Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ieframe popup window


  • This topic is locked This topic is locked
13 replies to this topic

#1 thundergal

thundergal

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 26 June 2011 - 01:43 AM

Whenever I surf through Amazon or other sites, sometimes almost at random. A window pops up saying that the site is trying to install something called res:ieframe.dll from a trusted website. No matter what I do this popup keeps appearing and takes three clicks for it to disappear only to reappear in the next page. Oddly enough it doesn't appear when I use Firefox. I've updated my Adobe Reader, Flash, and Shockwave. I've updated my virus and malware scanners and nothing appears after a full scan.

DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2009 8:27:19 PM
System Uptime: 6/25/2011 2:33:51 PM (12 hours ago)
.
Motherboard: Intel Corporation | | D845EPT2
Processor: Intel® Pentium® 4 CPU 2.00GHz | X1 | 1994/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 7.78 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
3D Ultra Pinball Thrillride
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
AIM 7
Amazon Games & Software Downloader
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BCM V.92 56K Modem
Big Kahuna Reef
BOINC
Bonjour
Buildalot
Chameleon Mega Camera Driver
Coupon Printer for Windows
Definition update for Microsoft Office 2010 (KB982726)
Download Updater (AOL LLC)
EarthLink Access Software
EarthLink Common Authentication
EarthLink Simple Switch
EarthLink Toolbar
Google Chrome
Google Update Helper
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp psc 700 series
Indeo® software
iTunes
Java Auto Updater
Java™ 6 Update 24
Jewel Quest 2
LiveMath Plug-In & ActiveX 3.5.9 [U18] - August 2008
Malwarebytes' Anti-Malware version 1.51.0.1200
Marine Aquarium 2.5, Goldfish, Sharks & Carousel Bundle
McAfee AntiVirus Plus
McAfee Virtual Technician
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Plus! Game Pack: Cards and Puzzles
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox 4.0b11 (x86 en-US)
Mozilla Firefox 5.0 (x86 en-US)
Norton Security Scan
NVIDIA Drivers
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Speccy
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
swMSM
The Neverhood
The Scruffs
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
ViewSonic Monitor Drivers
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinSCP 4.2.5
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/24/2011 3:15:17 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/19/2011 7:36:04 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/19/2011 7:36:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
.
==== End Of File ===========================



DDS

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Stacey at 2:55:39 on 2011-06-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.248 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink\ISP\ISP8300\Browser\Bartshel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
svchost.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\BOINC\boinc.exe
C:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\PROGRA~1\EARTHL~1\ISP\ISP8300\Browser\PPShared.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.netscape.com/
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\earthlink\toolbar\ElnkPuB.dll
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\earthl~2\PRPL_I~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110518202746.dll
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\earthlink\toolbar\ProtctIE.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\earthlink\toolbar\uninsttb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink\toolbar\Toolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [Bart Station] c:\program files\earthlink\isp\isp8300\bin\PPCOLink.exe -STATION
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
StartupFolder: c:\documents and settings\stacey\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp psc 700 series\bin\hpobrt07.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\earthlink\toolbar\SearchUI.dll/search.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: runaware.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{24A2A243-20C6-44DC-9E06-0EE6598EABDD} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\stacey\application data\mozilla\firefox\profiles\i9bmytgy.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\stacey\application data\mozilla\firefox\profiles\i9bmytgy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLM32.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-16 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-2-4 317440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-16 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-16 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-16 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-16 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-16 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-16 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-16 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-16 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-16 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-16 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-16 88736]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-21 136176]
S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\Bulk503.sys [2001-10-15 10599]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-21 136176]
S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\ISO503.SYS [2002-4-9 526885]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-16 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-16 84488]
.
=============== Created Last 30 ================
.
2011-06-25 21:01:14 29544 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-06-22 02:24:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-22 02:24:43 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-21 21:49:57 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-06-21 20:59:39 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2011-06-21 20:59:39 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2011-06-21 20:59:26 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2011-06-21 20:59:26 324608 ----a-w- c:\windows\system32\hpojwia.dll
2011-06-21 20:59:23 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-06-21 20:59:23 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2011-06-21 20:59:17 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-06-21 20:59:17 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2011-06-21 20:59:15 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2011-06-21 20:59:15 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2011-06-19 02:29:17 -------- d-----w- c:\program files\Coupons
2011-06-16 20:29:08 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-16 20:18:24 -------- d-----w- c:\program files\common files\xing shared
2011-06-16 20:16:05 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-06-09 09:02:45 19569 ----a-w- c:\windows\000002_.tmp
2011-06-07 08:41:45 81920 ------w- c:\windows\system32\ieencode.dll
2011-06-07 08:40:20 19569 ----a-w- c:\windows\000001_.tmp
2011-06-07 00:53:20 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-06-07 00:24:15 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-06-06 16:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-05 19:59:47 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-06-05 19:59:10 -------- d-----w- c:\program files\Creative
.
==================== Find3M ====================
.
2011-06-25 21:02:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 20:15:09 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-16 20:15:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 18:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 18:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 18:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 18:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 18:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 18:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 2:59:51.29 ===============

Edited by hamluis, 26 June 2011 - 08:49 AM.
Moved topic from Web Browsing/Email to Am I Infected, reposted DDS log and moved to MRL.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 07 July 2011 - 06:06 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 thundergal

thundergal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 10 July 2011 - 01:55 AM

OK here is what I have so far. It says Run 3 because I forgot to disable my virus scanner the first time.

