Infected w Trojan.Agent and Backdoor.Bot

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Infected w Trojan.Agent and Backdoor.Bot Can't remove it

#1 onesweetypie

Member

Group: Members
Posts: 42
Joined: 02-August 06
Gender:Female
Location:TN

Posted 16 January 2010 - 10:08 PM

Hi there,

Yesterday I got infected around 11PM on 01/15/2010 when I visited a website and clicked on a link. I got 2 popups from McAfee shortly after stating it was a Trojan but I cannot find it in the logs. Since then I have been trying to remove the viruses off and on and have failed.

I have run the following:
Adaware
Spybot Search & Destroy
Malwarebytes Anti-Malware
Super AntiSpyware

I have removed anything found but it keeps coming back and Malwarebytes Anti-Malware is detecting it. MaAfee is picking up nothing.

Any help would be greatly appreciated, Thank you.

DDS.txt report

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jasmine at 20:36:54.04 on Sat 01/16/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2012.591 [GMT -6:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehsched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\BXRHIO07Z.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jasmine\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim6]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [userinit] c:\users\jasmine\appdata\roaming\sdra64.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\jasmine\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\jasmine\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jasmine\appdata\roaming\mozilla\firefox\profiles\i18cqcmu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\users\jasmine\appdata\roaming\mozilla\firefox\profiles\i18cqcmu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-21 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-14 214664]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-4-14 27648]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-14 112128]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-14 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-14 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-14 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-14 34248]

=============== Created Last 30 ================

2010-01-16 21:03:35 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-01-16 21:03:34 0 d-----w- c:\program files\SpywareBlaster
2010-01-16 21:02:03 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-16 21:00:54 0 d-----w- c:\users\jasmine\appdata\roaming\SUPERAntiSpyware.com
2010-01-16 21:00:54 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-16 20:59:28 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-16 05:14:44 0 d-sh--w- c:\users\jasmine\appdata\roaming\lowsec
2010-01-13 21:49:32 0 d-----w- c:\users\jasmine\appdata\roaming\Malwarebytes
2010-01-13 21:48:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:48:55 0 d-----w- c:\programdata\Malwarebytes
2010-01-13 21:48:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 21:48:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 12:53:15 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 12:53:15 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-05 11:27:08 0 d-----w- c:\program files\Xilisoft
2009-12-31 19:58:40 0 d-----w- c:\program files\Windows Portable Devices
2009-12-31 19:57:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-31 19:57:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-31 19:55:22 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-31 19:55:21 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-31 19:55:21 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-31 19:53:42 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-31 19:51:43 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-31 19:51:43 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-31 19:51:43 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-30 07:29:24 0 d-----w- c:\windows\system32\eu-ES
2009-12-30 07:29:24 0 d-----w- c:\windows\system32\ca-ES
2009-12-30 07:29:21 0 d-----w- c:\windows\system32\vi-VN
2009-12-28 06:41:34 0 d-----r- c:\users\jasmine\appdata\roaming\Brother
2009-12-28 05:52:20 27 ----a-w- c:\windows\BRPP2KA.INI
2009-12-28 05:52:20 0 d-----w- c:\programdata\Brother
2009-12-28 05:52:19 461 ----a-w- c:\windows\BRWMARK.INI

==================== Find3M ====================

2009-12-31 19:57:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-31 19:57:47 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-31 19:57:46 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-31 19:57:45 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-30 07:22:14 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-12-01 11:18:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-15 02:57:37 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:38:51.17 ===============

Attached File(s)

Attach.txt (5.3K)
Number of downloads: 5
ark.txt (48.2K)
Number of downloads: 3

#2 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 23 January 2010 - 09:55 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
[We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
In the custom scan box paste the following:
CODE
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#3 onesweetypie

Member

Group: Members
Posts: 42
Joined: 02-August 06
Gender:Female
Location:TN

Posted 25 January 2010 - 12:39 AM

Hi Myrti,

On 01-16-10 I ran SuperAnti Spyware and removed the following:
Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

But they kept coming back.

I kept running SuperAnti Spyware and it eventually located a file which I deleted the file manually from here:
[ C:\Users\Jasmine\AppData\Roaming\sdra64.exe ]

I also ran Malwarebytes' Anti-Malware in Safe mode and deleted this:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

I was reading this thread (http://www.bleepingcomputer.com/forums/topic222145.html) and I have a few questions.
Is the virus I caught the same? And am I ever able to do financial things on my computer again? This desktop is my main computer which I use daily.

Here are the logs you requested:

OTL logfile created on: 1/23/2010 11:27:02 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Jasmine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 266.95 Gb Free Space | 59.23% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.27 Gb Free Space | 61.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 202.57 Gb Free Space | 67.96% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASMINE-PC
Current User Name: Jasmine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/23 23:26:41 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmine\Desktop\OTL.exe
PRC - [2010/01/22 19:14:09 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe
PRC - [2010/01/05 07:56:02 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/12/21 10:28:31 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/21 15:42:16 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/21 15:42:15 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/07 09:23:00 | 01,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/18 23:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/04/11 00:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 00:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/18 17:50:30 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/03/09 04:19:24 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/03/09 04:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/19 04:19:26 | 00,026,112 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2009/01/19 04:19:24 | 03,810,304 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2009/01/19 04:17:10 | 02,809,856 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2009/01/09 19:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 18:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/09 13:40:58 | 00,304,128 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\scalc.exe
PRC - [2009/01/05 15:19:10 | 00,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 15:19:10 | 00,480,496 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Remote Access\ezi_ra.exe
PRC - [2009/01/05 15:19:08 | 00,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/06 11:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/10/29 14:35:34 | 00,199,616 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2008/10/04 11:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 11:58:02 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/23 20:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/20 09:54:08 | 00,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/07/18 06:42:10 | 06,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/18 06:42:08 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/17 06:37:08 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/07/17 06:36:56 | 00,145,944 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/07/17 06:36:48 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/05/23 12:06:08 | 00,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/03/18 18:31:20 | 04,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2008/01/20 20:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 20:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 20:23:33 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/01/20 20:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/09/21 11:26:34 | 00,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2007/09/14 11:35:04 | 05,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
PRC - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/07 15:21:38 | 00,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe

========== Modules (SafeList) ==========

MOD - [2010/01/23 23:26:41 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmine\Desktop\OTL.exe
MOD - [2009/04/11 00:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/24 19:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/21 15:42:15 | 01,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/17 22:58:59 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/17 14:52:42 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/19 04:19:26 | 00,026,112 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/01/05 15:19:10 | 00,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 15:19:08 | 00,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/04 11:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/23 20:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/18 06:42:08 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/03/24 05:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/20 20:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/21 11:26:34 | 00,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 11:35:04 | 05,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2007/05/31 08:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)

========== Driver Services (SafeList) ==========

DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/01 05:18:38 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/16 11:32:26 | 00,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/21 16:18:12 | 00,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/17 22:17:35 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/04/10 22:46:08 | 00,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2009/04/10 22:42:52 | 00,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/02/17 11:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/01/23 04:59:06 | 00,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2009/01/19 04:18:34 | 01,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/01/19 04:16:44 | 00,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/08/01 07:27:35 | 00,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/07/21 05:18:20 | 00,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/07/18 06:42:12 | 02,153,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/17 06:37:28 | 00,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/07/17 06:36:52 | 02,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/07/15 06:10:00 | 00,312,344 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/07/10 05:28:50 | 00,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/17 09:01:06 | 00,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 20:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 00,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 20:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/14 01:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/09/03 00:53:54 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2005/08/13 07:57:48 | 00,205,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {b92d6e49-3672-4c79-80b1-b0b4465e2025}:1.1.51
FF - prefs.js..extensions.enabledItems: dictionary@mozila.firefox.com:1.6.1
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.6.9
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {50DF3CE6-DC2A-4069-9AC3-7CF593B584E3}:1.9.1
FF - prefs.js..extensions.enabledItems: {fd2f951f-77ea-4938-9493-0c892c027a13}:0.9.7
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 00:28:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/21 10:28:38 | 00,000,000 | ---D | M]

