Infected w Trojan.Agent and Backdoor.Bot

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Infected w Trojan.Agent and Backdoor.Bot, Can't remove it

Options

onesweetypie View Member Profile	Jan 16 2010, 10:08 PM Post #1
Member Group: Members Posts: 42 Joined: 2-August 06 From: TN Member No.: 79,072	Hi there, Yesterday I got infected around 11PM on 01/15/2010 when I visited a website and clicked on a link. I got 2 popups from McAfee shortly after stating it was a Trojan but I cannot find it in the logs. Since then I have been trying to remove the viruses off and on and have failed. I have run the following: Adaware Spybot Search & Destroy Malwarebytes Anti-Malware Super AntiSpyware I have removed anything found but it keeps coming back and Malwarebytes Anti-Malware is detecting it. MaAfee is picking up nothing. Any help would be greatly appreciated, Thank you. DDS.txt report DDS (Ver_09-12-01.01) - NTFSx86 Run by Jasmine at 20:36:54.04 on Sat 01/16/2010 Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_13 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2012.591 [GMT -6:00] SP: Spybot - Search and Destroy enabled (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Lavasoft Ad-Watch Live! disabled (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: SUPERAntiSpyware enabled (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\AERTSrv.exe C:\Program Files\Common Files\Dell\apache\bin\httpd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe C:\Program Files\Common Files\Dell\apache\bin\httpd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Dell Remote Access\ezi_ra.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehsched.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Windows\system32\printfilterpipelinesvc.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\BXRHIO07Z.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\System32\notepad.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Jasmine\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uWindow Title = Internet Explorer provided by Dell uInternet Settings,ProxyOverride = .local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Aim6] uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [userinit] c:\users\jasmine\appdata\roaming\sdra64.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\jasmine\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\users\jasmine\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\jasmine\appdata\roaming\mozilla\firefox\profiles\i18cqcmu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - component: c:\users\jasmine\appdata\roaming\mozilla\firefox\profiles\i18cqcmu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-21 64160] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-14 214664] R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-4-14 27648] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-14 112128] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-14 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-14 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-14 40552] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-14 34248] =============== Created Last 30 ================ 2010-01-16 21:03:35 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2010-01-16 21:03:34 0 d-----w- c:\program files\SpywareBlaster 2010-01-16 21:02:03 0 d-----w- c:\programdata\SUPERAntiSpyware.com 2010-01-16 21:00:54 0 d-----w- c:\users\jasmine\appdata\roaming\SUPERAntiSpyware.com 2010-01-16 21:00:54 0 d-----w- c:\program files\SUPERAntiSpyware 2010-01-16 20:59:28 0 d-----w- c:\program files\common files\Wise Installation Wizard 2010-01-16 05:14:44 0 d-sh--w- c:\users\jasmine\appdata\roaming\lowsec 2010-01-13 21:49:32 0 d-----w- c:\users\jasmine\appdata\roaming\Malwarebytes 2010-01-13 21:48:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-13 21:48:55 0 d-----w- c:\programdata\Malwarebytes 2010-01-13 21:48:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-13 21:48:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-13 12:53:15 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-13 12:53:15 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-05 11:27:08 0 d-----w- c:\program files\Xilisoft 2009-12-31 19:58:40 0 d-----w- c:\program files\Windows Portable Devices 2009-12-31 19:57:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-12-31 19:57:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-12-31 19:55:22 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-12-31 19:55:21 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-12-31 19:55:21 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-12-31 19:53:42 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-12-31 19:51:43 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-12-31 19:51:43 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-12-31 19:51:43 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-12-30 07:29:24 0 d-----w- c:\windows\system32\eu-ES 2009-12-30 07:29:24 0 d-----w- c:\windows\system32\ca-ES 2009-12-30 07:29:21 0 d-----w- c:\windows\system32\vi-VN 2009-12-28 06:41:34 0 d-----r- c:\users\jasmine\appdata\roaming\Brother 2009-12-28 05:52:20 27 ----a-w- c:\windows\BRPP2KA.INI 2009-12-28 05:52:20 0 d-----w- c:\programdata\Brother 2009-12-28 05:52:19 461 ----a-w- c:\windows\BRWMARK.INI ==================== Find3M ==================== 2009-12-31 19:57:47 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-12-31 19:57:47 51200 ----a-w- c:\windows\inf\infpub.dat 2009-12-31 19:57:46 143360 ----a-w- c:\windows\inf\infstor.dat 2009-12-31 19:57:45 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-12-30 07:22:14 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-12-01 11:18:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-04-15 02:57:37 8192 --sha-w- c:\windows\users\default\NTUSER.DAT ============= FINISH: 20:38:51.17 =============== Attached File(s)* Attach.txt ( 5.3k ) Number of downloads: 3 ark.txt ( 48.2k ) Number of downloads: 1

myrti View Member Profile	Jan 23 2010, 09:55 PM Post #2
bleepin' _temp_ Group: Malware Response Instructor Posts: 13,121 Joined: 25-January 08 From: At home Member No.: 186,120	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far. Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem. [We need to create an OTL Report Please download OTL from one of the following mirrors: This is THE Mirror Save it to your desktop. Double click on the icon on your desktop. Click the "Scan All Users" checkbox. In the custom scan box paste the following: CODE netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %systemroot%\system32\.dll /lockedfiles %systemroot%\Tasks\.job /lockedfiles /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys /md5stop %systemroot%\. /mp /s Push the button. Two reports will open, copy and paste them in a reply here: OTL.txt* <-- Will be opened Extra.txt<--Will be minimized In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine. After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you! I'll be gone from 30th July - 5th August. Sorry for any incovenience caused.