OTL logfile created on: 7/9/2011 1:03:49 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Stacey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.33% Memory free
2.60 Gb Paging File | 1.45 Gb Available in Paging File | 55.79% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 6.31 Gb Free Space | 16.95% Space Free | Partition Type: NTFS
Drive D: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STACEY-8A25D4B5 | User Name: Stacey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 23:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacey\Desktop\OTL.exe
PRC - [2011/06/16 16:15:13 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/04 13:42:04 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/05 11:50:44 | 000,822,560 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/09/01 20:05:10 | 000,181,056 | ---- | M] () -- C:\Program Files\EarthLink\ISP\ISP8300\Browser\BartShel.exe
PRC - [2010/08/12 21:51:10 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010/07/30 17:20:04 | 000,086,848 | ---- | M] () -- C:\Program Files\EarthLink\ISP\ISP8300\Browser\PPShared.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/06/12 03:18:18 | 000,406,016 | ---- | M] (Space Sciences Laboratory) -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
PRC - [2009/06/10 11:05:38 | 004,182,784 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2009/06/10 11:05:38 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2009/06/10 11:05:34 | 000,758,528 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/02/02 02:33:18 | 000,317,440 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2002/04/30 17:59:48 | 000,290,816 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
PRC - [2002/04/30 17:46:44 | 000,299,008 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
PRC - [2002/04/30 17:26:44 | 000,487,484 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
PRC - [2001/08/17 18:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 23:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacey\Desktop\OTL.exe
MOD - [2011/06/16 16:17:47 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/02/02 02:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/04/09 10:49:06 | 000,526,885 | ---- | M] (Digital Camera.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ISO503.SYS -- (ISO503)
DRV - [2001/10/15 12:45:36 | 000,010,599 | ---- | M] (LARGAN Digital) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk503.sys -- (Bulk503)
DRV - [2001/08/17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 17:45:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/16 16:17:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 22:24:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/08 15:02:39 | 000,000,000 | ---D | M]