[2009/04/17 15:01:18 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Extensions
[2010/01/23 00:57:34 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions
[2009/05/23 15:35:07 | 00,000,000 | ---D | M] (Word Count) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{205026F2-3243-49e1-8A44-A826B28C34F0}
[2009/11/06 03:39:27 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/16 09:21:28 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{b92d6e49-3672-4c79-80b1-b0b4465e2025}
[2009/07/01 00:19:04 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/10/13 23:59:04 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/12/31 13:49:18 | 00,000,000 | ---D | M] (Firefox 2, the theme, reloaded) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
[2010/01/15 12:50:52 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\dictionary@mozila.firefox.com
[2009/12/01 05:59:07 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\rankchecker@seobook.com
[2009/12/01 05:59:09 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\seo4firefox@seobook.com
[2009/12/31 13:49:34 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}\chrome\mozapps\extensions
[2010/01/13 18:58:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/23 16:09:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/03/09 17:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2006/09/18 15:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jasmine\Pictures\Backgrounds\Japanese_Cherry_Blossom_wallpapers_GA038.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jasmine\Pictures\Backgrounds\Japanese_Cherry_Blossom_wallpapers_GA038.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/23 23:04:11 | 00,000,000 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6bbdb877-425e-11de-832b-0021705bcddc}\Shell - "" = AutoRun
O33 - MountPoints2\{6bbdb877-425e-11de-832b-0021705bcddc}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/23 23:26:36 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmine\Desktop\OTL.exe
[2010/01/22 19:15:14 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\ArcSoft
[2010/01/22 19:12:04 | 00,364,544 | ---- | C] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe
[2010/01/22 19:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\My Book
[2010/01/22 19:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Technologies
[2010/01/22 19:06:01 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\MyBook1C
[2010/01/22 19:03:37 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\Download Manager
[2010/01/22 17:38:41 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\Citrix
[2010/01/22 17:32:45 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\McAfee
[2010/01/22 17:07:52 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/21 14:55:14 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 14:55:14 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 14:55:14 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 14:55:14 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 14:55:14 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 14:55:14 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 14:55:14 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 14:55:14 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 14:55:13 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 14:55:13 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 14:55:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 14:55:13 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 14:55:13 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 14:55:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/19 19:53:11 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\Apple Computer
[2010/01/18 23:59:21 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\AOL OCP
[2010/01/18 23:59:15 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\AOL
[2010/01/18 19:09:02 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\Apple
[2010/01/17 20:34:00 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\Adobe
[2010/01/17 16:09:20 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\Jasmine\Desktop\ATF-Cleaner.exe
[2010/01/17 04:05:53 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/17 02:43:44 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Japanese Purse Book
[2010/01/16 20:37:56 | 00,472,064 | ---- | C] ( ) -- C:\Users\Jasmine\Desktop\RootRepeal.exe
[2010/01/16 16:23:56 | 05,207,047 | ---- | C] (McAfee Inc.) -- C:\Users\Jasmine\Documents\stinger1001688.exe
[2010/01/16 15:03:35 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2010/01/16 15:03:34 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/01/16 15:02:03 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/16 15:00:54 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/16 15:00:54 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/16 14:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/15 23:18:46 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\{50DF3CE6-DC2A-4069-9AC3-7CF593B584E3}
[2010/01/15 23:14:44 | 00,000,000 | -HSD | C] -- C:\Users\Jasmine\AppData\Roaming\lowsec
[2010/01/13 18:49:39 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Kawaii Products
[2010/01/13 15:49:32 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\Malwarebytes
[2010/01/13 15:48:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/13 15:48:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/13 15:48:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/13 15:48:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/13 06:53:15 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 06:53:15 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/11 22:02:05 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Pandas
[2010/01/11 21:49:25 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Cali Kawaii
[2010/01/11 21:41:59 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Music
[2010/01/11 21:33:33 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Kawaii Notes
[2010/01/11 21:26:58 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Fitness Stuff
[2010/01/11 21:26:32 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Beauty
[2010/01/11 21:18:52 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\sanrio brushes n font
[2010/01/05 05:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2009/12/31 13:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/12/31 13:55:22 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/12/31 13:55:21 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/12/31 13:55:21 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/12/31 13:54:33 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/12/31 13:54:33 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/12/31 13:54:32 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/12/31 13:54:32 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/12/31 13:54:32 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/12/31 13:54:32 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/12/31 13:54:32 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/12/31 13:54:32 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/12/31 13:54:32 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/12/31 13:54:32 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/12/31 13:54:32 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/12/31 13:54:32 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/12/31 13:54:31 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/12/31 13:54:31 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/12/31 13:54:31 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/12/31 13:54:31 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/12/31 13:54:31 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/12/31 13:54:31 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/12/31 13:54:31 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/12/31 13:54:31 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/12/31 13:54:31 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/12/31 13:54:31 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/12/31 13:54:31 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/12/31 13:54:31 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/12/31 13:54:31 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/12/31 13:53:42 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/12/31 13:53:41 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/12/31 13:53:28 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/12/31 13:53:26 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/12/31 13:53:26 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/12/31 13:53:26 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/12/31 13:53:26 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/12/31 13:53:26 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/12/31 13:53:26 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/12/31 13:53:26 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/12/31 13:53:25 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/12/31 13:53:25 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/12/31 13:51:43 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/12/31 13:51:43 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/12/30 01:29:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/12/30 01:29:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/12/30 01:29:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/12/29 01:29:18 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Documents\Travel
[2009/12/28 00:41:34 | 00,000,000 | R--D | C] -- C:\Users\Jasmine\AppData\Roaming\Brother
[2009/12/27 23:52:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Brother
[2009/12/26 17:27:42 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Vision Board
[2009/12/26 02:52:35 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Jap Makeup
[2009/07/22 10:47:19 | 08,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Jasmine\AppData\Roaming\DataSafeDotNet.exe
[2009/04/17 22:17:35 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Jasmine\AppData\Roaming\pcouffin.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/23 23:33:40 | 03,670,016 | -HS- | M] () -- C:\Users\Jasmine\ntuser.dat
[2010/01/23 23:26:41 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmine\Desktop\OTL.exe
[2010/01/23 23:24:26 | 00,000,112 | -H-- | M] () -- C:\Users\Jasmine\Desktop\.~lock.Anime List.ods#
[2010/01/23 22:06:09 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/23 22:06:09 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/23 20:07:35 | 00,030,197 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/01/23 19:41:27 | 00,222,461 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.68284985.jpg
[2010/01/23 19:28:57 | 00,842,766 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.112114365.jpg
[2010/01/23 18:16:51 | 00,001,176 | ---- | M] () -- C:\Users\Jasmine\AppData\Roaming\vso_ts_preview.xml
[2010/01/23 17:58:36 | 00,152,329 | ---- | M] () -- C:\Users\Jasmine\Desktop\hkvampire.psd
[2010/01/23 17:58:15 | 00,354,504 | ---- | M] () -- C:\Users\Jasmine\Desktop\hkgoth.psd
[2010/01/23 17:58:10 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/23 17:58:10 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/23 17:58:10 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/23 16:06:12 | 00,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2010/01/23 16:06:10 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/23 16:06:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/23 16:06:05 | 21,109,71904 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/23 15:18:23 | 00,006,648 | ---- | M] () -- C:\Users\Jasmine\AppData\Local\d3d9caps.dat
[2010/01/23 04:26:03 | 00,524,288 | -HS- | M] () -- C:\Users\Jasmine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/23 04:26:03 | 00,065,536 | -HS- | M] () -- C:\Users\Jasmine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/23 04:23:50 | 02,948,121 | -H-- | M] () -- C:\Users\Jasmine\AppData\Local\IconCache.db
[2010/01/23 01:34:31 | 00,012,779 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_430xN.54075115.jpg
[2010/01/23 00:13:12 | 00,106,045 | ---- | M] () -- C:\Users\Jasmine\Desktop\blogpics 001.jpg
[2010/01/23 00:13:08 | 00,082,568 | ---- | M] () -- C:\Users\Jasmine\Desktop\blogpics 006.jpg
[2010/01/22 22:05:29 | 06,011,990 | ---- | M] () -- C:\Users\Jasmine\Desktop\How to Make a Sweet YG's Wallet - revised.pdf
[2010/01/22 19:14:09 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe
[2010/01/22 19:11:34 | 00,001,739 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Backup Monitor.lnk
[2010/01/22 19:05:12 | 38,938,548 | ---- | M] () -- C:\Users\Jasmine\Desktop\MyBook1C.zip
[2010/01/22 16:39:58 | 00,000,020 | -HS- | M] () -- C:\ArcDeviceInfo
[2010/01/21 02:42:11 | 00,027,146 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116734215.jpg
[2010/01/21 02:16:58 | 00,000,248 | ---- | M] () -- C:\Users\Jasmine\AppData\Roaming\wklnhst.dat
[2010/01/21 00:42:03 | 00,022,907 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116897250.jpg
[2010/01/17 16:11:00 | 07,520,288 | ---- | M] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware.exe
[2010/01/17 16:09:23 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jasmine\Desktop\ATF-Cleaner.exe
[2010/01/17 04:25:37 | 01,699,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/17 01:49:50 | 00,081,997 | ---- | M] () -- C:\Users\Jasmine\Desktop\2ndtime-3popsea.jpg
[2010/01/17 01:29:41 | 00,259,787 | ---- | M] () -- C:\Users\Jasmine\Desktop\wierd popups.jpg
[2010/01/17 01:26:14 | 20,346,380 | ---- | M] () -- C:\Users\Jasmine\Desktop\Labores de Ana nº .61 - Mundo da Hello Kitty.rar
[2010/01/17 01:25:45 | 09,491,612 | ---- | M] () -- C:\Users\Jasmine\Desktop\hllokttiyefltmacsot.rar
[2010/01/17 01:06:25 | 04,822,287 | R--- | M] () -- C:\Users\Jasmine\Desktop\Japanese Purse Book.rar
[2010/01/16 23:49:56 | 00,082,511 | ---- | M] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware-popup.jpg
[2010/01/16 21:28:19 | 00,019,008 | ---- | M] () -- C:\Users\Jasmine\Desktop\Anime List.ods
[2010/01/16 20:37:59 | 00,472,064 | ---- | M] ( ) -- C:\Users\Jasmine\Desktop\RootRepeal.exe
[2010/01/16 20:36:11 | 00,524,288 | ---- | M] () -- C:\Users\Jasmine\Desktop\dds.scr
[2010/01/16 19:15:56 | 00,000,017 | ---- | M] () -- C:\Users\Jasmine\Documents\stinger1001688.opt
[2010/01/16 16:24:14 | 05,207,047 | ---- | M] (McAfee Inc.) -- C:\Users\Jasmine\Documents\stinger1001688.exe
[2010/01/15 23:18:50 | 00,000,000 | ---- | M] () -- C:\Users\Jasmine\AppData\Local\Hfuzumuligi.bin
[2010/01/15 23:18:49 | 00,000,120 | ---- | M] () -- C:\Users\Jasmine\AppData\Local\Ehebifureqijo.dat
[2010/01/15 21:36:31 | 00,053,760 | ---- | M] () -- C:\Users\Jasmine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/15 21:06:32 | 00,001,747 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/01/15 02:37:38 | 00,034,644 | ---- | M] () -- C:\Users\Jasmine\Desktop\4082646651_9d8a8294d3_o.png
[2010/01/15 02:37:02 | 00,012,703 | ---- | M] () -- C:\Users\Jasmine\Desktop\4061499970_4e613d2fd2_o.png
[2010/01/15 02:35:05 | 00,005,346 | ---- | M] () -- C:\Users\Jasmine\Desktop\4144158714_ea2751a113_o.jpg
[2010/01/15 01:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/14 10:14:31 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/12 20:53:24 | 00,048,914 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_430xN.102689267.jpg
[2010/01/12 20:51:03 | 00,047,101 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_430xN.71032260.jpg
[2010/01/12 19:45:51 | 00,003,895 | ---- | M] () -- C:\Users\Jasmine\Documents\Percy Jackson Lightning Thief.rtf
[2010/01/10 16:16:37 | 00,169,351 | ---- | M] () -- C:\Users\Jasmine\Desktop\w-fai-silvermist-leaves-1280.jpg
[2010/01/08 19:38:00 | 00,321,571 | ---- | M] () -- C:\Users\Jasmine\Desktop\World_Japan_Toji_Temple__Kyoto__Japan_007891_.jpg
[2010/01/08 19:27:51 | 00,998,916 | ---- | M] () -- C:\Users\Jasmine\Desktop\HK-kimono.jpg
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 02:08:00 | 00,006,774 | ---- | M] () -- C:\Users\Jasmine\AppData\Roaming\PrimoPDFSet.xml
[2010/01/02 00:33:32 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 00:33:32 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 00:32:51 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 00:32:46 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 00:32:33 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 00:32:33 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 00:32:33 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 00:32:32 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 00:32:32 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 00:32:26 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/01 22:57:00 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/01 22:56:50 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/01 22:56:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/01 22:55:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/01 01:00:00 | 00,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/12/31 21:41:23 | 00,020,812 | ---- | M] () -- C:\Users\Jasmine\Desktop\ahlive15.jpg
[2009/12/31 13:57:39 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/31 13:57:06 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/12/31 02:10:14 | 00,260,466 | ---- | M] () -- C:\Users\Jasmine\Documents\57 History of Medicine iss 6.pdf
[2009/12/28 00:45:20 | 00,000,461 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2009/12/27 23:52:20 | 00,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/23 23:24:26 | 00,000,112 | -H-- | C] () -- C:\Users\Jasmine\Desktop\.~lock.Anime List.ods#
[2010/01/23 19:41:26 | 00,222,461 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.68284985.jpg
[2010/01/23 19:28:55 | 00,842,766 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.112114365.jpg
[2010/01/23 17:58:34 | 00,152,329 | ---- | C] () -- C:\Users\Jasmine\Desktop\hkvampire.psd
[2010/01/23 17:58:13 | 00,354,504 | ---- | C] () -- C:\Users\Jasmine\Desktop\hkgoth.psd
[2010/01/23 01:34:30 | 00,012,779 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_430xN.54075115.jpg
[2010/01/23 00:13:11 | 00,106,045 | ---- | C] () -- C:\Users\Jasmine\Desktop\blogpics 001.jpg
[2010/01/23 00:13:07 | 00,082,568 | ---- | C] () -- C:\Users\Jasmine\Desktop\blogpics 006.jpg
[2010/01/22 22:05:16 | 06,011,990 | ---- | C] () -- C:\Users\Jasmine\Desktop\How to Make a Sweet YG's Wallet - revised.pdf
[2010/01/22 19:11:34 | 00,001,739 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Backup Monitor.lnk
[2010/01/22 19:03:45 | 38,938,548 | ---- | C] () -- C:\Users\Jasmine\Desktop\MyBook1C.zip
[2010/01/22 16:39:58 | 00,000,020 | -HS- | C] () -- C:\ArcDeviceInfo
[2010/01/21 02:42:08 | 00,027,146 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116734215.jpg
[2010/01/21 00:42:03 | 00,022,907 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116897250.jpg
[2010/01/17 17:44:31 | 21,109,71904 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/17 16:10:35 | 07,520,288 | ---- | C] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware.exe
[2010/01/17 15:32:17 | 00,001,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
[2010/01/17 15:32:17 | 00,001,172 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/01/17 15:32:17 | 00,000,860 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2010/01/17 01:49:50 | 00,081,997 | ---- | C] () -- C:\Users\Jasmine\Desktop\2ndtime-3popsea.jpg
[2010/01/17 01:29:38 | 00,259,787 | ---- | C] () -- C:\Users\Jasmine\Desktop\wierd popups.jpg
[2010/01/17 01:22:01 | 09,491,612 | ---- | C] () -- C:\Users\Jasmine\Desktop\hllokttiyefltmacsot.rar
[2010/01/17 01:20:19 | 20,346,380 | ---- | C] () -- C:\Users\Jasmine\Desktop\Labores de Ana nº .61 - Mundo da Hello Kitty.rar
[2010/01/17 01:06:25 | 04,822,287 | R--- | C] () -- C:\Users\Jasmine\Desktop\Japanese Purse Book.rar
[2010/01/16 23:49:54 | 00,082,511 | ---- | C] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware-popup.jpg
[2010/01/16 20:36:02 | 00,524,288 | ---- | C] () -- C:\Users\Jasmine\Desktop\dds.scr
[2010/01/16 18:59:51 | 00,000,017 | ---- | C] () -- C:\Users\Jasmine\Documents\stinger1001688.opt
[2010/01/15 23:18:50 | 00,000,000 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\Hfuzumuligi.bin
[2010/01/15 23:18:49 | 00,000,120 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\Ehebifureqijo.dat
[2010/01/15 02:37:34 | 00,034,644 | ---- | C] () -- C:\Users\Jasmine\Desktop\4082646651_9d8a8294d3_o.png
[2010/01/15 02:36:58 | 00,012,703 | ---- | C] () -- C:\Users\Jasmine\Desktop\4061499970_4e613d2fd2_o.png
[2010/01/15 02:34:59 | 00,005,346 | ---- | C] () -- C:\Users\Jasmine\Desktop\4144158714_ea2751a113_o.jpg
[2010/01/12 20:53:24 | 00,048,914 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_430xN.102689267.jpg
[2010/01/12 20:51:00 | 00,047,101 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_430xN.71032260.jpg
[2010/01/12 19:45:51 | 00,003,895 | ---- | C] () -- C:\Users\Jasmine\Documents\Percy Jackson Lightning Thief.rtf
[2010/01/10 16:16:33 | 00,169,351 | ---- | C] () -- C:\Users\Jasmine\Desktop\w-fai-silvermist-leaves-1280.jpg
[2010/01/08 19:37:55 | 00,321,571 | ---- | C] () -- C:\Users\Jasmine\Desktop\World_Japan_Toji_Temple__Kyoto__Japan_007891_.jpg
[2010/01/08 19:27:43 | 00,998,916 | ---- | C] () -- C:\Users\Jasmine\Desktop\HK-kimono.jpg
[2009/12/31 21:41:22 | 00,020,812 | ---- | C] () -- C:\Users\Jasmine\Desktop\ahlive15.jpg
[2009/12/31 13:57:39 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/31 13:57:06 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/12/31 02:10:14 | 00,260,466 | ---- | C] () -- C:\Users\Jasmine\Documents\57 History of Medicine iss 6.pdf
[2009/12/27 23:52:20 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/12/27 23:52:19 | 00,000,461 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/19 10:29:03 | 00,001,264 | ---- | C] () -- C:\ProgramData\tmp4606.log
[2009/12/01 05:18:37 | 00,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/11 01:01:25 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/28 13:49:26 | 00,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/08/27 02:01:53 | 00,001,176 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\vso_ts_preview.xml
[2009/08/22 11:03:36 | 00,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2009/08/19 22:53:52 | 00,001,107 | ---- | C] () -- C:\ProgramData\tmpD8D4.log
[2009/08/14 22:04:42 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/14 22:04:41 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/03 22:13:43 | 00,000,552 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\d3d8caps.dat
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/26 22:48:12 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/24 22:58:25 | 00,000,248 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\wklnhst.dat
[2009/04/24 22:02:56 | 00,006,774 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\PrimoPDFSet.xml
[2009/04/24 22:00:00 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/04/18 13:15:06 | 00,006,648 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\d3d9caps.dat
[2009/04/17 22:19:37 | 00,000,034 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\pcouffin.log
[2009/04/17 22:17:35 | 00,087,608 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\inst.exe
[2009/04/17 22:17:35 | 00,007,887 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\pcouffin.cat
[2009/04/17 22:17:34 | 00,001,144 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\pcouffin.inf
[2009/04/17 20:43:05 | 00,053,760 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 20:28:32 | 00,001,431 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/04/17 15:25:21 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/04/14 21:15:54 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/04/14 21:15:53 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009/04/14 17:35:23 | 00,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/04/14 17:35:22 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/04/28 10:13:33 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\Windows:FAD6FD285739AFFF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

