/19 01:01:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/05/19 01:01:42 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/05/19 01:01:42 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011/05/19 01:01:42 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011/05/19 01:01:42 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011/05/19 01:01:41 | 002,089,210 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2011/05/19 01:01:41 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011/05/19 01:01:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011/05/19 01:01:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/05/19 01:01:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/05/14 13:20:09 | 000,010,044 | -HS- | M] () -- C:\Users\Brandon\AppData\Local\435csv8p05683vcfc24634

[2011/05/14 13:20:09 | 000,010,044 | -HS- | M] () -- C:\ProgramData\435csv8p05683vcfc24634

[2011/05/12 00:28:24 | 000,310,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/05/11 23:29:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/05/11 23:23:44 | 000,001,016 | ---- | M] () -- C:\Users\Brandon\Desktop\FrostWire 4.21.6.lnk

[2011/05/09 22:13:30 | 000,010,334 | -HS- | M] () -- C:\Users\Brandon\AppData\Local\6tr461au6me6ikn4k875r

[2011/05/09 22:13:30 | 000,010,334 | -HS- | M] () -- C:\ProgramData\6tr461au6me6ikn4k875r

[2011/04/29 21:55:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrandon.job

========== Files Created - No Company Name ==========

[2011/05/25 19:02:09 | 000,000,822 | ---- | C] () -- C:\Users\Brandon\Desktop\OTL - Shortcut.lnk

[2011/05/22 16:08:36 | 000,606,104 | ---- | C] () -- C:\Windows\unhide(2).exe

[2011/05/21 12:56:20 | 000,010,122 | ---- | C] () -- C:\Users\Brandon\Documents\MY_AUDIO_052111_1.p2g

[2011/05/19 22:41:08 | 000,000,120 | ---- | C] () -- C:\Users\Brandon\AppData\Local\Qnuko.dat

[2011/05/19 22:41:08 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\AppData\Local\Qxumuvayadepiri.bin

[2011/05/19 22:38:59 | 000,009,224 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\7hn5e2f7f5qufoh8wiu4258

[2011/05/19 22:38:59 | 000,009,224 | -HS- | C] () -- C:\ProgramData\7hn5e2f7f5qufoh8wiu4258

[2011/05/19 18:07:00 | 000,008,778 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\i4m7488cx068t8smn2yvovc217y31a8h10x

[2011/05/19 18:07:00 | 000,008,778 | -HS- | C] () -- C:\ProgramData\i4m7488cx068t8smn2yvovc217y31a8h10x

[2011/05/19 01:01:43 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011/05/14 04:30:11 | 000,010,044 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\435csv8p05683vcfc24634

[2011/05/14 04:30:11 | 000,010,044 | -HS- | C] () -- C:\ProgramData\435csv8p05683vcfc24634

[2011/05/11 23:39:41 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2011/05/11 23:39:00 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2011/05/11 23:37:39 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2011/05/11 23:36:34 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2011/05/11 23:29:51 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/05/11 23:28:30 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/05/11 23:23:44 | 000,001,016 | ---- | C] () -- C:\Users\Brandon\Desktop\FrostWire 4.21.6.lnk

[2011/05/11 23:10:49 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys

[2011/05/09 22:11:25 | 000,010,334 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\6tr461au6me6ikn4k875r

[2011/05/09 22:11:25 | 000,010,334 | -HS- | C] () -- C:\ProgramData\6tr461au6me6ikn4k875r

[2011/04/01 22:51:44 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0450.old

[2011/04/01 22:51:44 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll

[2011/04/01 21:38:55 | 000,008,508 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\hrh6f0ph5i4n3g3kkje61u24o3g4k3qba7i817e81

[2011/04/01 21:38:55 | 000,008,508 | -HS- | C] () -- C:\ProgramData\hrh6f0ph5i4n3g3kkje61u24o3g4k3qba7i817e81

[2011/03/24 23:00:36 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2011/03/08 00:36:09 | 000,001,185 | ---- | C] () -- C:\ProgramData\886885381

[2011/03/08 00:35:53 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe

[2011/03/08 00:35:53 | 000,000,144 | -HS- | C] () -- C:\ProgramData\351725353

[2011/01/21 22:47:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2011/01/21 22:47:51 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2011/01/17 10:47:33 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/01/17 10:47:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/01/12 16:50:21 | 000,024,064 | ---- | C] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/04 17:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2010/12/28 04:19:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/12/28 04:19:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/12/22 22:02:42 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2008/10/23 04:56:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll

[2008/07/06 15:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin

[2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:47:37 | 000,310,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/03/03 01:29:11 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Amazon

[2011/05/20 19:47:46 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\FrostWire

[2011/01/21 22:46:14 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Samsung

[2011/05/22 21:34:40 | 000,025,862 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

OTL Extras logfile created on: 5/25/2011 7:03:18 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Brandon\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 62.09% Memory free

6.08 Gb Paging File | 5.00 Gb Available in Paging File | 82.33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287.21 Gb Total Space | 197.55 Gb Free Space | 68.78% Space Free | Partition Type: NTFS