[2009/01/11 23:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stacey\Application Data\Mozilla\Extensions
[2011/06/23 16:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\i9bmytgy.default\extensions
[2011/06/23 16:08:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\i9bmytgy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/16 23:56:02 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\i9bmytgy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/06/29 23:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 18:45:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 15:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/12 19:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 17:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/20 23:39:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/29 23:21:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2010/04/26 18:44:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/21 22:24:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/23 17:00:54 | 005,150,696 | ---- | M] (MathMonkeys, LLC) -- C:\Program Files\mozilla firefox\plugins\NPLM32.DLL
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/17 01:59:26 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPub.dll (EarthLink, Inc.)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110518202746.dll (McAfee, Inc.)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll (EarthLink, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ElnkLegacyUninstBHO Class) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll (EarthLink, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\EarthLink\ISP\ISP8300\BIN\PPCOLink.exe ()
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Stacey\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: EarthLink Google Search - C:\Program Files\EarthLink\Toolbar\SearchUI.dll (EarthLink, Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..Trusted Domains: runaware.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Stacey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stacey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/10 21:24:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 23:59:30 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stacey\Desktop\OTL.exe
[2011/07/08 15:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/29 23:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/28 14:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacey\My Documents\Other cartoons
[2011/06/26 03:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacey\My Documents\Voltes V
[2011/06/21 17:49:57 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/06/21 17:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/06/18 22:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/06/16 16:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/09 15:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[33 C:\Documents and Settings\Stacey\My Documents\*.tmp files -> C:\Documents and Settings\Stacey\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/09 00:41:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1202660629-1801674531-1003.job
[2011/07/09 00:41:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1202660629-1801674531-1003.job
[2011/07/09 00:40:39 | 000,161,546 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\SATURN-STORM.jpg
[2011/07/09 00:33:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 23:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacey\Desktop\OTL.exe
[2011/07/08 23:42:48 | 000,197,551 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf___to_telos_by_plantman_exe-d2zzce8.jpg
[2011/07/08 23:26:46 | 000,169,948 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf_slash___hxm_frozen_spark_by_plantman_exe-d3iqdgp.jpg
[2011/07/08 23:26:07 | 000,375,492 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf___a_journey_of_1_000_years_by_plantman_exe-d3kp423.png
[2011/07/08 23:25:23 | 000,493,996 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf___noble_hunter_by_plantman_exe-d3ktwmr.png
[2011/07/08 23:23:16 | 001,017,161 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\prime_by_transformers_mosaic-d3j7ww3.jpg
[2011/07/08 23:22:00 | 000,421,983 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf__baby_datsuns_by_prowlimus-d3isdhb.png
[2011/07/08 23:19:49 | 000,111,931 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\TF___Christmas_Ultra_Magnus_by_plantman_exe.jpg
[2011/07/08 23:15:15 | 000,090,073 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Hound_x_Mirage_by_yamu1620.jpg
[2011/07/08 23:13:44 | 000,146,665 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Seduction_by_Wicked3659.jpg
[2011/07/08 23:09:50 | 000,181,409 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\st__uhhhm__by_oneirogenic-d3l2x21.png
[2011/07/08 23:08:36 | 000,054,911 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Zombie town by izzy_the_hedgehog.gif
[2011/07/08 23:07:42 | 000,815,699 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\nerdanel_by_tolkienmaster-d3ioum8.jpg
[2011/07/08 23:07:17 | 001,094,391 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\insomnia_by_vyter-d3jsdo1.png
[2011/07/08 23:06:41 | 000,166,134 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\nr_1_by_lady_sonata-d3ki0au.jpg
[2011/07/08 23:06:22 | 001,383,071 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\twilight_royale_by_crownorth-d3kl76a.png
[2011/07/08 23:05:48 | 000,081,058 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\eder_terehn_by_cassiopeiaart-d3i84hj.jpg
[2011/07/08 23:05:25 | 000,521,519 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\steps_of_annwn_by_swkerr-d3hi61m.jpg
[2011/07/08 23:04:23 | 000,328,989 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\alice_madness_returns_by_masateru-d3cp9i7.jpg
[2011/07/08 23:04:00 | 000,200,635 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\sky_is_falling_by_wild_visions-d390xb3.jpg
[2011/07/08 19:33:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 17:17:54 | 000,062,789 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\dude__get_some_sunglasses_by_SpriterDex.png
[2011/07/08 17:12:05 | 000,574,281 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Immortal_by_hgjart.jpg
[2011/07/08 16:48:49 | 000,136,821 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\shady_spot_by_dreamachiever-d3lf1u0.jpg
[2011/07/08 15:03:42 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/07/08 15:03:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/08 15:02:39 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/08 15:02:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/07 18:07:19 | 000,006,937 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\AA1331C840E76BCC81B547137FC551.jpg
[2011/07/07 02:07:08 | 000,321,861 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\doodle111by cannedebonbon.jpg
[2011/07/07 00:39:23 | 000,063,278 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\muhammed_alis_greatest_gift_to_dirk_nowitzki.jpg
[2011/07/06 23:53:59 | 000,044,020 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly042011.gif
[2011/07/06 23:51:56 | 000,130,711 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly5th2011.gif
[2011/07/06 23:40:50 | 000,119,023 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly6th2011.gif
[2011/07/06 23:12:53 | 000,027,411 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\heat2-7611-453x340.jpg
[2011/07/04 21:12:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/04 17:31:41 | 000,031,646 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\fourth_of_july11-hp.jpg
[2011/07/03 02:47:16 | 000,896,454 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\markstreeter.bmp
[2011/07/03 02:45:42 | 000,271,078 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\jimstahler.bmp
[2011/07/03 02:44:35 | 000,253,078 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\billday.bmp
[2011/07/02 01:14:50 | 000,099,042 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\wsj_ext_v2.jpg
[2011/06/30 00:26:06 | 000,009,267 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Cory Elmore.jpg
[2011/06/28 23:40:00 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/28 22:47:17 | 000,024,484 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Robert Adams returns money.jpg
[2011/06/25 03:52:24 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/24 23:03:51 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\June13th2011.gif
[2011/06/22 16:12:14 | 000,535,749 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\lullaby_dragonet_by_smokepaint-d3ely44.jpg
[2011/06/21 17:49:59 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/06/21 17:03:54 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\hp psc 700 series.lnk
[2011/06/21 17:03:53 | 000,001,165 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
[2011/06/17 03:32:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 16:32:06 | 000,017,028 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\1308239032_smitten_ampharos_by_glasspanda-d3j27b8.gif