myrti View Member Profile	Jan 25 2010, 08:12 AM Post #4
bleepin' _temp_ Group: Malware Response Instructor Posts: 13,121 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, I don't believe that you have exactly the same infection as the thread you linked to. The file name points to a different version of the same infection though. It is an information stealing malware. I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required to clean your PC. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation as soon as possible. If you do not have access to a known clean computer, you will still need to change your passwords, and all other sensitive information, but only once your system is deemed clean. Please run a scan with gmer: Please download DeFogger to your desktop. Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop. Do not re-enable these drivers until otherwise instructed. Please download GMER from one of the following locations and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode. regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you! I'll be gone from 30th July - 5th August. Sorry for any incovenience caused.

onesweetypie View Member Profile	Jan 25 2010, 09:06 PM Post #5
Member Group: Members Posts: 42 Joined: 2-August 06 From: TN Member No.: 79,072	Thank you for checking to see if the viruses are the same. To be on the safe side, since I read the thread I have stopped using this desktop for financial purpose as well as changed passwords on another computer. So it is possible to clean this desktop without reformatting? I do not wish to reformat if it's not necessary. Here is the log you requested: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-24 19:53:22 Windows 6.0.6002 Service Pack 2 Running: 75zmiomz.exe; Driver: C:\Users\Jasmine\AppData\Local\Temp\pxrdrfoc.sys ---- Kernel code sections - GMER 1.0.15 ---- ? C:\Users\Jasmine\AppData\Local\Temp\pxrdrfoc.sys The system cannot find the file specified. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0xB8 0x43 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0x02 0xF4 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x25 0x98 0x6F 0x73 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x92 0xB8 0x43 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0x02 0xF4 0xA3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x25 0x98 0x6F 0x73 ... ---- EOF - GMER 1.0.15 ---- Thank you once again for your help

myrti View Member Profile	Jan 25 2010, 09:26 PM Post #6
bleepin' _temp_ Group: Malware Response Instructor Posts: 13,121 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, we should be able to remove all infections we find. The good news actually is that you do not seem to be infected with rootkits, which should make the task that much easier. The logs already look pretty good. Please run an updated scan with Malwarebytes to see what it still finds: Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy. Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you! I'll be gone from 30th July - 5th August. Sorry for any incovenience caused.

onesweetypie View Member Profile	Jan 26 2010, 12:49 AM Post #7
Member Group: Members Posts: 42 Joined: 2-August 06 From: TN Member No.: 79,072	Here you go, thank you. Malwarebytes' Anti-Malware 1.44 Database version: 3639 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 1/25/2010 11:48:16 PM mbam-log-2010-01-25 (23-48-16).txt Scan type: Quick Scan Objects scanned: 109337 Time elapsed: 4 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

myrti View Member Profile	Jan 26 2010, 11:36 AM Post #8
bleepin' _temp_ Group: Malware Response Instructor Posts: 13,121 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, please run the following fix to remove the files visible in the OTL log: Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :otl @Alternate Data Stream - 72 bytes -> C:\Windows:FAD6FD285739AFFF @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 [2010/01/15 23:18:50 \| 00,000,000 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Local\Hfuzumuligi.bin [2010/01/15 23:18:49 \| 00,000,120 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Local\Ehebifureqijo.dat :commands [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, when done it will say "Fix Complete press ok to open the log" Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. ================================Follow up scan================================= Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output* at the top change it to Minimal Output. Under the Standard Registry box change it to All. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply. regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you! I'll be gone from 30th July - 5th August. Sorry for any incovenience caused.