OTL Extras logfile created on: 1/23/2010 11:27:02 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Jasmine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 266.95 Gb Free Space | 59.23% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.27 Gb Free Space | 61.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 202.57 Gb Free Space | 67.96% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASMINE-PC
Current User Name: Jasmine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AB1E85-0468-45FE-82E8-395C7BA5CF68}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0A93F879-180D-4BCC-ACE8-74B998BE9D0B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0E8E0D6A-48EC-4977-B58F-8DCAD1FA1B12}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0EED601A-3D42-4DB1-8F16-BFEE08B3E375}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{0FDE2DC2-56B3-4EFF-BB80-5A699310524F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{10EB3D2B-25DC-46F8-A5DB-97736D7A12EC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1321F770-ECB0-47CC-BAA2-D9127EB543A2}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{1BB6A004-F8FF-4AC4-B68F-BCB00094CE0F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{31D5F533-3FA9-43B9-8C6F-0269DA670CFC}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33285923-D691-476D-9ADE-A67E9A4EB000}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3C75873E-3B0B-43BC-936F-5881876DE15C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{408611FE-C78A-4AD0-B8C7-031C52E88EDF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B90498C-2C8D-4188-B08E-CDB36B9EE75E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{513C39DA-24D5-49F4-AB7D-64EBC511F26E}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{55381C77-468F-44ED-AF1B-B0A2A7948B1C}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{5601A1EB-E01B-4C1F-BA85-7EC320AC8FCA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5EA371E9-5EFB-473A-BCCB-6768904DD426}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{60E459FC-2FD2-4E69-A1BF-0071F14EA4D3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{66DE985C-5F5C-47B3-8992-793CDD552BD3}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{6D4565EF-AB8A-4064-9367-5F4AA82BF929}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6FEDA370-8341-444B-A14F-74C1A5288F24}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76B3BEE9-403B-4B0C-B668-14813E1AD7EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7820874C-D79F-4339-85BC-05EBF2C0A0E3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7B3DF966-AE9B-4531-A76B-B25EA77CE26E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CFC0EFF-202B-482C-A4D2-76A2675D1DAF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8507E6B7-1EB9-48A2-AEF2-5EAF853C532C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{853CD69B-BECB-4B85-A94A-7E2D0F950EB5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{88451615-F27A-47B0-9468-4BF657EABA4E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8D7FEDEA-6641-4DA5-A154-2EE693204952}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9146CA30-694F-4603-A8BF-A7FC3D47B289}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9AD9CB65-583E-4771-B2BA-79573313FCA4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9B6CEDD0-3419-480A-A076-11EC843FBCDD}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9EA1251B-0451-4045-8517-BB5C15613399}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F1B574F-44DB-4940-984E-34D910752A85}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A032B433-5D1B-4B96-B39D-53FE1325F9F3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{A6155FDF-E873-490A-A4CA-552F2F9CA9BB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A6A447F6-52F5-4391-8497-478D5AE38397}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BAE16F50-BB39-4205-924F-CE55AD31C892}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BD41C71F-0618-487B-BB09-38B77AACA8FE}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{CB731478-CC7E-499F-A4B2-4DBD25FBAE2F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E2C7124A-D4ED-43C2-863F-5F9C600896F8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E633CBC1-F0EF-4F14-9AB6-DF83E87C7EE8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{FA27BDEA-755B-4CA7-A1AD-7B7BFBF76FB6}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{FD5641B2-A95E-4AD8-9B8E-2C5AA5619BE8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01526927-7AF3-43CC-B073-F8DB084AA42D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D5ABC6B-B05B-4B40-B574-A3417C0E22B2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0E632580-C445-48AE-BBEA-D3799F792D9F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{19444773-00DB-44FD-9881-79C2DC52BA3E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{221076ED-F997-4CFF-8A6C-26AB3688A1C3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{25D91ADE-7883-4314-8CC6-820085706D98}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{26AFCFC3-546A-4FB0-AACB-792E75D6A7A3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2A9FBD40-87C8-4C22-9736-F46DC4D6B6F0}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2E58EF1D-65D3-49AE-93C3-957F4404AF29}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2EEE048C-4252-400A-9DD4-86DF90B017B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{33FC0DB8-DB5D-46B6-B577-02E0F435E888}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{3556FFB6-F873-471D-B51B-6956D88C4C29}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{36FE2BE1-17B1-45DF-8E99-F0D5A3E7F050}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{39B13218-649C-44EE-BB05-160DD9F7561A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D7C2620-6C48-48F0-B594-8C22A1A0F7E2}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{3E4F59B5-A843-4012-98B2-CA0BA096B0C2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4C73FC5E-ED01-40C5-877B-3018FC772527}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E7C8EFF-EAA6-4D24-9185-27B8EC15E8AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F27C1B1-D3B0-45CF-A859-0D345F57E29E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{543B2187-1F07-4392-BCCB-7FBB9B289062}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{547D70F0-001B-49FC-9724-570209839924}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{5B25A575-CEC8-4136-9B0E-0649877FC23C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5FE011D0-E89B-4B68-B111-F44B4AF63E3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{633143F2-CFCB-4BFF-8C4C-C9F3E34273C7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{731E3C7C-D704-42C9-976A-F18EAA920FB4}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{78433BE0-5003-458D-A3A2-033D8DEDBCA7}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{7A738B84-A711-4D4B-B372-ADF71F616CED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{89AC4936-FF85-4078-A532-B7AB9411427A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8B5BFC1A-4126-4C7B-9D10-191E0B51CB2E}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{918683B7-3648-48BF-A239-93CB738BB3F6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9362829A-D8A1-4EA1-B6E7-0473C53D6255}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{9D4381DD-6658-4362-9656-AEA00D790539}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{9FB96893-0DBC-4522-AAC5-A98662A9BFA4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A6881AC4-2DC0-42CA-B855-24321E5B5217}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6B3D139-DABD-44CD-BDEE-167F50407F26}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{A8BE8A4B-5F53-4E21-B5FB-656F88272DC5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AB28737E-6EAB-486C-9775-1F14C819C83E}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{AC6CB638-6FE4-46FE-95B4-D6F6186CDCD8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AE4A1193-6FD3-47BC-A0EA-936641564412}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B49C3EC0-CCFD-4215-A847-FEE9744EF9C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA526D16-320B-4BEF-B1C1-E404DB8B18C9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BAB11676-0CE0-45B6-A982-01EA8D7CF84F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{BCB1C3CC-690B-46A1-8994-2A515A3AAD8C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C22D39E6-04D1-41E7-AB57-ADF47D943810}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C2973379-D06F-4710-9FD1-898B87860F74}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{C3B4D8FB-EC07-49EE-A352-120FBDB20F3B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C5562B55-E517-4FA1-8164-B3BFAE576613}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C82D5EF2-6049-4754-B1FD-4EADA16D5D77}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CFF5DAA6-895C-455C-B15D-1F1E6E98F528}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D67D2142-EB83-4F44-A99B-DD351DF39ECD}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{D74F00C8-EA4F-4C55-8B1E-529C5925FF9B}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{E0D1A5B7-2F1C-4558-8E04-982706207B20}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{E19B375C-783B-4378-934D-830B2AD8B1F5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E2F9B2A2-09CD-4A6F-BF5E-87315BE4348D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E43C93F8-065A-467E-AEF0-2B54847EE92D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{E547C6EB-861A-4C66-AE2F-CBCC73C5D757}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E74127BE-BB1A-47CC-9531-2BED0EB11C4E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E75DFECC-D232-4ACF-816B-C59ABCCE53A8}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{EB7DFEB9-F81E-481B-AFDF-BD6103708279}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F02D0842-CF69-4407-89C9-939EA7CC7D53}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F144407A-8288-453F-916E-AAE4E83ACEDC}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{F2F499AE-8B35-472C-AB08-72644CFCA58A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F60F8038-1A8C-4962-AD01-41A42C311DD9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F680C587-6822-4E7C-8E8D-061BB508D213}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{F7965963-04DB-4506-B1CD-2BF09B3B7688}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F86804D4-5E48-4606-91F9-A1F51FDAEE1A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FE5CAD9B-FF9C-471F-BCB2-64B3554788E5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FF998569-14BE-4E44-9EFD-370515AC4661}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{FFD643D8-A29C-4795-8E72-08488A79962B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{0A848B56-5E3F-44F1-B1CF-4BB8483F04A2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{2BD78D6B-B033-4608-A54A-B0E8F1168436}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{147D4217-AA88-4FCF-BDB9-72B643405D05}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{6C82CADD-B8AD-4D9A-A800-243114BFD816}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skypeââ€ž¢ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193d
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F87F6-D2DA-4058-9891-60A7950C9E96}_is1" = Altysoft Free DVD 2.1
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"AIM_6" = AIM 6
"AnyDVD" = AnyDVD
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD2one V2" = DVD2one V2.3.1
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"FileZilla Client" = FileZilla Client 3.3.1
"Free MKV Video2Dvd 3.00_is1" = Free MKV Video2Dvd 3.00
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GPSTest" = Chartcross GPSTest
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSC" = McAfee SecurityCenter
"PrimoPDF4.1.0.9" = PrimoPDF
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Transcribe!_is1" = Transcribe! 7.31
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vuze" = Vuze
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2010 5:22:36 PM | Computer Name = Jasmine-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 5:23:02 PM | Computer Name = Jasmine-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 5:23:03 PM | Computer Name = Jasmine-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 5:23:03 PM | Computer Name = Jasmine-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 9:15:31 PM | Computer Name = Jasmine-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 9:15:32 PM | Computer Name = Jasmine-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/18/2010 9:15:32 PM | Computer Name = Jasmine-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/19/2010 2:16:05 PM | Computer Name = Jasmine-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/20/2010 6:21:48 AM | Computer Name = Jasmine-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/20/2010 2:59:48 PM | Computer Name = Jasmine-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 6/10/2009 6:27:13 PM | Computer Name = Jasmine-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/10/2009 6:28:02 PM | Computer Name = Jasmine-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package ClientUpdate.