[2011/06/16 16:20:51 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/16 16:15:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/06/13 22:27:20 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[33 C:\Documents and Settings\Stacey\My Documents\*.tmp files -> C:\Documents and Settings\Stacey\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/09 00:40:37 | 000,161,546 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\SATURN-STORM.jpg
[2011/07/08 23:42:46 | 000,197,551 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf___to_telos_by_plantman_exe-d2zzce8.jpg
[2011/07/08 23:26:24 | 000,169,948 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf_slash___hxm_frozen_spark_by_plantman_exe-d3iqdgp.jpg
[2011/07/08 23:25:51 | 000,375,492 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf___a_journey_of_1_000_years_by_plantman_exe-d3kp423.png
[2011/07/08 23:25:16 | 000,493,996 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf___noble_hunter_by_plantman_exe-d3ktwmr.png
[2011/07/08 23:23:00 | 001,017,161 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\prime_by_transformers_mosaic-d3j7ww3.jpg
[2011/07/08 23:21:54 | 000,421,983 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf__baby_datsuns_by_prowlimus-d3isdhb.png
[2011/07/08 23:19:42 | 000,111,931 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\TF___Christmas_Ultra_Magnus_by_plantman_exe.jpg
[2011/07/08 23:15:07 | 000,090,073 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Hound_x_Mirage_by_yamu1620.jpg
[2011/07/08 23:13:41 | 000,146,665 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Seduction_by_Wicked3659.jpg
[2011/07/08 23:09:43 | 000,181,409 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\st__uhhhm__by_oneirogenic-d3l2x21.png
[2011/07/08 23:08:10 | 000,054,911 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Zombie town by izzy_the_hedgehog.gif
[2011/07/08 23:07:24 | 000,815,699 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\nerdanel_by_tolkienmaster-d3ioum8.jpg
[2011/07/08 23:07:01 | 001,094,391 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\insomnia_by_vyter-d3jsdo1.png
[2011/07/08 23:06:35 | 000,166,134 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\nr_1_by_lady_sonata-d3ki0au.jpg
[2011/07/08 23:06:16 | 001,383,071 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\twilight_royale_by_crownorth-d3kl76a.png
[2011/07/08 23:05:31 | 000,081,058 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\eder_terehn_by_cassiopeiaart-d3i84hj.jpg
[2011/07/08 23:05:09 | 000,521,519 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\steps_of_annwn_by_swkerr-d3hi61m.jpg
[2011/07/08 23:04:22 | 000,328,989 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\alice_madness_returns_by_masateru-d3cp9i7.jpg
[2011/07/08 23:03:54 | 000,200,635 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\sky_is_falling_by_wild_visions-d390xb3.jpg
[2011/07/08 17:17:52 | 000,062,789 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\dude__get_some_sunglasses_by_SpriterDex.png
[2011/07/08 17:12:02 | 000,574,281 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Immortal_by_hgjart.jpg
[2011/07/08 16:48:37 | 000,136,821 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\shady_spot_by_dreamachiever-d3lf1u0.jpg
[2011/07/07 18:10:06 | 000,006,937 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\AA1331C840E76BCC81B547137FC551.jpg
[2011/07/07 03:37:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1202660629-1801674531-1003.job
[2011/07/07 02:09:27 | 000,321,861 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\doodle111by cannedebonbon.jpg
[2011/07/07 00:40:50 | 000,063,278 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\muhammed_alis_greatest_gift_to_dirk_nowitzki.jpg
[2011/07/06 23:54:53 | 000,044,020 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly042011.gif
[2011/07/06 23:53:51 | 000,130,711 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly5th2011.gif
[2011/07/06 23:51:22 | 000,119,023 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly6th2011.gif
[2011/07/06 23:31:44 | 000,027,411 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\heat2-7611-453x340.jpg
[2011/07/04 17:32:18 | 000,031,646 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\fourth_of_july11-hp.jpg
[2011/07/04 17:24:06 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/07/03 02:47:15 | 000,896,454 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\markstreeter.bmp
[2011/07/03 02:45:41 | 000,271,078 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\jimstahler.bmp
[2011/07/03 02:44:34 | 000,253,078 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\billday.bmp
[2011/07/02 01:14:47 | 000,099,042 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\wsj_ext_v2.jpg
[2011/07/01 00:23:21 | 000,186,307 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\vali3frank.JPG
[2011/07/01 00:22:17 | 000,031,256 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\kevinfederline1.jpg
[2011/07/01 00:22:00 | 000,027,788 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\martywesta.jpg
[2011/07/01 00:21:16 | 000,103,532 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\jordia.JPG
[2011/07/01 00:20:50 | 000,038,089 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\rulesofattractiona.jpg
[2011/07/01 00:20:32 | 000,020,396 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Portrai_de_la_pression_111.jpg
[2011/06/30 02:27:15 | 000,009,267 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Cory Elmore.jpg
[2011/06/28 22:48:35 | 000,024,484 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Robert Adams returns money.jpg
[2011/06/25 03:52:23 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/25 03:52:23 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/24 23:04:13 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\June13th2011.gif
[2011/06/22 16:11:59 | 000,535,749 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\lullaby_dragonet_by_smokepaint-d3ely44.jpg
[2011/06/21 17:03:54 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hp psc 700 series.lnk
[2011/06/21 17:03:53 | 000,001,165 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
[2011/06/21 16:59:26 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5500a.aio
[2011/06/21 16:59:26 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5400a.aio
[2011/06/21 16:59:24 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5300a.aio
[2011/06/16 16:45:47 | 000,017,028 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\1308239032_smitten_ampharos_by_glasspanda-d3j27b8.gif
[2011/06/16 16:20:51 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/09 20:38:31 | 000,179,246 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Addition_Subtraction_Fact_Triangles.pdf
[2011/04/09 22:07:00 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Stacey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/13 16:27:39 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2010/11/29 16:58:49 | 000,069,440 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2010/11/29 16:58:48 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2010/11/29 16:58:47 | 000,255,296 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2010/11/29 16:58:47 | 000,066,880 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2010/11/29 16:58:47 | 000,040,600 | ---- | C] () -- C:\WINDOWS\System32\PPCClean.exe
[2010/11/29 16:58:47 | 000,028,992 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2010/01/11 03:06:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Stacey\Application Data\winscp.rnd
[2009/01/20 23:31:01 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2009/01/16 21:43:54 | 000,012,496 | ---- | C] () -- C:\WINDOWS\MSPuzzle.dat
[2009/01/14 17:23:08 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/01/14 17:23:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009/01/14 17:21:10 | 000,000,450 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/01/13 16:48:27 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009/01/11 23:49:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/11 03:01:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/10 21:46:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/10 21:44:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/01/10 21:27:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/10 21:20:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/10 16:08:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/10 16:07:19 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/20 22:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/03/21 21:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 21:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,314,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,041,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/02/18 10:37:04 | 000,015,853 | ---- | C] () -- C:\WINDOWS\sp1lang.ini
[2001/10/11 11:23:54 | 000,155,136 | ---- | C] () -- C:\WINDOWS\unsp1drv.exe