onesweetypie View Member Profile	Jan 26 2010, 05:11 PM Post #9
Member Group: Members Posts: 42 Joined: 2-August 06 From: TN Member No.: 79,072	OTL Run Fix Log All processes killed ========== OTL ========== ADS C:\Windows:FAD6FD285739AFFF deleted successfully. ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully. ADS C:\ProgramData\TEMP:5C321E34 deleted successfully. C:\Users\Jasmine\AppData\Local\Hfuzumuligi.bin moved successfully. C:\Users\Jasmine\AppData\Local\Ehebifureqijo.dat moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jasmine ->Temp folder emptied: 7645773 bytes ->Temporary Internet Files folder emptied: 34888753 bytes ->Java cache emptied: 62539259 bytes ->FireFox cache emptied: 92376674 bytes User: Public User: RA Media Server ->Temp folder emptied: 16178705 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1103558 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 4054828 bytes Total Files Cleaned = 209.00 mb OTL by OldTimer - Version 3.1.26.0 log created on 01262010_154118 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\mcmsc_dhzjQc0cTt2eEfw not found! File\Folder C:\Windows\temp\mcmsc_Kv5fvOcKnVbVRS9 not found! File\Folder C:\Windows\temp\sqlite_bpmqNypdT8DubQE not found! File\Folder C:\Windows\temp\sqlite_tjYbuDi80bnwgYa not found! File\Folder C:\Windows\temp\sqlite_UC38SZRhTYl5ewI not found! File\Folder C:\Windows\temp\sqlite_yQm7b3EmdOeG0RU not found! Registry entries deleted on Reboot... OTL LOG OTL logfile created on: 1/26/2010 3:57:26 PM - Run 2 OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Jasmine\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.00 Gb Available Physical Memory \| 41.00% Memory free 4.00 Gb Paging File \| 3.00 Gb Available in Paging File \| 61.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 450.71 Gb Total Space \| 256.53 Gb Free Space \| 56.92% Space Free \| Partition Type: NTFS Drive D: \| 15.00 Gb Total Space \| 9.27 Gb Free Space \| 61.78% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded Drive F: \| 298.08 Gb Total Space \| 202.57 Gb Free Space \| 67.96% Space Free \| Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JASMINE-PC Current User Name: Jasmine Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Jasmine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\System32\WLTRYSVC.EXE () PRC - C:\Windows\System32\WLTRAY.EXE (Dell Inc.) PRC - C:\Windows\System32\BCMWLTRY.EXE (Dell Inc.) PRC - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.) PRC - C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation) PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation) PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation) PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe () PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Jasmine\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (wltrysvc) -- C:\Windows\System32\WLTRYSVC.EXE () SRV - (hnmsvc) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.) SRV - (dsl-fs-sync) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation) SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Apache2.2) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation) SRV - (dsl-db) -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (pcouffin) -- C:\Windows\System32\drivers\pcouffin.sys (VSO Software) DRV - (usb_rndisx) -- C:\Windows\System32\drivers\usb8023x.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Windows ® Codename Longhorn DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (Packet) -- C:\Windows\System32\drivers\packet.sys (SingleClick Systems) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (ATIAVPCI) -- C:\Windows\System32\drivers\atinavrr.sys (ATI Technologies Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AIM Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..extensions.enabledItems: {b92d6e49-3672-4c79-80b1-b0b4465e2025}:1.1.51 FF - prefs.js..extensions.enabledItems: dictionary@mozila.firefox.com:1.6.1 FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091216W FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.6.9 FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {50DF3CE6-DC2A-4069-9AC3-7CF593B584E3}:1.9.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6 FF - prefs.js..extensions.enabledItems: {fd2f951f-77ea-4938-9493-0c892c027a13}:0.9.7 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/19 23:41:34 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 00:28:40 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/21 10:28:38 \| 00,000,000 \| ---D \| M] [2009/04/17 15:01:18 \| 00,000,000 \| ---D \| M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Extensions [2009/04/17 15:01:18 \| 00,000,000 \| ---D \| M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/01/25 22:32:30 \| 00,000,000 \| ---D \| M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions [2009/05/23 15:35:07 \| 00,000,000 \| ---D \| M] (Word Count) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{205026F2-3243-49e1-8A44-A826B28C34F0} [2009/08/20 12:32:11 \| 00,000,000 \| ---D \| M] (Microsoft .NET Framework Assistant) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/12/23 12:38:42 \| 00,000,000 \| ---D \| M] (Google Toolbar for Firefox) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/06 03:39:27 \| 00,000,000 \| ---D \| M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2009/07/16 09:21:28 \| 00,000,000 \| ---D \| M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{b92d6e49-3672-4c79-80b1-b0b4465e2025} [2009/07/01 00:19:04 \| 00,000,000 \| ---D \| M] (Web Developer) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009/10/13 23:59:04 \| 00,000,000 \| ---D \| M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2009/12/31 13:49:18 \| 00,000,000 \| ---D \| M] (Firefox 2, the theme, reloaded) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13} [2010/01/15 12:50:52 \| 00,000,000 \| ---D \| M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\dictionary@mozila.firefox.com [2009/12/01 05:59:07 \| 00,000,000 \| ---D \| M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\rankchecker@seobook.com [2009/12/01 05:59:09 \| 00,000,000 \| ---D \| M] -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\seo4firefox@seobook.com [2009/12/31 13:49:34 \| 00,000,000 \| ---D \| M] (No name found) -- C:\Users\Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\i18cqcmu.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}\chrome\mozapps\extensions [2010/01/13 18:58:38 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009/12/21 10:28:38 \| 00,000,000 \| ---D \| M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/04/26 22:18:22 \| 00,000,000 \| ---D \| M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009/04/17 17:25:54 \| 00,000,000 \| ---D \| M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/06/10 15:43:27 \| 00,000,000 \| ---D \| M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010/01/26 15:30:47 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com [2009/12/21 10:28:25 \| 00,023,512 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/12/21 10:28:25 \| 00,137,176 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/03/09 04:19:09 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/12/21 10:28:35 \| 00,064,984 \| ---- \| M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/02/27 13:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/09/14 19:29:55 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/09/14 19:29:55 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/09/14 19:29:55 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/09/14 19:29:55 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/09/14 19:29:55 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/09/14 19:29:55 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/09/14 19:29:56 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2007/04/16 11:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2007/03/09 17:16:44 \| 00,189,496 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll [2009/11/10 03:22:46 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/11/10 03:22:46 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/11/10 03:22:46 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/11/10 03:22:46 \| 00,002,344 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/11/10 03:22:46 \| 00,002,371 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/11/10 03:22:46 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/11/10 03:22:46 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2006/09/18 15:41:30 \| 00,000,761 \| ---- \| M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WD Button Manager] C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Jasmine\Pictures\Backgrounds\Japanese_Cherry_Blossom_wallpapers_GA038.jpg O24 - Desktop BackupWallPaper: C:\Users\Jasmine\Pictures\Backgrounds\Japanese_Cherry_Blossom_wallpapers_GA038.