Error - 10/7/2009 7:27:57 PM | Computer Name = Jasmine-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/23/2010 11:47:02 PM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "VN-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 1/23/2010 11:47:05 PM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "JUANA-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.105 did
not allow the name to be claimed by this computer.

Error - 1/23/2010 11:57:08 PM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "VN-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 1/23/2010 11:57:11 PM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "JUANA-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.105 did
not allow the name to be claimed by this computer.

Error - 1/24/2010 12:07:09 AM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "VN-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 1/24/2010 12:17:21 AM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "VN-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 1/24/2010 12:37:13 AM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "VN-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 1/24/2010 12:57:18 AM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "VN-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 1/24/2010 1:07:13 AM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "VN-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 1/24/2010 1:17:37 AM | Computer Name = Jasmine-PC | Source = netbt | ID = 4321
Description = The name "VN-PC :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

< End of report >

The only issue I am having with my computer right now is that my date and time is off. I've attempted to manually change it yet it still says Sat 01/23/10 when its Sun 01/24/10.
Firefox was kind of funny. I couldn't save images but now I can. It feels slower than before I had the virus too.

Thanks so much for your help!

This post has been edited by onesweetypie: 25 January 2010 - 12:59 AM

#4 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 25 January 2010 - 08:12 AM

Hi,

I don't believe that you have exactly the same infection as the thread you linked to. The file name points to a different version of the same infection though. It is an information stealing malware.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required to clean your PC.

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation as soon as possible.

If you do not have access to a known clean computer, you will still need to change your passwords, and all other sensitive information, but only once your system is deemed clean.

Please run a scan with gmer:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#5 onesweetypie

Member

Group: Members
Posts: 42
Joined: 02-August 06
Gender:Female
Location:TN

Posted 25 January 2010 - 09:06 PM

Thank you for checking to see if the viruses are the same. To be on the safe side, since I read the thread I have stopped using this desktop for financial purpose as well as changed passwords on another computer.

So it is possible to clean this desktop without reformatting? I do not wish to reformat if it's not necessary.

Here is the log you requested:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-24 19:53:22
Windows 6.0.6002 Service Pack 2
Running: 75zmiomz.exe; Driver: C:\Users\Jasmine\AppData\Local\Temp\pxrdrfoc.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Jasmine\AppData\Local\Temp\pxrdrfoc.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0xB8 0x43 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0x02 0xF4 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x25 0x98 0x6F 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0xB8 0x43 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0x02 0xF4 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x25 0x98 0x6F 0x73 ...

---- EOF - GMER 1.0.15 ----

Thank you once again for your help

#6 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 25 January 2010 - 09:26 PM

Hi,

we should be able to remove all infections we find. The good news actually is that you do not seem to be infected with rootkits, which should make the task that much easier.

The logs already look pretty good. Please run an updated scan with Malwarebytes to see what it still finds:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#7 onesweetypie

Member

Group: Members
Posts: 42
Joined: 02-August 06
Gender:Female
Location:TN

Posted 26 January 2010 - 12:49 AM

Here you go, thank you.

Malwarebytes' Anti-Malware 1.44
Database version: 3639
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

1/25/2010 11:48:16 PM
mbam-log-2010-01-25 (23-48-16).txt

Scan type: Quick Scan
Objects scanned: 109337
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 26 January 2010 - 11:36 AM

Hi,

please run the following fix to remove the files visible in the OTL log:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
CODE
:otl
@Alternate Data Stream - 72 bytes -> C:\Windows:FAD6FD285739AFFF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
[2010/01/15 23:18:50 | 00,000,000 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\Hfuzumuligi.bin
[2010/01/15 23:18:49 | 00,000,120 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\Ehebifureqijo.dat
:commands
[emptytemp]
Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#9 onesweetypie

Member

Group: Members
Posts: 42
Joined: 02-August 06
Gender:Female
Location:TN

Posted 26 January 2010 - 05:11 PM

OTL Run Fix Log

All processes killed
========== OTL ==========
ADS C:\Windows:FAD6FD285739AFFF deleted successfully.
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
C:\Users\Jasmine\AppData\Local\Hfuzumuligi.bin moved successfully.
C:\Users\Jasmine\AppData\Local\Ehebifureqijo.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jasmine
->Temp folder emptied: 7645773 bytes
->Temporary Internet Files folder emptied: 34888753 bytes
->Java cache emptied: 62539259 bytes
->FireFox cache emptied: 92376674 bytes

User: Public

User: RA Media Server
->Temp folder emptied: 16178705 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1103558 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4054828 bytes

Total Files Cleaned = 209.00 mb

OTL by OldTimer - Version 3.1.26.0 log created on 01262010_154118

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcmsc_dhzjQc0cTt2eEfw not found!
File\Folder C:\Windows\temp\mcmsc_Kv5fvOcKnVbVRS9 not found!
File\Folder C:\Windows\temp\sqlite_bpmqNypdT8DubQE not found!
File\Folder C:\Windows\temp\sqlite_tjYbuDi80bnwgYa not found!
File\Folder C:\Windows\temp\sqlite_UC38SZRhTYl5ewI not found!
File\Folder C:\Windows\temp\sqlite_yQm7b3EmdOeG0RU not found!