========== LOP Check ==========

[2009/01/14 03:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/09 16:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/02/04 18:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/07/09 01:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009/02/05 00:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/06/13 23:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/19 08:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 05:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/28 01:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/29 01:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/01/14 04:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\acccore
[2010/01/17 00:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\Amazon
[2009/01/12 21:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/29 18:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\EarthLink
[2011/02/02 22:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\ICAClient
[2009/02/04 20:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\iWin
[2009/01/13 16:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\Leadertech
[2010/01/11 03:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\OpenCandy
[2010/11/16 20:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\QuickScan
[2009/02/05 03:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\TheScruffs
[2009/01/14 04:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stacey\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/10 16:06:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/01/10 16:06:29 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/01/10 16:06:29 | 000,884,736 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2009/01/10 21:24:03 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/10 21:17:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/01/10 21:24:03 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/05 16:02:10 | 000,001,868 | ---- | M] () -- C:\CTSUFile.txt
[2011/05/11 18:36:03 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2009/11/15 23:53:39 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2009/01/10 21:24:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/12 20:35:35 | 000,001,387 | -H-- | M] () -- C:\IPH.PH
[2009/01/10 21:24:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/13 20:38:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/08 15:02:24 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< >

< >

< >

< End of report

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 10 July 2011 - 06:39 AM

Hello, thundergal.








Viewpoint (foistware) Warning"

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 thundergal

thundergal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 10 July 2011 - 10:41 PM

Thanks for your help. Here are the two logs:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7060

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2011 10:42:20 PM
mbam-log-2011-07-10 (22-42-20).txt

Scan type: Quick scan
Objects scanned: 155654
Time elapsed: 34 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-10 23:27:25
-----------------------------
23:27:25.343 OS Version: Windows 5.1.2600 Service Pack 3
23:27:25.343 Number of processors: 1 586 0x204
23:27:25.390 ComputerName: STACEY-8A25D4B5 UserName: Stacey
23:27:32.421 Initialize success
23:28:04.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:28:04.906 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3
23:28:05.000 Disk 0 MBR read successfully
23:28:05.000 Disk 0 MBR scan
23:28:05.000 Disk 0 Windows XP default MBR code
23:28:05.109 Disk 0 scanning sectors +78108030
23:28:05.453 Disk 0 scanning C:\WINDOWS\system32\drivers
23:33:55.703 Service scanning
23:34:03.359 Disk 0 trace - called modules:
23:34:03.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
23:34:03.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aedbab8]
23:34:03.437 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000061[0x8ae73130]
23:34:03.437 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aec0d98]
23:34:03.437 Scan finished successfully
23:40:42.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Stacey\Desktop\MBR.dat"
23:40:42.187 The log file has been saved successfully to "C:\Documents and Settings\Stacey\Desktop\aswMBR.txt"

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 11 July 2011 - 09:32 PM

Hello, thundergal.
ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 thundergal

thundergal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 12 July 2011 - 01:15 AM