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 \| 00,000,024 \| -HS- \| M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/10/23 23:04:11 \| 00,000,000 \| -HS- \| M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{6bbdb877-425e-11de-832b-0021705bcddc}\Shell - "" = AutoRun O33 - MountPoints2\{6bbdb877-425e-11de-832b-0021705bcddc}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk ) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/01/26 15:41:18 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2010/01/25 22:24:51 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/01/25 22:24:48 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/01/25 22:24:48 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/01/25 22:24:00 \| 05,115,824 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\Jasmine\Desktop\mbam-setup.exe [2010/01/23 23:26:36 \| 00,547,328 \| ---- \| C] (OldTimer Tools) -- C:\Users\Jasmine\Desktop\OTL.exe [2010/01/22 19:15:14 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Roaming\ArcSoft [2010/01/22 19:12:04 \| 00,364,544 \| ---- \| C] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe [2010/01/22 19:11:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\My Book [2010/01/22 19:08:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Western Digital Technologies [2010/01/22 19:06:01 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\MyBook1C [2010/01/22 19:03:37 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Roaming\Download Manager [2010/01/22 17:38:41 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Local\Citrix [2010/01/22 17:32:45 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Roaming\McAfee [2010/01/22 17:07:52 \| 00,000,000 \| -HSD \| C] -- C:\RECYCLER [2010/01/21 14:55:14 \| 01,469,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010/01/21 14:55:14 \| 00,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/01/21 14:55:14 \| 00,387,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/01/21 14:55:14 \| 00,184,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/01/21 14:55:14 \| 00,164,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/01/21 14:55:14 \| 00,133,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/01/21 14:55:14 \| 00,109,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010/01/21 14:55:14 \| 00,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/01/21 14:55:13 \| 01,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/01/21 14:55:13 \| 00,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010/01/21 14:55:13 \| 00,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010/01/21 14:55:13 \| 00,055,808 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010/01/21 14:55:13 \| 00,025,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/01/21 14:55:13 \| 00,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/01/19 19:53:11 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Local\Apple Computer [2010/01/18 23:59:21 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Local\AOL OCP [2010/01/18 23:59:15 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Local\AOL [2010/01/18 19:09:02 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Local\Apple [2010/01/17 20:34:00 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Local\Adobe [2010/01/17 16:09:20 \| 00,050,688 \| ---- \| C] (Atribune.org) -- C:\Users\Jasmine\Desktop\ATF-Cleaner.exe [2010/01/17 04:05:53 \| 00,000,000 \| ---D \| C] -- C:\Windows\pss [2010/01/17 02:43:44 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\Japanese Purse Book [2010/01/16 20:37:56 \| 00,472,064 \| ---- \| C] ( ) -- C:\Users\Jasmine\Desktop\RootRepeal.exe [2010/01/16 16:23:56 \| 05,207,047 \| ---- \| C] (McAfee Inc.) -- C:\Users\Jasmine\Documents\stinger1001688.exe [2010/01/16 15:03:35 \| 00,118,784 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL [2010/01/16 15:03:34 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SpywareBlaster [2010/01/16 15:02:03 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\SUPERAntiSpyware.com [2010/01/16 15:00:54 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Roaming\SUPERAntiSpyware.com [2010/01/16 15:00:54 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2010/01/16 14:59:28 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/01/15 23:18:46 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Local\{50DF3CE6-DC2A-4069-9AC3-7CF593B584E3} [2010/01/15 23:14:44 \| 00,000,000 \| -HSD \| C] -- C:\Users\Jasmine\AppData\Roaming\lowsec [2010/01/13 18:49:39 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\Kawaii Products [2010/01/13 15:49:32 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\AppData\Roaming\Malwarebytes [2010/01/13 15:48:55 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2010/01/13 06:53:15 \| 00,156,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010/01/13 06:53:15 \| 00,072,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010/01/11 22:02:05 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\Pandas [2010/01/11 21:49:25 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\Cali Kawaii [2010/01/11 21:41:59 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\Music [2010/01/11 21:33:33 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\Kawaii Notes [2010/01/11 21:26:58 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\Fitness Stuff [2010/01/11 21:26:32 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\Beauty [2010/01/11 21:18:52 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Desktop\sanrio brushes n font [2010/01/05 05:27:08 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Xilisoft [2009/12/31 13:58:40 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Portable Devices [2009/12/31 13:55:22 \| 00,092,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2009/12/31 13:55:21 \| 03,023,360 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2009/12/31 13:55:21 \| 01,164,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2009/12/31 13:54:33 \| 00,369,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2009/12/31 13:54:33 \| 00,037,888 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2009/12/31 13:54:32 \| 00,974,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll [2009/12/31 13:54:32 \| 00,829,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2009/12/31 13:54:32 \| 00,828,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2009/12/31 13:54:32 \| 00,321,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2009/12/31 13:54:32 \| 00,280,064 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2009/12/31 13:54:32 \| 00,252,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2009/12/31 13:54:32 \| 00,195,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2009/12/31 13:54:32 \| 00,189,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2009/12/31 13:54:32 \| 00,135,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2009/12/31 13:54:32 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2009/12/31 13:54:31 \| 01,554,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2009/12/31 13:54:31 \| 01,064,448 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2009/12/31 13:54:31 \| 01,030,144 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2009/12/31 13:54:31 \| 00,847,360 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2009/12/31 13:54:31 \| 00,793,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2009/12/31 13:54:31 \| 00,667,648 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2009/12/31 13:54:31 \| 00,519,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2009/12/31 13:54:31 \| 00,486,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2009/12/31 13:54:31 \| 00,481,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2009/12/31 13:54:31 \| 00,351,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2009/12/31 13:54:31 \| 00,218,112 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2009/12/31 13:54:31 \| 00,190,464 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2009/12/31 13:54:31 \| 00,161,280 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2009/12/31 13:53:42 \| 00,030,208 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2009/12/31 13:53:41 \| 00,031,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2009/12/31 13:53:28 \| 00,060,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2009/12/31 13:53:26 \| 00,546,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2009/12/31 13:53:26 \| 00,334,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2009/12/31 13:53:26 \| 00,226,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2009/12/31 13:53:26 \| 00,160,256 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2009/12/31 13:53:26 \| 00,100,864 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2009/12/31 13:53:26 \| 00,061,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2009/12/31 