Registry entries deleted on Reboot...

OTL LOG

OTL logfile created on: 1/26/2010 3:57:26 PM - Run 2
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Jasmine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 256.53 Gb Free Space | 56.92% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.27 Gb Free Space | 61.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 202.57 Gb Free Space | 67.96% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASMINE-PC
Current User Name: Jasmine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Jasmine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
PRC - C:\Windows\System32\BCMWLTRY.EXE (Dell Inc.)
PRC - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Jasmine\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (wltrysvc) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (hnmsvc) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Apache2.2) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (dsl-db) -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (pcouffin) -- C:\Windows\System32\drivers\pcouffin.sys (VSO Software)
DRV - (usb_rndisx) -- C:\Windows\System32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Windows ® Codename Longhorn DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (Packet) -- C:\Windows\System32\drivers\packet.sys (SingleClick Systems)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (ATIAVPCI) -- C:\Windows\System32\drivers\atinavrr.sys (ATI Technologies Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {b92d6e49-3672-4c79-80b1-b0b4465e2025}:1.1.51
FF - prefs.js..extensions.enabledItems: dictionary@mozila.firefox.com:1.6.1
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091216W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.6.9
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {50DF3CE6-DC2A-4069-9AC3-7CF593B584E3}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
FF - prefs.js..extensions.enabledItems: {fd2f951f-77ea-4938-9493-0c892c027a13}:0.9.7
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/19 23:41:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 00:28:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/21 10:28:38 | 00,000,000 | ---D | M]