Drive D: | 10.88 Gb Total Space | 1.24 Gb Free Space | 11.42% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{171B2290-D400-42FE-A92C-8656B967F075}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{1B1C4D7E-F907-465D-822C-84614345A061}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{24EFBF2A-5916-410B-93EA-72EB26BEC8ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2617CCA4-1937-454A-846B-AE6B7D656A00}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{30192209-DB1E-449D-89EA-A0C09FE29304}" = lport=3390 | protocol=6 | dir=in | app=system |

"{4997F550-DE87-47F3-ADE8-8A278041CE4A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{59D689D3-AC1F-4F9A-8F5C-90C7505DA5C7}" = rport=10244 | protocol=6 | dir=out | app=system |

"{61F7A916-2950-4AAF-A495-DE6345C7104A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6B472DBD-48AC-4423-B005-ED931AC2E00D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{84BFD825-3520-4CE5-B9B5-9A42CBD2CDF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8D98049F-6678-4037-8891-8C93A9D4EF49}" = lport=10243 | protocol=6 | dir=in | app=system |

"{9132BB24-D4FF-489E-BF74-948EFE20425E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9BCFD0AE-2B6C-4399-BA42-EDED5E55410C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{9E7B1153-1D19-4A89-BF5D-ECBBE2C01746}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A4FB84F2-9082-4B16-8890-75AF28307950}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A73CD58F-1F36-4372-952D-9D7BAE581D7F}" = lport=3390 | protocol=6 | dir=in | app=system |

"{AB154E5A-B903-40FA-A795-BA66588CBBAE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B2A7381F-90E6-48C3-9E9D-3605DE680A30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B4E946C4-CD14-4500-B901-4C24CFF72FBF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C17EFFE0-F3CA-4903-A132-8BA29628A935}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C271D991-DBCD-4AE3-B6AE-D003A68C1B52}" = lport=10244 | protocol=6 | dir=in | app=system |

"{C863450D-3BC9-4F7A-A705-231D1E7A9932}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{CB7A61C9-81FD-4345-9D07-3801F27B6E0B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CD8E51CB-1DF4-4A2E-9EF9-50879475B998}" = rport=10244 | protocol=6 | dir=out | app=system |

"{D9883FB9-331A-4A2E-A542-A46E8C31FDAC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{D9CF73B8-C3F7-43B9-BC73-A20440DCD81F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DA6C80DA-45D8-4965-99DF-82A82141745E}" = lport=10244 | protocol=6 | dir=in | app=system |

"{DD953E9F-7D38-4BD2-9DD7-06572AE98853}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{DE3AEB10-7E96-440B-AC2F-D1A9AF6574DE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E9CD211C-5CF4-422F-8A68-E2D7B1970AA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EA45FD8C-F1E3-4213-9848-876D86BCF067}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F6D6CB43-C1F0-4619-BE3F-2D7A87F86AA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F91D3E68-F969-40C5-AFF9-AE5DA041CF3E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02835BAA-A11F-4952-A442-583115D4F435}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2020250D-736A-435B-BA3A-7F0C672256D1}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |

"{27A9D456-AFCC-40E1-AB67-71EF8FED383E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2C069944-9006-4A77-8B50-90032DE18A31}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{3053D97C-241E-4AC5-9170-CB3FF8399023}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{312FE30A-DBD9-4FBF-AD9D-1C778284A0AD}" = protocol=17 | dir=in | app=c:\program files\blubster\blubster.exe |

"{31A3C8DA-8CE7-41ED-8F1E-778B79779087}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3C5EAA31-D761-4959-8998-AC821D9AD95B}" = dir=in | app=c:\windows\system32\puiobj32.exe |

"{449B8A18-F142-4AFD-851C-614420A840BB}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{52A2036A-4442-4AC3-8DDD-8849C07B0E17}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |

"{5321ABD4-FB17-49D7-AA37-07C9B8C8E0FC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{5A9D5DE4-D27F-4651-A058-6F3E0FCEF0E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5FB5D6DF-62B4-4858-8360-310AD1F6008C}" = dir=in | app=c:\windows\odbcintwow.exe |

"{60CE2B8D-133F-466B-92F1-70F002ED0F63}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{6416CE50-C7D2-4638-912B-68110EF63056}" = dir=in | app=c:\windows\odbcintwow.exe |

"{6488101D-70EA-4629-8042-C5282E5D84F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{6FAD3ECE-9629-40ED-A91D-2128F2CAADF4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{74E745DF-6940-42C3-B195-33E5AC228EB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7F441CD6-D232-428C-ACD4-96DF2C05FC00}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{83766235-776A-44E7-A9D3-8B63EA8C4A18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{86867572-2EFB-41DF-A5D4-92AE5EDD2FE6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{95DFA327-FEE4-473F-BFFB-057031A1D7C4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9906D9C1-DAF4-4F52-B364-D12D065608EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9E8E9FFD-5EA5-4DD6-8AB8-5DEA1DB76997}" = dir=in | app=c:\windows\odbcintwow.exe |