ComboFix 11-07-11.04 - Stacey 07/12/2011 0:59.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1482 [GMT -4:00]
Running from: c:\documents and settings\Stacey\Desktop\etavaresCF.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Stacey\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 02:52 . 2011-07-12 02:52 -------- d-----w- C:\etavaresCF
2011-07-12 01:40 . 2011-07-12 01:40 -------- d-----w- c:\program files\Apple Software Update
2011-06-30 03:23 . 2011-06-30 03:23 -------- d-----w- c:\program files\Common Files\Java
2011-06-22 02:24 . 2011-06-22 02:24 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 02:24 . 2011-06-22 02:24 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-21 21:49 . 2011-06-21 21:49 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-06-21 20:59 . 2001-08-17 17:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2011-06-21 20:59 . 2001-08-17 17:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2011-06-21 20:59 . 2001-08-18 02:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2011-06-21 20:59 . 2001-08-18 02:36 324608 ----a-w- c:\windows\system32\hpojwia.dll
2011-06-21 20:59 . 2001-08-17 17:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-06-21 20:59 . 2001-08-17 17:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2011-06-21 20:59 . 2001-08-17 17:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-06-21 20:59 . 2001-08-17 17:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2011-06-21 20:59 . 2008-04-14 04:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2011-06-21 20:59 . 2008-04-14 04:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2011-06-19 02:29 . 2011-06-21 21:49 -------- d-----w- c:\program files\Coupons
2011-06-16 20:29 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-16 20:18 . 2011-06-16 20:18 -------- d-----w- c:\program files\Common Files\xing shared
2011-06-16 20:16 . 2011-06-16 20:16 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 21:19 . 2011-05-17 21:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 20:15 . 2009-01-12 05:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-16 20:15 . 2009-01-12 05:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-29 13:11 . 2009-01-15 00:47 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-01-15 00:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:06 . 2009-09-11 09:46 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-10 12:06 . 2009-07-28 05:02 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-04 08:52 . 2010-04-26 22:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2011-02-21 03:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-01-11 01:20 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 18:01 . 2011-03-16 07:56 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01 . 2011-03-16 07:55 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 18:01 . 2011-03-16 07:55 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01 . 2011-03-16 07:55 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 18:01 . 2011-03-16 07:55 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01 . 2011-03-16 07:55 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01 . 2011-03-16 07:55 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 18:01 . 2011-03-16 07:55 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 18:01 . 2011-03-16 07:39 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 18:01 . 2010-10-14 02:28 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01 . 2010-10-14 02:28 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-06-22 02:24 . 2011-03-24 23:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-03-16 07:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-04 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-21 7110656]
"nwiz"="nwiz.exe" [2005-07-21 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-21 86016]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-02-02 246272]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-06-10 4182784]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2009-06-10 58112]
"Bart Station"="c:\program files\EarthLink\ISP\ISP8300\BIN\PPCOLink.exe" [2010-07-30 25920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-16 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Stacey\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-1-13 225280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-19 113664]
HPAiODevice(hp psc 700 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-4-30 487484]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/16/2011 3:55 AM 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/16/2011 3:55 AM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/16/2011 3:55 AM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/16/2011 3:55 AM 88736]
S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\Bulk503.sys [10/15/2001 12:45 PM 10599]
S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\ISO503.SYS [4/9/2002 10:49 AM 526885]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/16/2011 3:55 AM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/16/2011 3:55 AM 84488]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RSVP
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 21:14]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 21:14]
.
2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1202660629-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1202660629-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netscape.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: EarthLink Google Search - c:\program files\EarthLink\Toolbar\SearchUI.dll/search.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Stacey\Application Data\Mozilla\Firefox\Profiles\i9bmytgy.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Marine Aquarium 2.5, Goldfish, Sharks & Carousel Bundle - c:\program files\Prolific Publishing
AddRemove-Mozilla Firefox 4.0b11 (x86 en-US) - c:\program files\Mozilla Firefox 4.0 Beta 11\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 01:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(7080)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-12 01:21:11
ComboFix-quarantined-files.txt 2011-07-12 05:20
.
Pre-Run: 9,537,794,048 bytes free
Post-Run: 9,560,924,160 bytes free
.
- - End Of File - - 3DFA1888FFC2EBD3566ADBB45E6142DA

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 12 July 2011 - 06:01 PM

Hello, thundergal.


Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 thundergal

thundergal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 12 July 2011 - 07:46 PM

Here are the two logs. I'll work on Step two next.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49219 bytes

User: Stacey
->Temp folder emptied: 183389 bytes
->Temporary Internet Files folder emptied: 65925665 bytes
->Java cache emptied: 4099615 bytes
->FireFox cache emptied: 53545104 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3040 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3321893 bytes

Total Files Cleaned = 121.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07122011_200607

Files\Folders moved on Reboot...
C:\Documents and Settings\Stacey\Local Settings\Temp\~DF3EDD.tmp moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temp\~DF541B.tmp moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temp\~DF6935.tmp moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temporary Internet Files\Content.IE5\XVE5KRZO\page__p__2308637__fromsearch__1[1].htm moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temporary Internet Files\Content.IE5\SQ9X8UP3\boxoffice[1].htm moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temporary Internet Files\Content.IE5\SQ9X8UP3\clk[1].htm moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temporary Internet Files\Content.IE5\SQ9X8UP3\data_sync[1].htm moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temporary Internet Files\Content.IE5\SQ9X8UP3\iframe3[1].htm moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temporary Internet Files\Content.IE5\1P499I12\master[1].xml moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temporary Internet Files\Content.IE5\1P499I12\st[1] moved successfully.
C:\Documents and Settings\Stacey\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 7/12/2011 8:31:10 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Stacey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.29% Memory free
2.60 Gb Paging File | 1.84 Gb Available in Paging File | 70.74% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 9.19 Gb Free Space | 24.67% Space Free | Partition Type: NTFS
Drive E: | 7.46 Gb Total Space | 0.85 Gb Free Space | 11.38% Space Free | Partition Type: FAT32

Computer Name: STACEY-8A25D4B5 | User Name: Stacey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 23:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacey\Desktop\OTL.exe
PRC - [2011/06/16 16:15:13 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/05/04 13:42:04 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/09/01 20:05:10 | 000,181,056 | ---- | M] () -- C:\Program Files\EarthLink\ISP\ISP8300\Browser\BartShel.exe
PRC - [2010/08/12 21:51:10 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010/07/30 17:20:04 | 000,086,848 | ---- | M] () -- C:\Program Files\EarthLink\ISP\ISP8300\Browser\PPShared.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/06/25 23:19:44 | 000,479,232 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
PRC - [2009/06/10 11:05:38 | 004,182,784 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2009/06/10 11:05:38 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2009/06/10 11:05:34 | 000,758,528 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/02/02 02:33:18 | 000,317,440 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/02/02 02:32:42 | 000,246,272 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/04/30 17:59:48 | 000,290,816 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
PRC - [2002/04/30 17:46:44 | 000,299,008 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
PRC - [2002/04/30 17:26:44 | 000,487,484 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
PRC - [2001/08/17 18:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 23:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacey\Desktop\OTL.exe
MOD - [2011/06/16 16:17:47 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/02/02 02:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/04/09 10:49:06 | 000,526,885 | ---- | M] (Digital Camera.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ISO503.SYS -- (ISO503)
DRV - [2001/10/15 12:45:36 | 000,010,599 | ---- | M] (LARGAN Digital) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk503.sys -- (Bulk503)
DRV - [2001/08/17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 17:45:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/16 16:17:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 22:24:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/10 22:01:32 | 000,000,000 | ---D | M]