[2009/04/17 15:01:18 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Extensions
[2009/04/17 15:01:18 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/25 22:32:30 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions
[2009/05/23 15:35:07 | 00,000,000 | ---D | M] (Word Count) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{205026F2-3243-49e1-8A44-A826B28C34F0}
[2009/08/20 12:32:11 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/23 12:38:42 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/11/06 03:39:27 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/16 09:21:28 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{b92d6e49-3672-4c79-80b1-b0b4465e2025}
[2009/07/01 00:19:04 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/10/13 23:59:04 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/12/31 13:49:18 | 00,000,000 | ---D | M] (Firefox 2, the theme, reloaded) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
[2010/01/15 12:50:52 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\dictionary@mozila.firefox.com
[2009/12/01 05:59:07 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\rankchecker@seobook.com
[2009/12/01 05:59:09 | 00,000,000 | ---D | M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\seo4firefox@seobook.com
[2009/12/31 13:49:34 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}\chrome\mozapps\extensions
[2010/01/13 18:58:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/21 10:28:38 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/26 22:18:22 | 00,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/04/17 17:25:54 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/06/10 15:43:27 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/01/26 15:30:47 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/12/21 10:28:25 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/21 10:28:25 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/09 04:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/12/21 10:28:35 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/14 19:29:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/14 19:29:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/14 19:29:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/14 19:29:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/14 19:29:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/14 19:29:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/14 19:29:56 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/03/09 17:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/11/10 03:22:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/10 03:22:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/10 03:22:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/10 03:22:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/10 03:22:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/10 03:22:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/10 03:22:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jasmine\Pictures\Backgrounds\Japanese_Cherry_Blossom_wallpapers_GA038.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jasmine\Pictures\Backgrounds\Japanese_Cherry_Blossom_wallpapers_GA038.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/23 23:04:11 | 00,000,000 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6bbdb877-425e-11de-832b-0021705bcddc}\Shell - "" = AutoRun
O33 - MountPoints2\{6bbdb877-425e-11de-832b-0021705bcddc}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/26 15:41:18 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/25 22:24:51 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/25 22:24:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/25 22:24:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/25 22:24:00 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jasmine\Desktop\mbam-setup.exe
[2010/01/23 23:26:36 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmine\Desktop\OTL.exe
[2010/01/22 19:15:14 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\ArcSoft
[2010/01/22 19:12:04 | 00,364,544 | ---- | C] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe
[2010/01/22 19:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\My Book
[2010/01/22 19:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Technologies
[2010/01/22 19:06:01 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\MyBook1C
[2010/01/22 19:03:37 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\Download Manager
[2010/01/22 17:38:41 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\Citrix
[2010/01/22 17:32:45 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\McAfee
[2010/01/22 17:07:52 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/21 14:55:14 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 14:55:14 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 14:55:14 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 14:55:14 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 14:55:14 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 14:55:14 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 14:55:14 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 14:55:14 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 14:55:13 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 14:55:13 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 14:55:13 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 14:55:13 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 14:55:13 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 14:55:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/19 19:53:11 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\Apple Computer
[2010/01/18 23:59:21 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\AOL OCP
[2010/01/18 23:59:15 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\AOL
[2010/01/18 19:09:02 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\Apple
[2010/01/17 20:34:00 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\Adobe
[2010/01/17 16:09:20 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\Jasmine\Desktop\ATF-Cleaner.exe
[2010/01/17 04:05:53 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/17 02:43:44 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Japanese Purse Book
[2010/01/16 20:37:56 | 00,472,064 | ---- | C] ( ) -- C:\Users\Jasmine\Desktop\RootRepeal.exe
[2010/01/16 16:23:56 | 05,207,047 | ---- | C] (McAfee Inc.) -- C:\Users\Jasmine\Documents\stinger1001688.exe
[2010/01/16 15:03:35 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2010/01/16 15:03:34 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/01/16 15:02:03 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/16 15:00:54 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/16 15:00:54 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/16 14:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/15 23:18:46 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Local\{50DF3CE6-DC2A-4069-9AC3-7CF593B584E3}
[2010/01/15 23:14:44 | 00,000,000 | -HSD | C] -- C:\Users\Jasmine\AppData\Roaming\lowsec
[2010/01/13 18:49:39 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Kawaii Products
[2010/01/13 15:49:32 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\AppData\Roaming\Malwarebytes
[2010/01/13 15:48:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/13 06:53:15 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 06:53:15 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/11 22:02:05 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Pandas
[2010/01/11 21:49:25 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Cali Kawaii
[2010/01/11 21:41:59 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Music
[2010/01/11 21:33:33 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Kawaii Notes
[2010/01/11 21:26:58 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Fitness Stuff
[2010/01/11 21:26:32 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\Beauty
[2010/01/11 21:18:52 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Desktop\sanrio brushes n font
[2010/01/05 05:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2009/12/31 13:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/12/31 13:55:22 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/12/31 13:55:21 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/12/31 13:55:21 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/12/31 13:54:33 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/12/31 13:54:33 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/12/31 13:54:32 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/12/31 13:54:32 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/12/31 13:54:32 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/12/31 13:54:32 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/12/31 13:54:32 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/12/31 13:54:32 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/12/31 13:54:32 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/12/31 13:54:32 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/12/31 13:54:32 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/12/31 13:54:32 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/12/31 13:54:31 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/12/31 13:54:31 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/12/31 13:54:31 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/12/31 13:54:31 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/12/31 13:54:31 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/12/31 13:54:31 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/12/31 13:54:31 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/12/31 13:54:31 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/12/31 13:54:31 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/12/31 13:54:31 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/12/31 13:54:31 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/12/31 13:54:31 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/12/31 13:54:31 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/12/31 13:53:42 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/12/31 13:53:41 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/12/31 13:53:28 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/12/31 13:53:26 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/12/31 13:53:26 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/12/31 13:53:26 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/12/31 13:53:26 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/12/31 13:53:26 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/12/31 13:53:26 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/12/31 13:53:26 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/12/31 13:53:25 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/12/31 13:53:25 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/12/31 13:51:43 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/12/31 13:51:43 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/12/30 01:29:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/12/30 01:29:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/12/30 01:29:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/12/29 01:29:18 | 00,000,000 | ---D | C] -- C:\Users\Jasmine\Documents\Travel
[2009/12/28 00:41:34 | 00,000,000 | R--D | C] -- C:\Users\Jasmine\AppData\Roaming\Brother
[2009/12/27 23:52:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Brother
[2009/07/22 10:47:19 | 08,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Jasmine\AppData\Roaming\DataSafeDotNet.exe
[2009/04/17 22:17:35 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Jasmine\AppData\Roaming\pcouffin.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/26 15:56:31 | 03,670,016 | -HS- | M] () -- C:\Users\Jasmine\ntuser.dat
[2010/01/26 15:53:20 | 00,030,197 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/01/26 15:52:16 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 15:52:16 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 15:52:12 | 00,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2010/01/26 15:52:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/26 15:52:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/26 15:51:50 | 21,109,71904 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/26 15:50:48 | 00,524,288 | -HS- | M] () -- C:\Users\Jasmine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/26 15:50:48 | 00,065,536 | -HS- | M] () -- C:\Users\Jasmine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/26 06:27:57 | 02,665,451 | -H-- | M] () -- C:\Users\Jasmine\AppData\Local\IconCache.db
[2010/01/25 22:24:54 | 00,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/25 22:24:10 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jasmine\Desktop\mbam-setup.exe
[2010/01/24 19:33:24 | 00,006,648 | ---- | M] () -- C:\Users\Jasmine\AppData\Local\d3d9caps.dat