13:53:26 \| 00,033,280 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2009/12/31 13:53:25 \| 00,350,208 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2009/12/31 13:53:25 \| 00,196,608 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2009/12/31 13:51:43 \| 00,555,520 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2009/12/31 13:51:43 \| 00,004,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2009/12/30 01:29:24 \| 00,000,000 \| ---D \| C] -- C:\Windows\System32\eu-ES [2009/12/30 01:29:24 \| 00,000,000 \| ---D \| C] -- C:\Windows\System32\ca-ES [2009/12/30 01:29:21 \| 00,000,000 \| ---D \| C] -- C:\Windows\System32\vi-VN [2009/12/29 01:29:18 \| 00,000,000 \| ---D \| C] -- C:\Users\Jasmine\Documents\Travel [2009/12/28 00:41:34 \| 00,000,000 \| R--D \| C] -- C:\Users\Jasmine\AppData\Roaming\Brother [2009/12/27 23:52:20 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Brother [2009/07/22 10:47:19 \| 08,270,752 \| ---- \| C] (Dell, Inc. ) -- C:\Users\Jasmine\AppData\Roaming\DataSafeDotNet.exe [2009/04/17 22:17:35 \| 00,047,360 \| ---- \| C] (VSO Software) -- C:\Users\Jasmine\AppData\Roaming\pcouffin.sys [2 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [2 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/26 15:56:31 \| 03,670,016 \| -HS- \| M] () -- C:\Users\Jasmine\ntuser.dat [2010/01/26 15:53:20 \| 00,030,197 \| ---- \| M] () -- C:\Windows\System32\Config.MPF [2010/01/26 15:52:16 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/01/26 15:52:16 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/01/26 15:52:12 \| 00,000,276 \| ---- \| M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job [2010/01/26 15:52:09 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2010/01/26 15:52:07 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2010/01/26 15:51:50 \| 21,109,71904 \| -HS- \| M] () -- C:\hiberfil.sys [2010/01/26 15:50:48 \| 00,524,288 \| -HS- \| M] () -- C:\Users\Jasmine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/01/26 15:50:48 \| 00,065,536 \| -HS- \| M] () -- C:\Users\Jasmine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/01/26 06:27:57 \| 02,665,451 \| -H-- \| M] () -- C:\Users\Jasmine\AppData\Local\IconCache.db [2010/01/25 22:24:54 \| 00,000,780 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/25 22:24:10 \| 05,115,824 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\Jasmine\Desktop\mbam-setup.exe [2010/01/24 19:33:24 \| 00,006,648 \| ---- \| M] () -- C:\Users\Jasmine\AppData\Local\d3d9caps.dat [2010/01/24 18:11:18 \| 26,679,5497 \| ---- \| M] () -- C:\Windows\MEMORY.DMP [2010/01/24 17:42:31 \| 00,000,034 \| ---- \| M] () -- C:\Users\Jasmine\defogger_reenable [2010/01/24 17:06:04 \| 00,293,376 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\75zmiomz.exe [2010/01/24 17:05:55 \| 00,049,965 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\Defogger.exe [2010/01/24 13:46:31 \| 00,018,492 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\Anime List.ods [2010/01/23 23:26:41 \| 00,547,328 \| ---- \| M] (OldTimer Tools) -- C:\Users\Jasmine\Desktop\OTL.exe [2010/01/23 19:41:27 \| 00,222,461 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.68284985.jpg [2010/01/23 19:28:57 \| 00,842,766 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.112114365.jpg [2010/01/23 18:16:51 \| 00,001,176 \| ---- \| M] () -- C:\Users\Jasmine\AppData\Roaming\vso_ts_preview.xml [2010/01/23 17:58:36 \| 00,152,329 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\hkvampire.psd [2010/01/23 17:58:15 \| 00,354,504 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\hkgoth.psd [2010/01/23 17:58:10 \| 00,690,960 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/01/23 17:58:10 \| 00,595,446 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2010/01/23 17:58:10 \| 00,101,144 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2010/01/23 01:34:31 \| 00,012,779 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\il_430xN.54075115.jpg [2010/01/23 00:13:12 \| 00,106,045 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\blogpics 001.jpg [2010/01/23 00:13:08 \| 00,082,568 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\blogpics 006.jpg [2010/01/22 22:05:29 \| 06,011,990 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\How to Make a Sweet YG's Wallet - revised.pdf [2010/01/22 19:14:09 \| 00,364,544 \| ---- \| M] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe [2010/01/22 19:11:34 \| 00,001,739 \| ---- \| M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Backup Monitor.lnk [2010/01/22 19:05:12 \| 38,938,548 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\MyBook1C.zip [2010/01/22 16:39:58 \| 00,000,020 \| -HS- \| M] () -- C:\ArcDeviceInfo [2010/01/21 02:42:11 \| 00,027,146 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116734215.jpg [2010/01/21 02:16:58 \| 00,000,248 \| ---- \| M] () -- C:\Users\Jasmine\AppData\Roaming\wklnhst.dat [2010/01/21 00:42:03 \| 00,022,907 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116897250.jpg [2010/01/17 16:11:00 \| 07,520,288 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware.exe [2010/01/17 16:09:23 \| 00,050,688 \| ---- \| M] (Atribune.org) -- C:\Users\Jasmine\Desktop\ATF-Cleaner.exe [2010/01/17 04:25:37 \| 01,699,000 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/01/17 01:49:50 \| 00,081,997 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\2ndtime-3popsea.jpg [2010/01/17 01:29:41 \| 00,259,787 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\wierd popups.jpg [2010/01/17 01:26:14 \| 20,346,380 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\Labores de Ana nº .61 - Mundo da Hello Kitty.rar [2010/01/17 01:25:45 \| 09,491,612 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\hllokttiyefltmacsot.rar [2010/01/17 01:06:25 \| 04,822,287 \| R--- \| M] () -- C:\Users\Jasmine\Desktop\Japanese Purse Book.rar [2010/01/16 23:49:56 \| 00,082,511 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware-popup.jpg [2010/01/16 20:37:59 \| 00,472,064 \| ---- \| M] ( ) -- C:\Users\Jasmine\Desktop\RootRepeal.exe [2010/01/16 20:36:11 \| 00,524,288 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\dds.scr [2010/01/16 19:15:56 \| 00,000,017 \| ---- \| M] () -- C:\Users\Jasmine\Documents\stinger1001688.opt [2010/01/16 16:24:14 \| 05,207,047 \| ---- \| M] (McAfee Inc.) -- C:\Users\Jasmine\Documents\stinger1001688.exe [2010/01/15 21:36:31 \| 00,053,760 \| ---- \| M] () -- C:\Users\Jasmine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/15 21:06:32 \| 00,001,747 \| ---- \| M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010/01/15 02:37:38 \| 00,034,644 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\4082646651_9d8a8294d3_o.png [2010/01/15 02:37:02 \| 00,012,703 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\4061499970_4e613d2fd2_o.png [2010/01/15 02:35:05 \| 00,005,346 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\4144158714_ea2751a113_o.jpg [2010/01/15 01:00:00 \| 00,000,356 \| ---- \| M] () -- C:\Windows\tasks\McDefragTask.job [2010/01/14 11:12:06 \| 00,181,120 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/01/14 10:14:31 \| 00,000,472 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010/01/12 20:53:24 \| 00,048,914 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\il_430xN.102689267.jpg [2010/01/12 20:51:03 \| 00,047,101 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\il_430xN.71032260.jpg [2010/01/12 19:45:51 \| 00,003,895 \| ---- \| M] () -- C:\Users\Jasmine\Documents\Percy Jackson Lightning Thief.rtf [2010/01/10 16:16:37 \| 00,169,351 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\w-fai-silvermist-leaves-1280.jpg [2010/01/08 19:38:00 \| 00,321,571 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\World_Japan_Toji_Temple__Kyoto__Japan_007891_.jpg [2010/01/08 19:27:51 \| 00,998,916 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\HK-kimono.jpg [2010/01/07 16:07:14 \| 00,038,224 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 \| 00,019,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/01/07 02:08:00 \| 00,006,774 \| ---- \| M] () -- C:\Users\Jasmine\AppData\Roaming\PrimoPDFSet.xml [2010/01/02 00:33:32 \| 00,594,432 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/01/02 00:33:32 \| 00,055,296 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/01/02 00:32:51 \| 00,025,600 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/01/02 00:32:46 \| 01,469,440 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010/01/02 00:32:33 \| 00,164,352 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/01/02 00:32:33 \| 00,109,056 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010/01/02 00:32:33 \| 00,071,680 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010/01/02 00:32:32 \| 00,184,320 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/01/02 00:32:32 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010/01/02 00:32:26 \| 00,387,584 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/01/01 22:57:00 \| 00,133,632 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/01/01 22:56:50 \| 00,173,056 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010/01/01 22:56:14 \| 00,013,312 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/01/01 22:55:54 \| 01,638,912 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/01/01 01:00:00 \| 00,000,348 \| ---- \| M] () -- C:\Windows\tasks\McQcTask.job [2009/12/31 21:41:23 \| 00,020,812 \| ---- \| M] () -- C:\Users\Jasmine\Desktop\ahlive15.jpg [2009/12/31 13:57:39 \| 00,000,000 \| -H-- \| M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009/12/31 13:57:06 \| 00,000,000 \| -H-- \| M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009/12/31 02:10:14 \| 00,260,466 \| ---- \| M] () -- C:\Users\Jasmine\Documents\57 History of Medicine iss 6.pdf [2009/12/28 00:45:20 \| 00,000,461 \| ---- \| M] () -- C:\Windows\BRWMARK.INI [2009/12/27 23:52:20 \| 00,000,027 \| ---- \| M] () -- C:\Windows\BRPP2KA.INI [2 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] [2 C:\ProgramData\.tmp files -> C:\ProgramData\.