[2009/01/11 23:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stacey\Application Data\Mozilla\Extensions
[2011/06/23 16:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\i9bmytgy.default\extensions
[2011/06/23 16:08:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\i9bmytgy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/16 23:56:02 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\i9bmytgy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/06/29 23:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 18:45:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 15:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/12 19:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 17:04:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/20 23:39:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/29 23:21:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2010/04/26 18:44:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/21 22:24:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/23 17:00:54 | 005,150,696 | ---- | M] (MathMonkeys, LLC) -- C:\Program Files\mozilla firefox\plugins\NPLM32.DLL
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/17 01:59:26 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPub.dll (EarthLink, Inc.)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110518202746.dll (McAfee, Inc.)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll (EarthLink, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ElnkLegacyUninstBHO Class) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll (EarthLink, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\EarthLink\ISP\ISP8300\BIN\PPCOLink.exe ()
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Stacey\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: EarthLink Google Search - C:\Program Files\EarthLink\Toolbar\SearchUI.dll (EarthLink, Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1202660629-1801674531-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Stacey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stacey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/10 21:24:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 20:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/12 20:06:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/12 01:26:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/12 00:42:03 | 000,000,000 | ---D | C] -- C:\etavaresCF20288e
[2011/07/11 23:54:07 | 000,000,000 | ---D | C] -- C:\etavaresCF24773e
[2011/07/11 23:50:57 | 000,000,000 | ---D | C] -- C:\etavaresCF19518e
[2011/07/11 23:02:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/11 22:55:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/11 22:55:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/11 22:55:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/11 22:55:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/11 22:55:03 | 000,000,000 | ---D | C] -- C:\etavaresCF18986e
[2011/07/11 22:53:48 | 000,000,000 | ---D | C] -- C:\etavaresCF29284e
[2011/07/11 22:52:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/11 22:52:27 | 000,000,000 | ---D | C] -- C:\etavaresCF
[2011/07/11 22:49:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/11 22:44:06 | 004,148,578 | R--- | C] (Swearware) -- C:\Documents and Settings\Stacey\Desktop\etavaresCF.exe
[2011/07/11 21:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/11 21:40:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/07/10 23:16:10 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Stacey\Desktop\aswMBR.exe
[2011/07/10 22:05:41 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stacey\Desktop\mbam-setup.exe
[2011/07/09 01:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacey\Desktop\gmer
[2011/07/08 23:59:30 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stacey\Desktop\OTL.exe
[2011/06/29 23:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/29 23:21:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/29 23:21:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/29 23:21:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/28 14:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacey\My Documents\Other cartoons
[2011/06/26 03:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stacey\My Documents\Voltes V
[2011/06/21 17:49:57 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/06/21 17:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/06/21 16:59:39 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/06/21 16:59:26 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpojwia.dll
[2011/06/21 16:59:26 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2011/06/21 16:59:23 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2011/06/21 16:59:17 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/06/21 16:59:15 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2011/06/18 22:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/06/16 16:29:08 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/16 16:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[33 C:\Documents and Settings\Stacey\My Documents\*.tmp files -> C:\Documents and Settings\Stacey\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/12 20:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/12 20:22:17 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/07/12 20:20:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/12 20:19:58 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/12 20:18:56 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1202660629-1801674531-1003.job
[2011/07/12 20:18:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/12 20:18:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/12 02:22:45 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1202660629-1801674531-1003.job
[2011/07/11 23:02:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/11 22:44:07 | 004,148,578 | R--- | M] (Swearware) -- C:\Documents and Settings\Stacey\Desktop\etavaresCF.exe
[2011/07/11 21:41:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/11 16:34:11 | 006,503,395 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\3D_Bugattie Veyron 16.4 Carbon by hameed.jpg
[2011/07/11 16:33:35 | 006,503,395 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\3D Bugatti Veryon 16.4 Carbon by hameed.jpg
[2011/07/11 00:37:56 | 000,458,965 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Mosaic__by_justMANGO.jpg
[2011/07/11 00:25:43 | 000,143,223 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Saint_Seiya_Pegasus_by_Aioras.jpg
[2011/07/11 00:19:27 | 000,156,967 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\the_victory_by_s_starko-d3iq2ob.jpg
[2011/07/10 23:40:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Stacey\Desktop\MBR.dat
[2011/07/10 23:16:16 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Stacey\Desktop\aswMBR.exe
[2011/07/10 22:05:41 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Stacey\Desktop\mbam-setup.exe
[2011/07/09 01:34:45 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\Stacey\Desktop\gmer.zip
[2011/07/09 00:40:39 | 000,161,546 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\SATURN-STORM.jpg
[2011/07/08 23:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stacey\Desktop\OTL.exe
[2011/07/08 23:42:48 | 000,197,551 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf___to_telos_by_plantman_exe-d2zzce8.jpg
[2011/07/08 23:26:46 | 000,169,948 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf_slash___hxm_frozen_spark_by_plantman_exe-d3iqdgp.jpg
[2011/07/08 23:26:07 | 000,375,492 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf___a_journey_of_1_000_years_by_plantman_exe-d3kp423.png
[2011/07/08 23:25:23 | 000,493,996 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf___noble_hunter_by_plantman_exe-d3ktwmr.png
[2011/07/08 23:23:16 | 001,017,161 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\prime_by_transformers_mosaic-d3j7ww3.jpg
[2011/07/08 23:22:00 | 000,421,983 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\tf__baby_datsuns_by_prowlimus-d3isdhb.png
[2011/07/08 23:19:49 | 000,111,931 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\TF___Christmas_Ultra_Magnus_by_plantman_exe.jpg
[2011/07/08 23:15:15 | 000,090,073 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Hound_x_Mirage_by_yamu1620.jpg
[2011/07/08 23:13:44 | 000,146,665 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Seduction_by_Wicked3659.jpg
[2011/07/08 23:09:50 | 000,181,409 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\st__uhhhm__by_oneirogenic-d3l2x21.png
[2011/07/08 23:08:36 | 000,054,911 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Zombie town by izzy_the_hedgehog.gif
[2011/07/08 23:07:42 | 000,815,699 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\nerdanel_by_tolkienmaster-d3ioum8.jpg
[2011/07/08 23:07:17 | 001,094,391 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\insomnia_by_vyter-d3jsdo1.png
[2011/07/08 23:06:41 | 000,166,134 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\nr_1_by_lady_sonata-d3ki0au.jpg
[2011/07/08 23:06:22 | 001,383,071 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\twilight_royale_by_crownorth-d3kl76a.png
[2011/07/08 23:05:48 | 000,081,058 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\eder_terehn_by_cassiopeiaart-d3i84hj.jpg
[2011/07/08 23:05:25 | 000,521,519 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\steps_of_annwn_by_swkerr-d3hi61m.jpg
[2011/07/08 23:04:23 | 000,328,989 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\alice_madness_returns_by_masateru-d3cp9i7.jpg
[2011/07/08 23:04:00 | 000,200,635 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\sky_is_falling_by_wild_visions-d390xb3.jpg
[2011/07/08 17:17:54 | 000,062,789 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\dude__get_some_sunglasses_by_SpriterDex.png
[2011/07/08 17:12:05 | 000,574,281 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Immortal_by_hgjart.jpg
[2011/07/08 16:48:49 | 000,136,821 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\shady_spot_by_dreamachiever-d3lf1u0.jpg
[2011/07/07 18:07:19 | 000,006,937 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\AA1331C840E76BCC81B547137FC551.jpg
[2011/07/07 17:19:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/07 02:07:08 | 000,321,861 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\doodle111by cannedebonbon.jpg
[2011/07/07 00:39:23 | 000,063,278 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\muhammed_alis_greatest_gift_to_dirk_nowitzki.jpg
[2011/07/06 23:53:59 | 000,044,020 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly042011.gif
[2011/07/06 23:51:56 | 000,130,711 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly5th2011.gif
[2011/07/06 23:40:50 | 000,119,023 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly6th2011.gif
[2011/07/06 23:12:53 | 000,027,411 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\heat2-7611-453x340.jpg
[2011/07/04 17:31:41 | 000,031,646 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\fourth_of_july11-hp.jpg
[2011/07/03 02:47:16 | 000,896,454 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\markstreeter.bmp
[2011/07/03 02:45:42 | 000,271,078 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\jimstahler.bmp
[2011/07/03 02:44:35 | 000,253,078 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\billday.bmp
[2011/07/02 01:14:50 | 000,099,042 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\wsj_ext_v2.jpg
[2011/06/30 00:26:06 | 000,009,267 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Cory Elmore.jpg
[2011/06/28 23:40:00 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/28 22:47:17 | 000,024,484 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\Robert Adams returns money.jpg
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 03:52:24 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/24 23:03:51 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\June13th2011.gif
[2011/06/22 16:12:14 | 000,535,749 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\lullaby_dragonet_by_smokepaint-d3ely44.jpg