"{A1D2BF4A-C92F-46D1-9B56-3831558E5074}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A2E9826B-7820-4B26-9F7A-08E72C7EC338}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{B1B5B7AB-D72C-442E-959D-2FA287B9EC18}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{B593518B-C89E-4915-B5A1-20B2A52E2152}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B7C27DCD-20C8-4851-A9C1-36036183290D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{BA51E2CC-C7C5-4D4C-B733-51907202976E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{BCDC8360-158A-4C3F-AF38-50C478A5D463}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{BDD8A32F-17B9-4528-9260-ECBACAF56718}" = dir=in | app=c:\windows\odbcintwow.exe |

"{C1B15616-78A8-46F8-A84D-555DCC87B54C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{C221E032-9C78-4893-8B9C-A4AAAB9B0FFB}" = dir=in | app=c:\windows\system32\puiobj32.exe |

"{C8507CC0-3365-4DFA-9A25-B684B2851B00}" = dir=in | app=c:\windows\odbcintwow.exe |

"{CE33E7EA-D71B-43D3-93F0-F0BB99197EAC}" = protocol=6 | dir=in | app=c:\program files\blubster\blubster.exe |

"{D0D09723-AFA9-4171-A520-1645DA59AB65}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{D32B8651-3150-4DD9-8D50-3FC28D3BE942}" = dir=in | app=c:\windows\odbcintwow.exe |

"{DD052AFC-A41D-4E25-A46B-613C97E369CA}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{DF25773B-D3FF-4AB2-8BC1-AC42CCD7534D}" = dir=in | app=c:\windows\system32\puiobj32.exe |

"{E883764E-E436-4FBC-974C-D680A11CA4AC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{ECA5CB42-71B6-4E56-880D-6DED87C8FE91}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{F45A7CFC-9914-4192-9E98-63E7EFD754A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FE0C6A36-0881-49A8-BF67-7EEFF45C2C8C}" = protocol=6 | dir=out | app=system |

"{FFEA8B35-973F-477A-A6C2-55AA4BC31CD0}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"TCP Query User{1C50507F-4F10-4AA7-9B6A-31A079320FB5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{58D53DC6-4D72-4F98-91FE-0294EE5E8417}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"UDP Query User{B9B0C742-07E9-429F-A742-4434EE926C89}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"UDP Query User{F5F45B7B-C702-459B-8E6B-03AD07683C8A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition

"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10

"Browser Defender_is1" = Browser Defender 3.0

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall

"FrostWire" = FrostWire 4.21.6

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)

"Spyware Doctor" = Spyware Doctor 8.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WildTangent hp Master Uninstall" = My HP Games

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.00 (32-bit)

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/12/2011 12:32:32 AM | Computer Name = Brandon-PC | Source = System Restore | ID = 8193

Description =

Error - 5/12/2011 12:32:35 AM | Computer Name = Brandon-PC | Source = System Restore | ID = 8193

Description =

Error - 5/12/2011 1:28:46 AM | Computer Name = Brandon-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/14/2011 2:20:50 PM | Computer Name = Brandon-PC | Source = Application Hang | ID = 1002

Description = The program sdi.exe version 6.0.6001.22840 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 5d0 Start Time: 01cc121985cb0920 Termination Time: 18

Error - 5/14/2011 2:48:12 PM | Computer Name = Brandon-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/15/2011 11:13:50 PM | Computer Name = Brandon-PC | Source = Windows Backup | ID = 4104

Description =

Error - 5/19/2011 2:36:25 AM | Computer Name = Brandon-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/19/2011 6:19:34 PM | Computer Name = Brandon-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 7ac Start Time: 01cc16729ccc5d13 Termination Time: 5

Error - 5/19/2011 7:19:22 PM | Computer Name = Brandon-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/19/2011 8:59:52 PM | Computer Name = Brandon-PC | Source = WinMgmt | ID = 10

Description =

[ Media Center Events ]

Error - 12/22/2010 11:29:32 PM | Computer Name = Brandon-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.

Error - 1/22/2011 2:11:07 AM | Computer Name = Brandon-PC | Source = McrMgr | ID = 100

Description =

Error - 3/18/2011 7:40:07 PM | Computer Name = Brandon-PC | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 5/2/2011 10:34:23 PM | Computer Name = Brandon-PC | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

[ System Events ]

Error - 1/28/2011 8:01:57 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 1/30/2011 7:58:57 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 1/30/2011 7:59:27 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 2/3/2011 12:42:05 AM | Computer Name = Brandon-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 8:39:04 PM on 1/31/2011 was unexpected.

Error - 2/3/2011 12:43:42 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/10/2011 11:08:43 PM | Computer Name = Brandon-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 8:26:09 PM on 2/7/2011 was unexpected.

Error - 2/10/2011 11:10:19 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/26/2011 6:10:54 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 2/27/2011 4:48:34 PM | Computer Name = Brandon-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 2:46:54 PM on 2/27/2011 was unexpected.

Error - 2/27/2011 4:50:06 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000

Description =

< End of report >

Link to post
Share on other sites

Good job thumbup.gif

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.