[2010/01/24 18:11:18 | 26,679,5497 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/24 17:42:31 | 00,000,034 | ---- | M] () -- C:\Users\Jasmine\defogger_reenable
[2010/01/24 17:06:04 | 00,293,376 | ---- | M] () -- C:\Users\Jasmine\Desktop\75zmiomz.exe
[2010/01/24 17:05:55 | 00,049,965 | ---- | M] () -- C:\Users\Jasmine\Desktop\Defogger.exe
[2010/01/24 13:46:31 | 00,018,492 | ---- | M] () -- C:\Users\Jasmine\Desktop\Anime List.ods
[2010/01/23 23:26:41 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmine\Desktop\OTL.exe
[2010/01/23 19:41:27 | 00,222,461 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.68284985.jpg
[2010/01/23 19:28:57 | 00,842,766 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.112114365.jpg
[2010/01/23 18:16:51 | 00,001,176 | ---- | M] () -- C:\Users\Jasmine\AppData\Roaming\vso_ts_preview.xml
[2010/01/23 17:58:36 | 00,152,329 | ---- | M] () -- C:\Users\Jasmine\Desktop\hkvampire.psd
[2010/01/23 17:58:15 | 00,354,504 | ---- | M] () -- C:\Users\Jasmine\Desktop\hkgoth.psd
[2010/01/23 17:58:10 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/23 17:58:10 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/23 17:58:10 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/23 01:34:31 | 00,012,779 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_430xN.54075115.jpg
[2010/01/23 00:13:12 | 00,106,045 | ---- | M] () -- C:\Users\Jasmine\Desktop\blogpics 001.jpg
[2010/01/23 00:13:08 | 00,082,568 | ---- | M] () -- C:\Users\Jasmine\Desktop\blogpics 006.jpg
[2010/01/22 22:05:29 | 06,011,990 | ---- | M] () -- C:\Users\Jasmine\Desktop\How to Make a Sweet YG's Wallet - revised.pdf
[2010/01/22 19:14:09 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe
[2010/01/22 19:11:34 | 00,001,739 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Backup Monitor.lnk
[2010/01/22 19:05:12 | 38,938,548 | ---- | M] () -- C:\Users\Jasmine\Desktop\MyBook1C.zip
[2010/01/22 16:39:58 | 00,000,020 | -HS- | M] () -- C:\ArcDeviceInfo
[2010/01/21 02:42:11 | 00,027,146 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116734215.jpg
[2010/01/21 02:16:58 | 00,000,248 | ---- | M] () -- C:\Users\Jasmine\AppData\Roaming\wklnhst.dat
[2010/01/21 00:42:03 | 00,022,907 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116897250.jpg
[2010/01/17 16:11:00 | 07,520,288 | ---- | M] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware.exe
[2010/01/17 16:09:23 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jasmine\Desktop\ATF-Cleaner.exe
[2010/01/17 04:25:37 | 01,699,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/17 01:49:50 | 00,081,997 | ---- | M] () -- C:\Users\Jasmine\Desktop\2ndtime-3popsea.jpg
[2010/01/17 01:29:41 | 00,259,787 | ---- | M] () -- C:\Users\Jasmine\Desktop\wierd popups.jpg
[2010/01/17 01:26:14 | 20,346,380 | ---- | M] () -- C:\Users\Jasmine\Desktop\Labores de Ana nº .61 - Mundo da Hello Kitty.rar
[2010/01/17 01:25:45 | 09,491,612 | ---- | M] () -- C:\Users\Jasmine\Desktop\hllokttiyefltmacsot.rar
[2010/01/17 01:06:25 | 04,822,287 | R--- | M] () -- C:\Users\Jasmine\Desktop\Japanese Purse Book.rar
[2010/01/16 23:49:56 | 00,082,511 | ---- | M] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware-popup.jpg
[2010/01/16 20:37:59 | 00,472,064 | ---- | M] ( ) -- C:\Users\Jasmine\Desktop\RootRepeal.exe
[2010/01/16 20:36:11 | 00,524,288 | ---- | M] () -- C:\Users\Jasmine\Desktop\dds.scr
[2010/01/16 19:15:56 | 00,000,017 | ---- | M] () -- C:\Users\Jasmine\Documents\stinger1001688.opt
[2010/01/16 16:24:14 | 05,207,047 | ---- | M] (McAfee Inc.) -- C:\Users\Jasmine\Documents\stinger1001688.exe
[2010/01/15 21:36:31 | 00,053,760 | ---- | M] () -- C:\Users\Jasmine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/15 21:06:32 | 00,001,747 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/01/15 02:37:38 | 00,034,644 | ---- | M] () -- C:\Users\Jasmine\Desktop\4082646651_9d8a8294d3_o.png
[2010/01/15 02:37:02 | 00,012,703 | ---- | M] () -- C:\Users\Jasmine\Desktop\4061499970_4e613d2fd2_o.png
[2010/01/15 02:35:05 | 00,005,346 | ---- | M] () -- C:\Users\Jasmine\Desktop\4144158714_ea2751a113_o.jpg
[2010/01/15 01:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/14 10:14:31 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/12 20:53:24 | 00,048,914 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_430xN.102689267.jpg
[2010/01/12 20:51:03 | 00,047,101 | ---- | M] () -- C:\Users\Jasmine\Desktop\il_430xN.71032260.jpg
[2010/01/12 19:45:51 | 00,003,895 | ---- | M] () -- C:\Users\Jasmine\Documents\Percy Jackson Lightning Thief.rtf
[2010/01/10 16:16:37 | 00,169,351 | ---- | M] () -- C:\Users\Jasmine\Desktop\w-fai-silvermist-leaves-1280.jpg
[2010/01/08 19:38:00 | 00,321,571 | ---- | M] () -- C:\Users\Jasmine\Desktop\World_Japan_Toji_Temple__Kyoto__Japan_007891_.jpg
[2010/01/08 19:27:51 | 00,998,916 | ---- | M] () -- C:\Users\Jasmine\Desktop\HK-kimono.jpg
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 02:08:00 | 00,006,774 | ---- | M] () -- C:\Users\Jasmine\AppData\Roaming\PrimoPDFSet.xml
[2010/01/02 00:33:32 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 00:33:32 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 00:32:51 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 00:32:46 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 00:32:33 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 00:32:33 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 00:32:33 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 00:32:32 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 00:32:32 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 00:32:26 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/01 22:57:00 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/01 22:56:50 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/01 22:56:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/01 22:55:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/01 01:00:00 | 00,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/12/31 21:41:23 | 00,020,812 | ---- | M] () -- C:\Users\Jasmine\Desktop\ahlive15.jpg
[2009/12/31 13:57:39 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/31 13:57:06 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/12/31 02:10:14 | 00,260,466 | ---- | M] () -- C:\Users\Jasmine\Documents\57 History of Medicine iss 6.pdf
[2009/12/28 00:45:20 | 00,000,461 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2009/12/27 23:52:20 | 00,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/25 22:24:54 | 00,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/24 19:54:21 | 21,109,71904 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 18:11:18 | 26,679,5497 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/24 17:41:31 | 00,000,034 | ---- | C] () -- C:\Users\Jasmine\defogger_reenable
[2010/01/24 17:06:01 | 00,293,376 | ---- | C] () -- C:\Users\Jasmine\Desktop\75zmiomz.exe
[2010/01/24 17:05:54 | 00,049,965 | ---- | C] () -- C:\Users\Jasmine\Desktop\Defogger.exe
[2010/01/23 19:41:26 | 00,222,461 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.68284985.jpg
[2010/01/23 19:28:55 | 00,842,766 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.112114365.jpg
[2010/01/23 17:58:34 | 00,152,329 | ---- | C] () -- C:\Users\Jasmine\Desktop\hkvampire.psd
[2010/01/23 17:58:13 | 00,354,504 | ---- | C] () -- C:\Users\Jasmine\Desktop\hkgoth.psd
[2010/01/23 01:34:30 | 00,012,779 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_430xN.54075115.jpg
[2010/01/23 00:13:11 | 00,106,045 | ---- | C] () -- C:\Users\Jasmine\Desktop\blogpics 001.jpg
[2010/01/23 00:13:07 | 00,082,568 | ---- | C] () -- C:\Users\Jasmine\Desktop\blogpics 006.jpg
[2010/01/22 22:05:16 | 06,011,990 | ---- | C] () -- C:\Users\Jasmine\Desktop\How to Make a Sweet YG's Wallet - revised.pdf
[2010/01/22 19:11:34 | 00,001,739 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Backup Monitor.lnk
[2010/01/22 19:03:45 | 38,938,548 | ---- | C] () -- C:\Users\Jasmine\Desktop\MyBook1C.zip
[2010/01/22 16:39:58 | 00,000,020 | -HS- | C] () -- C:\ArcDeviceInfo
[2010/01/21 02:42:08 | 00,027,146 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116734215.jpg
[2010/01/21 00:42:03 | 00,022,907 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116897250.jpg
[2010/01/17 16:10:35 | 07,520,288 | ---- | C] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware.exe
[2010/01/17 15:32:17 | 00,001,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
[2010/01/17 15:32:17 | 00,001,172 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/01/17 15:32:17 | 00,000,860 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2010/01/17 01:49:50 | 00,081,997 | ---- | C] () -- C:\Users\Jasmine\Desktop\2ndtime-3popsea.jpg
[2010/01/17 01:29:38 | 00,259,787 | ---- | C] () -- C:\Users\Jasmine\Desktop\wierd popups.jpg
[2010/01/17 01:22:01 | 09,491,612 | ---- | C] () -- C:\Users\Jasmine\Desktop\hllokttiyefltmacsot.rar
[2010/01/17 01:20:19 | 20,346,380 | ---- | C] () -- C:\Users\Jasmine\Desktop\Labores de Ana nº .61 - Mundo da Hello Kitty.rar
[2010/01/17 01:06:25 | 04,822,287 | R--- | C] () -- C:\Users\Jasmine\Desktop\Japanese Purse Book.rar
[2010/01/16 23:49:54 | 00,082,511 | ---- | C] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware-popup.jpg
[2010/01/16 20:36:02 | 00,524,288 | ---- | C] () -- C:\Users\Jasmine\Desktop\dds.scr
[2010/01/16 18:59:51 | 00,000,017 | ---- | C] () -- C:\Users\Jasmine\Documents\stinger1001688.opt
[2010/01/15 02:37:34 | 00,034,644 | ---- | C] () -- C:\Users\Jasmine\Desktop\4082646651_9d8a8294d3_o.png
[2010/01/15 02:36:58 | 00,012,703 | ---- | C] () -- C:\Users\Jasmine\Desktop\4061499970_4e613d2fd2_o.png
[2010/01/15 02:34:59 | 00,005,346 | ---- | C] () -- C:\Users\Jasmine\Desktop\4144158714_ea2751a113_o.jpg
[2010/01/12 20:53:24 | 00,048,914 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_430xN.102689267.jpg
[2010/01/12 20:51:00 | 00,047,101 | ---- | C] () -- C:\Users\Jasmine\Desktop\il_430xN.71032260.jpg
[2010/01/12 19:45:51 | 00,003,895 | ---- | C] () -- C:\Users\Jasmine\Documents\Percy Jackson Lightning Thief.rtf
[2010/01/10 16:16:33 | 00,169,351 | ---- | C] () -- C:\Users\Jasmine\Desktop\w-fai-silvermist-leaves-1280.jpg
[2010/01/08 19:37:55 | 00,321,571 | ---- | C] () -- C:\Users\Jasmine\Desktop\World_Japan_Toji_Temple__Kyoto__Japan_007891_.jpg
[2010/01/08 19:27:43 | 00,998,916 | ---- | C] () -- C:\Users\Jasmine\Desktop\HK-kimono.jpg
[2009/12/31 21:41:22 | 00,020,812 | ---- | C] () -- C:\Users\Jasmine\Desktop\ahlive15.jpg
[2009/12/31 13:57:39 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/12/31 13:57:06 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/12/31 02:10:14 | 00,260,466 | ---- | C] () -- C:\Users\Jasmine\Documents\57 History of Medicine iss 6.pdf
[2009/12/27 23:52:20 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/12/27 23:52:19 | 00,000,461 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/19 10:29:03 | 00,001,264 | ---- | C] () -- C:\ProgramData\tmp4606.log
[2009/09/11 01:01:25 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/28 13:49:26 | 00,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/08/27 02:01:53 | 00,001,176 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\vso_ts_preview.xml
[2009/08/22 11:03:36 | 00,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2009/08/19 22:53:52 | 00,001,107 | ---- | C] () -- C:\ProgramData\tmpD8D4.log
[2009/08/14 22:04:42 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/14 22:04:41 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/03 22:13:43 | 00,000,552 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\d3d8caps.dat
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/26 22:48:12 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/24 22:58:25 | 00,000,248 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\wklnhst.dat
[2009/04/24 22:02:56 | 00,006,774 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\PrimoPDFSet.xml
[2009/04/24 22:00:00 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/04/18 13:15:06 | 00,006,648 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\d3d9caps.dat
[2009/04/17 22:19:37 | 00,000,034 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\pcouffin.log
[2009/04/17 22:17:35 | 00,087,608 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\inst.exe
[2009/04/17 22:17:35 | 00,007,887 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\pcouffin.cat
[2009/04/17 22:17:34 | 00,001,144 | ---- | C] () -- C:\Users\Jasmine\AppData\Roaming\pcouffin.inf
[2009/04/17 20:43:05 | 00,053,760 | ---- | C] () -- C:\Users\Jasmine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 20:28:32 | 00,001,431 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/04/17 15:25:21 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/04/14 21:15:54 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/04/14 21:15:53 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009/04/14 17:35:23 | 00,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/04/14 17:35:22 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/04/28 10:13:33 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >

Thank you

#10 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 27 January 2010 - 10:09 AM

Hi,

this is looking good. How is your PC doing now?

Please run a scan with Eset next:

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#11 onesweetypie

Member

Group: Members
Posts: 42
Joined: 02-August 06
Gender:Female
Location:TN

Posted 27 January 2010 - 06:55 PM

Hi Myrti,

It found nothing. I couldn't save a log so I took a screenshot and posted the image and link below.

http://yfrog.com/5iesetonlinescannerj

My PC is faster and I was able to change the date and time. It's now showing the accurate date and time.
No problems with firefox.

Is my PC now clean? And do you think its safe to for financial transactions and such?

Thank you!

This post has been edited by onesweetypie: 28 January 2010 - 12:44 AM

#12 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 29 January 2010 - 11:49 AM

Hi,

yes your logs look clean to me!

Please update your software next, before we get to the final step:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
Click the Download button to the right.
Select your Platform: "Windows".
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "Accept License Agreement".
Click Continue and the page will refresh.
Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet are a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

Let me know if you run into any problems with the updates.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#13 onesweetypie

Member

Group: Members
Posts: 42
Joined: 02-August 06
Gender:Female
Location:TN

Posted 04 February 2010 - 11:31 PM

Hi Myrti,

Sorry for the late response.

I removed all older versions of Java and downloaded, installed the new one as you instructed.
Is there a way to ask Java to update automatically? I clicked on the link you posted but it's just information unless its included
in the new Java update.

I check my Windows Update and it says there are two optional updates:
ATI Technologies - meida - ATI Unified AVStream Driver
Realtek - Network - Realtek PCIe GBE Family Controller

I didn't do any Windows Update because there were none found to be important just optional ones.
Do I need Windows XP Service Pack 3 although I have Windows Vista?

Thank you for all your help

onesweetypie

#14 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 05 February 2010 - 12:31 PM

Hi,

of course you do not need sp3 for Windows XP when running Vista. Very sorry about that, I mixed up two topics.

Your Windows install seems to be up to date, sorry. Optional updates will usually either add new functionalities to an already installed driver/program or fix non-critical bugs. If you are currently not experiencing problems then I would not update.

Java does automatic updates but up to Version 6 update 13 it did not remove the old version when installing the new one. This is why you have more than one version installed. By default java will install and activate an updater, that checks once a month if new updates are available, it seems that you chose not to or disabled the updater at some point.

how is the PC doing now, any problems left?

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#15 onesweetypie

Member

Group: Members
Posts: 42
Joined: 02-August 06
Gender:Female
Location:TN

Posted 05 February 2010 - 05:37 PM

Hi Myrti,

Ah okay, I was getting a bit confused there. I don't believe I'm experiencing any problems with the driver/program so I will not update them.

The PC seems to be running fine.

Nothing has pulled up in McAfee or Malware AntiBytes.

Is my computer clean now? If yes, is it safe to do anything financial on here?

Thank you so much!!
onesweetypie

This post has been edited by onesweetypie: 05 February 2010 - 05:37 PM