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/25 22:24:54 \| 00,000,780 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/24 19:54:21 \| 21,109,71904 \| -HS- \| C] () -- C:\hiberfil.sys [2010/01/24 18:11:18 \| 26,679,5497 \| ---- \| C] () -- C:\Windows\MEMORY.DMP [2010/01/24 17:41:31 \| 00,000,034 \| ---- \| C] () -- C:\Users\Jasmine\defogger_reenable [2010/01/24 17:06:01 \| 00,293,376 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\75zmiomz.exe [2010/01/24 17:05:54 \| 00,049,965 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\Defogger.exe [2010/01/23 19:41:26 \| 00,222,461 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.68284985.jpg [2010/01/23 19:28:55 \| 00,842,766 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.112114365.jpg [2010/01/23 17:58:34 \| 00,152,329 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\hkvampire.psd [2010/01/23 17:58:13 \| 00,354,504 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\hkgoth.psd [2010/01/23 01:34:30 \| 00,012,779 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\il_430xN.54075115.jpg [2010/01/23 00:13:11 \| 00,106,045 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\blogpics 001.jpg [2010/01/23 00:13:07 \| 00,082,568 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\blogpics 006.jpg [2010/01/22 22:05:16 \| 06,011,990 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\How to Make a Sweet YG's Wallet - revised.pdf [2010/01/22 19:11:34 \| 00,001,739 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Backup Monitor.lnk [2010/01/22 19:03:45 \| 38,938,548 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\MyBook1C.zip [2010/01/22 16:39:58 \| 00,000,020 \| -HS- \| C] () -- C:\ArcDeviceInfo [2010/01/21 02:42:08 \| 00,027,146 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116734215.jpg [2010/01/21 00:42:03 \| 00,022,907 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\il_fullxfull.116897250.jpg [2010/01/17 16:10:35 \| 07,520,288 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware.exe [2010/01/17 15:32:17 \| 00,001,966 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk [2010/01/17 15:32:17 \| 00,001,172 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2010/01/17 15:32:17 \| 00,000,860 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk [2010/01/17 01:49:50 \| 00,081,997 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\2ndtime-3popsea.jpg [2010/01/17 01:29:38 \| 00,259,787 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\wierd popups.jpg [2010/01/17 01:22:01 \| 09,491,612 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\hllokttiyefltmacsot.rar [2010/01/17 01:20:19 \| 20,346,380 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\Labores de Ana nº .61 - Mundo da Hello Kitty.rar [2010/01/17 01:06:25 \| 04,822,287 \| R--- \| C] () -- C:\Users\Jasmine\Desktop\Japanese Purse Book.rar [2010/01/16 23:49:54 \| 00,082,511 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\SUPERAntiSpyware-popup.jpg [2010/01/16 20:36:02 \| 00,524,288 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\dds.scr [2010/01/16 18:59:51 \| 00,000,017 \| ---- \| C] () -- C:\Users\Jasmine\Documents\stinger1001688.opt [2010/01/15 02:37:34 \| 00,034,644 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\4082646651_9d8a8294d3_o.png [2010/01/15 02:36:58 \| 00,012,703 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\4061499970_4e613d2fd2_o.png [2010/01/15 02:34:59 \| 00,005,346 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\4144158714_ea2751a113_o.jpg [2010/01/12 20:53:24 \| 00,048,914 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\il_430xN.102689267.jpg [2010/01/12 20:51:00 \| 00,047,101 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\il_430xN.71032260.jpg [2010/01/12 19:45:51 \| 00,003,895 \| ---- \| C] () -- C:\Users\Jasmine\Documents\Percy Jackson Lightning Thief.rtf [2010/01/10 16:16:33 \| 00,169,351 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\w-fai-silvermist-leaves-1280.jpg [2010/01/08 19:37:55 \| 00,321,571 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\World_Japan_Toji_Temple__Kyoto__Japan_007891_.jpg [2010/01/08 19:27:43 \| 00,998,916 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\HK-kimono.jpg [2009/12/31 21:41:22 \| 00,020,812 \| ---- \| C] () -- C:\Users\Jasmine\Desktop\ahlive15.jpg [2009/12/31 13:57:39 \| 00,000,000 \| -H-- \| C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009/12/31 13:57:06 \| 00,000,000 \| -H-- \| C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009/12/31 02:10:14 \| 00,260,466 \| ---- \| C] () -- C:\Users\Jasmine\Documents\57 History of Medicine iss 6.pdf [2009/12/27 23:52:20 \| 00,000,027 \| ---- \| C] () -- C:\Windows\BRPP2KA.INI [2009/12/27 23:52:19 \| 00,000,461 \| ---- \| C] () -- C:\Windows\BRWMARK.INI [2009/12/19 10:29:03 \| 00,001,264 \| ---- \| C] () -- C:\ProgramData\tmp4606.log [2009/09/11 01:01:25 \| 00,117,248 \| ---- \| C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/28 13:49:26 \| 00,000,125 \| -HS- \| C] () -- C:\ProgramData\.zreglib [2009/08/27 02:01:53 \| 00,001,176 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Roaming\vso_ts_preview.xml [2009/08/22 11:03:36 \| 00,000,028 \| ---- \| C] () -- C:\Windows\v2d.INI [2009/08/19 22:53:52 \| 00,001,107 \| ---- \| C] () -- C:\ProgramData\tmpD8D4.log [2009/08/14 22:04:42 \| 00,819,200 \| ---- \| C] () -- C:\Windows\System32\xvidcore.dll [2009/08/14 22:04:41 \| 00,180,224 \| ---- \| C] () -- C:\Windows\System32\xvidvfw.dll [2009/08/03 22:13:43 \| 00,000,552 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Local\d3d8caps.dat [2009/08/03 14:07:42 \| 00,403,816 \| ---- \| C] () -- C:\Windows\System32\OGACheckControl.dll [2009/04/26 22:48:12 \| 00,000,056 \| -H-- \| C] () -- C:\ProgramData\ezsidmv.dat [2009/04/24 22:58:25 \| 00,000,248 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Roaming\wklnhst.dat [2009/04/24 22:02:56 \| 00,006,774 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Roaming\PrimoPDFSet.xml [2009/04/24 22:00:00 \| 00,176,235 \| ---- \| C] () -- C:\Windows\System32\Primomonnt.dll [2009/04/18 13:15:06 \| 00,006,648 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Local\d3d9caps.dat [2009/04/17 22:19:37 \| 00,000,034 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Roaming\pcouffin.log [2009/04/17 22:17:35 \| 00,087,608 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Roaming\inst.exe [2009/04/17 22:17:35 \| 00,007,887 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Roaming\pcouffin.cat [2009/04/17 22:17:34 \| 00,001,144 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Roaming\pcouffin.inf [2009/04/17 20:43:05 \| 00,053,760 \| ---- \| C] () -- C:\Users\Jasmine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/17 20:28:32 \| 00,001,431 \| ---- \| C] () -- C:\ProgramData\hpzinstall.log [2009/04/17 15:25:21 \| 00,000,021 \| ---- \| C] () -- C:\Windows\atid.ini [2009/04/14 21:15:54 \| 00,004,608 \| ---- \| C] () -- C:\Windows\System32\HdmiCoin.dll [2009/04/14 21:15:53 \| 00,147,456 \| ---- \| C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2009/04/14 17:35:23 \| 00,006,656 \| ---- \| C] () -- C:\Windows\System32\bcmwlrc.dll [2009/04/14 17:35:22 \| 00,054,784 \| ---- \| C] () -- C:\Windows\System32\bcmwlrmt.dll [2008/04/28 10:13:33 \| 00,000,310 \| ---- \| C] () -- C:\Windows\primopdf.ini [2006/11/02 06:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 04:25:44 \| 00,159,744 \| ---- \| C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 01:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3 < End of report > Thank you