[2011/06/21 17:49:59 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/06/21 17:03:54 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\hp psc 700 series.lnk
[2011/06/21 17:03:53 | 000,001,165 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
[2011/06/17 03:32:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 16:32:06 | 000,017,028 | ---- | M] () -- C:\Documents and Settings\Stacey\My Documents\1308239032_smitten_ampharos_by_glasspanda-d3j27b8.gif
[2011/06/16 16:20:51 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/16 16:17:09 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/06/16 16:15:56 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/06/16 16:15:56 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/06/16 16:15:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/06/13 22:27:20 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[33 C:\Documents and Settings\Stacey\My Documents\*.tmp files -> C:\Documents and Settings\Stacey\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/12 20:22:10 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/07/11 23:02:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/11 23:02:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/11 22:55:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/11 22:55:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/11 22:55:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/11 22:55:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/11 22:55:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/11 21:41:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/11 21:40:59 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/11 16:33:45 | 006,503,395 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\3D_Bugattie Veyron 16.4 Carbon by hameed.jpg
[2011/07/11 16:33:15 | 006,503,395 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\3D Bugatti Veryon 16.4 Carbon by hameed.jpg
[2011/07/11 00:37:53 | 000,458,965 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Mosaic__by_justMANGO.jpg
[2011/07/11 00:25:13 | 000,143,223 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Saint_Seiya_Pegasus_by_Aioras.jpg
[2011/07/11 00:19:12 | 000,156,967 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\the_victory_by_s_starko-d3iq2ob.jpg
[2011/07/10 23:40:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Stacey\Desktop\MBR.dat
[2011/07/09 01:34:43 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\Stacey\Desktop\gmer.zip
[2011/07/09 00:40:37 | 000,161,546 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\SATURN-STORM.jpg
[2011/07/08 23:42:46 | 000,197,551 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf___to_telos_by_plantman_exe-d2zzce8.jpg
[2011/07/08 23:26:24 | 000,169,948 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf_slash___hxm_frozen_spark_by_plantman_exe-d3iqdgp.jpg
[2011/07/08 23:25:51 | 000,375,492 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf___a_journey_of_1_000_years_by_plantman_exe-d3kp423.png
[2011/07/08 23:25:16 | 000,493,996 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf___noble_hunter_by_plantman_exe-d3ktwmr.png
[2011/07/08 23:23:00 | 001,017,161 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\prime_by_transformers_mosaic-d3j7ww3.jpg
[2011/07/08 23:21:54 | 000,421,983 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\tf__baby_datsuns_by_prowlimus-d3isdhb.png
[2011/07/08 23:19:42 | 000,111,931 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\TF___Christmas_Ultra_Magnus_by_plantman_exe.jpg
[2011/07/08 23:15:07 | 000,090,073 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Hound_x_Mirage_by_yamu1620.jpg
[2011/07/08 23:13:41 | 000,146,665 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Seduction_by_Wicked3659.jpg
[2011/07/08 23:09:43 | 000,181,409 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\st__uhhhm__by_oneirogenic-d3l2x21.png
[2011/07/08 23:08:10 | 000,054,911 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Zombie town by izzy_the_hedgehog.gif
[2011/07/08 23:07:24 | 000,815,699 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\nerdanel_by_tolkienmaster-d3ioum8.jpg
[2011/07/08 23:07:01 | 001,094,391 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\insomnia_by_vyter-d3jsdo1.png
[2011/07/08 23:06:35 | 000,166,134 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\nr_1_by_lady_sonata-d3ki0au.jpg
[2011/07/08 23:06:16 | 001,383,071 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\twilight_royale_by_crownorth-d3kl76a.png
[2011/07/08 23:05:31 | 000,081,058 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\eder_terehn_by_cassiopeiaart-d3i84hj.jpg
[2011/07/08 23:05:09 | 000,521,519 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\steps_of_annwn_by_swkerr-d3hi61m.jpg
[2011/07/08 23:04:22 | 000,328,989 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\alice_madness_returns_by_masateru-d3cp9i7.jpg
[2011/07/08 23:03:54 | 000,200,635 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\sky_is_falling_by_wild_visions-d390xb3.jpg
[2011/07/08 17:17:52 | 000,062,789 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\dude__get_some_sunglasses_by_SpriterDex.png
[2011/07/08 17:12:02 | 000,574,281 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Immortal_by_hgjart.jpg
[2011/07/08 16:48:37 | 000,136,821 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\shady_spot_by_dreamachiever-d3lf1u0.jpg
[2011/07/07 18:10:06 | 000,006,937 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\AA1331C840E76BCC81B547137FC551.jpg
[2011/07/07 03:37:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1202660629-1801674531-1003.job
[2011/07/07 02:09:27 | 000,321,861 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\doodle111by cannedebonbon.jpg
[2011/07/07 00:40:50 | 000,063,278 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\muhammed_alis_greatest_gift_to_dirk_nowitzki.jpg
[2011/07/06 23:54:53 | 000,044,020 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly042011.gif
[2011/07/06 23:53:51 | 000,130,711 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly5th2011.gif
[2011/07/06 23:51:22 | 000,119,023 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\HeathcliffJuly6th2011.gif
[2011/07/06 23:31:44 | 000,027,411 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\heat2-7611-453x340.jpg
[2011/07/04 17:32:18 | 000,031,646 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\fourth_of_july11-hp.jpg
[2011/07/03 02:47:15 | 000,896,454 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\markstreeter.bmp
[2011/07/03 02:45:41 | 000,271,078 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\jimstahler.bmp
[2011/07/03 02:44:34 | 000,253,078 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\billday.bmp
[2011/07/02 01:14:47 | 000,099,042 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\wsj_ext_v2.jpg
[2011/07/01 00:23:21 | 000,186,307 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\vali3frank.JPG
[2011/07/01 00:22:17 | 000,031,256 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\kevinfederline1.jpg
[2011/07/01 00:22:00 | 000,027,788 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\martywesta.jpg
[2011/07/01 00:21:16 | 000,103,532 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\jordia.JPG
[2011/07/01 00:20:50 | 000,038,089 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\rulesofattractiona.jpg
[2011/07/01 00:20:32 | 000,020,396 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Portrai_de_la_pression_111.jpg
[2011/06/30 02:27:15 | 000,009,267 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Cory Elmore.jpg
[2011/06/28 22:48:35 | 000,024,484 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\Robert Adams returns money.jpg
[2011/06/25 03:52:23 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/25 03:52:23 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/24 23:04:13 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\June13th2011.gif
[2011/06/22 16:11:59 | 000,535,749 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\lullaby_dragonet_by_smokepaint-d3ely44.jpg
[2011/06/21 17:03:54 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hp psc 700 series.lnk
[2011/06/21 17:03:53 | 000,001,165 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
[2011/06/21 16:59:26 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5500a.aio
[2011/06/21 16:59:26 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5400a.aio
[2011/06/21 16:59:24 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5300a.aio
[2011/06/16 16:45:47 | 000,017,028 | ---- | C] () -- C:\Documents and Settings\Stacey\My Documents\1308239032_smitten_ampharos_by_glasspanda-d3j27b8.gif
[2011/06/16 16:20:51 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/04/09 22:07:00 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Stacey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/13 16:27:39 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2010/11/29 16:58:49 | 000,069,440 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2010/11/29 16:58:48 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2010/11/29 16:58:47 | 000,255,296 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2010/11/29 16:58:47 | 000,066,880 | ---- | C] () -- C:\WINDOWS\System32\PPCOUNIN.exe
[2010/11/29 16:58:47 | 000,040,600 | ---- | C] () -- C:\WINDOWS\System32\PPCClean.exe
[2010/11/29 16:58:47 | 000,028,992 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2010/01/11 03:06:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Stacey\Application Data\winscp.rnd
[2009/01/20 23:31:01 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2009/01/16 21:43:54 | 000,012,496 | ---- | C] () -- C:\WINDOWS\MSPuzzle.dat
[2009/01/14 17:23:08 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/01/14 17:23:01 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009/01/14 17:21:10 | 000,000,450 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/01/13 16:48:27 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009/01/11 23:49:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/11 03:01:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/10 21:46:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/10 21:44:57 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/01/10 21:27:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/10 21:20:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/10 16:08:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/10 16:07:19 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/20 22:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/03/21 21:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 21:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,314,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,041,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/02/18 10:37:04 | 000,015,853 | ---- | C] () -- C:\WINDOWS\sp1lang.ini
[2001/10/11 11:23:54 | 000,155,136 | ---- | C] () -- C:\WINDOWS\unsp1drv.exe

< End of report >

#10 thundergal

thundergal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 13 July 2011 - 03:11 PM

Here is the scan from Step 2:

C:\Documents and Settings\Stacey\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application cleaned by deleting - quarantined
C:\System Volume Information\_restore{804D8B3E-665F-48B3-9297-BE26B1F5620B}\RP662\A0110278.exe Win32/PowerReg application cleaned by deleting - quarantined

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 13 July 2011 - 05:46 PM

Are you still having popups now?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 thundergal

thundergal
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 13 July 2011 - 07:51 PM

*Gives you a big round of applause* :clapping: No popups at Amazon! Thank you!

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 14 July 2011 - 05:44 PM

Hello, thundergal.
Great news! You're welcome.



Step 1



Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click Posted Imageicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 19 July 2011 - 05:44 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users