myrti View Member Profile	Jan 27 2010, 10:09 AM Post #10
bleepin' _temp_ Group: Malware Response Instructor Posts: 13,121 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, this is looking good. How is your PC doing now? Please run a scan with Eset next: Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you! I'll be gone from 30th July - 5th August. Sorry for any incovenience caused.

onesweetypie View Member Profile	Jan 27 2010, 06:55 PM Post #11
Member Group: Members Posts: 42 Joined: 2-August 06 From: TN Member No.: 79,072	Hi Myrti, It found nothing. I couldn't save a log so I took a screenshot and posted the image and link below. http://yfrog.com/5iesetonlinescannerj My PC is faster and I was able to change the date and time. It's now showing the accurate date and time. No problems with firefox. Is my PC now clean? And do you think its safe to for financial transactions and such? Thank you! This post has been edited by onesweetypie: Jan 28 2010, 12:44 AM

myrti View Member Profile	Jan 29 2010, 11:49 AM Post #12
bleepin' _temp_ Group: Malware Response Instructor Posts: 13,121 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, yes your logs look clean to me! Please update your software next, before we get to the final step: Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Look for "Java Runtime Environment (JRE)" JRE 6 Update 18. Click the Download button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version. -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator. -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it. -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually. Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer. Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet are a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update. For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information". Then go here to check for & install updates to Microsoft applications. Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install. Please reboot and repeat the update process until there are no more updates to install. Let me know if you run into any problems with the updates. regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you! I'll be gone from 30th July - 5th August. Sorry for any incovenience caused.

onesweetypie View Member Profile	Feb 4 2010, 11:31 PM Post #13
Member Group: Members Posts: 42 Joined: 2-August 06 From: TN Member No.: 79,072	Hi Myrti, Sorry for the late response. I removed all older versions of Java and downloaded, installed the new one as you instructed. Is there a way to ask Java to update automatically? I clicked on the link you posted but it's just information unless its included in the new Java update. I check my Windows Update and it says there are two optional updates: ATI Technologies - meida - ATI Unified AVStream Driver Realtek - Network - Realtek PCIe GBE Family Controller I didn't do any Windows Update because there were none found to be important just optional ones. Do I need Windows XP Service Pack 3 although I have Windows Vista? Thank you for all your help onesweetypie

myrti View Member Profile	Feb 5 2010, 12:31 PM Post #14
bleepin' _temp_ Group: Malware Response Instructor Posts: 13,121 Joined: 25-January 08 From: At home Member No.: 186,120	Hi, of course you do not need sp3 for Windows XP when running Vista. Very sorry about that, I mixed up two topics. Your Windows install seems to be up to date, sorry. Optional updates will usually either add new functionalities to an already installed driver/program or fix non-critical bugs. If you are currently not experiencing problems then I would not update. Java does automatic updates but up to Version 6 update 13 it did not remove the old version when installing the new one. This is why you have more than one version installed. By default java will install and activate an updater, that checks once a month if new updates are available, it seems that you chose not to or disabled the updater at some point. how is the PC doing now, any problems left? regards myrti -------------------- Help request via PM will be ignored, unless I am already helping you. Please use the forums! If I have helped you please consider to to help me continue the malware fight! Thank you! I'll be gone from 30th July - 5th August. Sorry for any incovenience caused.

onesweetypie View Member Profile	Feb 5 2010, 05:37 PM Post #15
Member Group: Members Posts: 42 Joined: 2-August 06 From: TN Member No.: 79,072	Hi Myrti, Ah okay, I was getting a bit confused there. I don't believe I'm experiencing any problems with the driver/program so I will not update them. The PC seems to be running fine. Nothing has pulled up in McAfee or Malware AntiBytes. Is my computer clean now? If yes, is it safe to do anything financial on here? Thank you so much!! onesweetypie This post has been edited by onesweetypie: Feb 5 2010, 05:37 PM

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 29th July 2010 - 09:38 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides