Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect - IT'S BACK! [Closed]

Started by Jesterette , Mar 04 2009 08:42 AM

This topic is locked

#1
Jesterette

Posted 04 March 2009 - 08:42 AM

Member

Member
10 posts

I posted yesterday that I'd removed the Google redirect virus. Well, I used Google and Firefox all day long yesterday, hundreds of times, and I had no issues. Today I get up to get back to work, and I'm being redirected again! WTH!?

Here is my thread with my original request and all my logs: http://www.geekstogo...18#entry1476018

I'm a single mom to four and this is costing me more money, stress and worry than I care to think about.

#2
superbird

Posted 04 March 2009 - 10:53 AM

Member

Member
77 posts

Hi,

I will take a look to this question.
As I am in training, all my answers have to be checked by my instructors. So sometimes it can take a bit longer before you get answer.

I'll get back to you as soon as my answer is approved.

#3
superbird

Posted 04 March 2009 - 11:16 AM

Member

Member
77 posts

Hi,

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

#4
Jesterette

Posted 04 March 2009 - 11:37 AM

Member

Topic Starter
Member
10 posts

superbird,

Thanks so much for helping me! I have to get some work done today so I managed to get onto a different computer to work. When I get back to my @*%(! computer I'll do the things you've requested.

Again, thank you so much and I'll be back later this afternoon to post my results.

Kara

#5
superbird

Posted 04 March 2009 - 11:38 AM

Member

Member
77 posts

That's fine, I'll wait for your reply.

#6
Jesterette

Posted 04 March 2009 - 11:43 AM

Member

Topic Starter
Member
10 posts

You know what, since you're here ready and willing to help, I decided I'm going to take my lunch break and get you the info you need. So, I'm running over to my computer and will post my results as soon as I have them.

Thank you!

Edited by Jesterette, 04 March 2009 - 11:44 AM.

#7
Jesterette

Posted 04 March 2009 - 12:04 PM

Member

Topic Starter
Member
10 posts

OTListIt logfile created on: 3/4/2009 12:46:09 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\Kara\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 24.72% Memory free
2.59 Gb Paging File | 1.81 Gb Available in Paging File | 70.02% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.99 Gb Free Space | 5.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESTERETTE2
Current User Name: Kara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Documents and Settings\Kara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Documents and Settings\Kara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Kara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Kara\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe ()
PRC - C:\Documents and Settings\Kara\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (0076331236105124mcinstcleanup [Auto | Stopped]) -- C:\Documents and Settings\Kara\Local Settings\Temp\0076331236105124mcinst.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (LVcKap [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (lvpopflt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PID_0928 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (PRISM_A02 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys (Cisco-Linksys, LLC.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLWUSB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wg111v2.sys (NETGEAR Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StarPortLite [System | Running]) -- C:\WINDOWS\system32\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (pgfilter [On_Demand | Running]) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a99}:3.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.4.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.19.0
FF - prefs.js..extensions.enabledItems: {20291fcc-1471-46c8-8213-0911f5ce6d66}:1.9.0
FF - prefs.js..extensions.enabledItems: {299D6667-B44F-4B17-B0A2-FE4C2FA10767}:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom -> C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN ->
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/10/14 22:02:24 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2009/03/03 13:42:39 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/04 09:26:24 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/02 18:08:57 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Extensions [2008/12/27 18:43:27 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/12/27 18:43:27 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Extensions\[email protected] [2008/11/30 09:50:25 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions [2009/03/03 23:03:17 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{20291fcc-1471-46c8-8213-0911f5ce6d66} [2009/02/27 15:46:53 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2009/02/27 14:27:30 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2009/02/26 12:38:01 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99} [2009/02/27 15:50:27 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/02/27 16:37:45 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\[email protected] [2009/02/25 10:24:32 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\[email protected] [2009/01/21 23:55:26 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/03 23:03:18 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{299D6667-B44F-4B17-B0A2-FE4C2FA10767} [2009/03/01 21:08:41 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/02 18:08:58 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [cdloader] "C:\Documents and Settings\Kara\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Kara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: 44 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...4.14/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://demos.webex....bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\system32\RtlGina2.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\Autorun.exe (NETGEAR Inc.) - [ CDFS ]
O32 - Autorun File - E:\autorun.inf () - [ CDFS ]
O33 - MountPoints2\{14312bc3-e77c-11dc-a07c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{14312bc3-e77c-11dc-a07c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14312bc3-e77c-11dc-a07c-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2007/05/16 09:04:48 | 00,367,328 | R--- | M] (NETGEAR Inc.)
O33 - MountPoints2\{3b417773-0822-11de-bb0d-001f33880558}\Shell - "" = AutoRun
O33 - MountPoints2\{3b417773-0822-11de-bb0d-001f33880558}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b417773-0822-11de-bb0d-001f33880558}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{51e51a5a-bb98-11dd-9e40-001f33880558}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{d83435c6-75df-11dd-9e31-000f661c450c}\Shell - "" = AutoRun
O33 - MountPoints2\{d83435c6-75df-11dd-9e31-000f661c450c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d83435c6-75df-11dd-9e31-000f661c450c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[16 C:\Documents and Settings\Kara\My Documents\*.tmp files]
[2009/03/04 12:45:34 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kara\Desktop\OTListIt2.exe
[2009/03/04 10:20:27 | 06,251,583 | ---- | C] () -- C:\Documents and Settings\Kara\Desktop\wg111v2_3_4_0.zip
[2009/03/04 10:00:42 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/03/04 10:00:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/04 09:51:32 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/03/04 09:51:30 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17063.exe
[2009/03/04 09:50:50 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/03/03 14:00:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/03/03 13:45:33 | 00,113,743 | ---- | C] () -- C:\Documents and Settings\Kara\Desktop\clipdat2.rdf
[2009/03/03 13:45:05 | 28,868,320 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Kara\Desktop\FileFormatConverters.exe
[2009/03/03 13:38:02 | 00,009,307 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/03 13:37:36 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/03/03 13:37:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/03/03 13:36:39 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/03/03 13:32:28 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/03/03 13:32:27 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/03/03 13:32:27 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/03/03 13:32:19 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/03/03 13:31:42 | 00,000,338 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/03/03 13:31:40 | 00,000,330 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/03 13:31:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/03/03 13:31:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/03/03 13:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/03/03 13:26:06 | 00,034,216 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/03/03 13:26:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/03/03 13:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/03/03 13:20:28 | 01,222,128 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Kara\Desktop\DMSetup.exe
[2009/03/02 23:00:54 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/02 22:03:47 | 02,932,707 | R--- | C] () -- C:\Documents and Settings\Kara\Desktop\ComboFix.exe
[2009/03/02 20:29:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/02 20:29:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/02 20:29:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/02 20:28:38 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kara\Desktop\mbam-setup.exe
[2009/03/02 20:27:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Kara\Desktop\NTREGOPT.lnk
[2009/03/02 20:27:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Kara\Desktop\ERUNT.lnk
[2009/03/02 20:27:05 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/02 20:24:42 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Kara\Desktop\erunt_setup.exe
[2009/03/02 20:23:39 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Kara\Desktop\SysRestorePoint.exe
[2009/03/02 19:28:40 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\myresume.doc
[2009/03/02 19:28:40 | 00,071,168 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\karalingenfelterresume.doc
[2009/03/02 19:28:40 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\comp sci work.doc
[2009/03/02 18:29:11 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/03/02 18:29:09 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/03/02 18:29:09 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/02 18:29:09 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/02 18:29:08 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/03/02 18:21:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/03/02 17:05:15 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/03/02 17:05:08 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/02 17:04:58 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/03/02 17:03:56 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/02 17:03:56 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/02 17:03:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/02 17:03:56 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/02 17:03:56 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/02 17:03:56 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/02 17:03:56 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/02 17:03:56 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/02 17:03:56 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/02 16:54:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/03/02 16:49:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/02 16:41:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/02 16:21:14 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/03/02 16:19:19 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kara\Desktop\HiJackThis.exe
[2009/03/02 15:07:19 | 00,000,000 | ---D | C] -- C:\fixwareout
[2009/03/01 21:42:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/01 21:42:12 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/01 21:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\SUPERAntiSpyware.com
[2009/03/01 21:38:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\Malwarebytes
[2009/03/01 21:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/01 21:02:20 | 00,000,000 | ---D | C] -- C:\Program Files\LightScribe Template Labeler
[2009/03/01 20:47:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/03/01 19:37:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2009/02/28 22:02:26 | 00,145,920 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\EarningsExporter_v1_02d.XLS
[2009/02/27 14:36:29 | 00,008,727 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\clipdat3.rdf
[2009/02/18 13:31:26 | 00,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2009/02/18 13:30:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/02/14 22:55:53 | 00,055,296 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\febangelfood.doc
[2009/02/13 16:32:47 | 00,101,570 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\garage.sdr
[2009/02/13 14:50:32 | 00,000,462 | ---- | C] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2009/02/13 14:45:24 | 00,000,000 | ---D | C] -- C:\Program Files\SmartDraw 2009
[2009/02/13 14:45:19 | 00,074,139 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\garage.rs
[2009/02/13 13:43:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\IsolatedStorage
[2009/02/13 13:42:59 | 00,000,000 | ---D | C] -- C:\Program Files\RapidSketch
[2009/02/13 13:40:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Local Settings\Application Data\{C6DC3137-6676-41E8-B51C-9498F7CF093D}
[2009/02/13 13:36:39 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/02/13 13:35:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/02/13 12:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\SmartDraw 2008
[2009/02/13 10:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\SmartDraw
[2009/02/13 10:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/02/10 03:00:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/02/08 21:05:10 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/08 21:04:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\My Documents\NeroVision
[2009/02/08 21:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Local Settings\Application Data\Ahead
[2009/02/08 20:52:16 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\countrywideno.doc
[2009/02/08 20:49:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\Ahead
[2009/02/08 20:47:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/02/08 20:41:01 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/02/08 20:41:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/02/08 20:41:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/02/08 20:39:30 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/02/08 20:39:26 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/02/08 17:21:47 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/02/02 19:56:54 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\khaledeinsteinpaper.doc

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[16 C:\Documents and Settings\Kara\My Documents\*.tmp files]
[2009/03/04 12:45:35 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kara\Desktop\OTListIt2.exe
[2009/03/04 12:40:45 | 00,009,307 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/04 10:34:20 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-57989841-725345543-1003.job
[2009/03/04 10:21:16 | 06,251,583 | ---- | M] () -- C:\Documents and Settings\Kara\Desktop\wg111v2_3_4_0.zip
[2009/03/04 10:04:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/04 10:04:36 | 00,000,462 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2009/03/04 10:00:42 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/03/04 10:00:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/03/04 09:50:50 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/03/04 09:50:50 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17063.exe
[2009/03/04 00:42:52 | 00,181,760 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\2009budgetcalendar.xls
[2009/03/03 14:01:42 | 00,071,584 | ---- | M] () -- C:\Documents and Settings\Kara\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/03 13:45:56 | 28,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kara\Desktop\FileFormatConverters.exe
[2009/03/03 13:45:33 | 00,113,743 | ---- | M] () -- C:\Documents and Settings\Kara\Desktop\clipdat2.rdf
[2009/03/03 13:37:36 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/03/03 13:36:39 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/03/03 13:31:43 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/03/03 13:31:41 | 00,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/03 13:20:29 | 01,222,128 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Kara\Desktop\DMSetup.exe
[2009/03/03 13:05:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/03 13:05:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/03 13:05:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/03/03 13:05:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/03/03 08:39:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/03 08:33:34 | 02,932,707 | R--- | M] () -- C:\Documents and Settings\Kara\Desktop\ComboFix.exe
[2009/03/02 23:00:34 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/02 21:22:51 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/02 21:22:50 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Kara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/02 20:28:47 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kara\Desktop\mbam-setup.exe
[2009/03/02 20:27:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Kara\Desktop\NTREGOPT.lnk
[2009/03/02 20:27:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Kara\Desktop\ERUNT.lnk
[2009/03/02 20:24:44 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Kara\Desktop\erunt_setup.exe
[2009/03/02 18:29:11 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/03/02 18:29:09 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/03/02 18:29:09 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/02 18:29:09 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/02 17:36:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/02 17:05:16 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/02 16:19:20 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kara\Desktop\HiJackThis.exe
[2009/03/01 22:05:44 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wulejope
[2009/03/01 16:50:45 | 00,145,920 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\EarningsExporter_v1_02d.XLS
[2009/02/28 15:50:09 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\budget (version 1).xls
[2009/02/27 14:36:30 | 00,008,727 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\clipdat3.rdf
[2009/02/26 07:51:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/21 13:31:26 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\budget.xls
[2009/02/15 23:50:19 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Kara\Application Data\vso_ts_preview.xml
[2009/02/14 22:55:53 | 00,055,296 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\febangelfood.doc
[2009/02/14 18:38:40 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/13 16:32:47 | 00,101,570 | ---- | M] () -- C:\Documents and Settings\Kara\M

#8
Jesterette

Posted 04 March 2009 - 12:06 PM

Member

Topic Starter
Member
10 posts

[2009/02/13 16:32:47 | 00,101,570 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\garage.sdr
[2009/02/13 14:45:19 | 00,074,139 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\garage.rs
[2009/02/13 13:40:29 | 00,408,590 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/13 13:40:29 | 00,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/13 13:40:29 | 00,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/11 03:01:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/08 20:52:41 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\Book2 (version 1).xls
[2009/02/08 20:52:31 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\countrywideno.doc
[2009/02/04 00:21:14 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\khaledeinsteinpaper.doc
[2009/02/03 16:05:47 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\messageboards.doc

========== LOP Check ==========

[2009/03/03 13:37:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/25 10:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/07/17 10:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/05/14 19:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/02/08 20:47:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/07/17 10:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/07/17 10:43:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2008/06/25 18:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/09/12 14:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/01/03 16:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/05/13 21:29:21 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/05/17 08:13:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/11/18 17:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/03/04 06:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/03/01 20:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/09/12 12:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2008/09/12 11:53:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/03/01 21:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/03 13:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/09/24 09:29:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/08 20:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/03/04 23:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/09/24 10:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/11/25 17:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/03/03 13:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2008/09/10 07:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/03/03 08:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/01 21:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/03 08:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/06/18 14:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/30 09:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/07/17 10:41:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/03 19:41:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/28 00:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/10/29 18:19:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
[2008/05/13 20:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/08/06 14:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/03/02 18:23:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Kara\Application Data
[2008/07/17 10:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\acccore
[2009/01/28 14:13:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Adobe
[2009/02/14 17:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Ahead
[2008/10/09 15:47:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Apple Computer
[2009/01/03 16:04:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\AVS4YOU
[2009/03/04 12:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\DNA
[2008/11/18 17:39:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Google
[2008/03/01 22:37:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Identities
[2008/10/05 20:38:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\InstallShield
[2009/02/13 13:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\IsolatedStorage
[2008/12/19 11:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Macromedia
[2009/03/01 21:38:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Malwarebytes
[2008/09/12 14:43:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Kara\Application Data\Microsoft
[2009/01/14 19:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\mjusbsp
[2009/02/19 17:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Move Networks
[2008/12/27 18:43:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Mozilla
[2008/05/31 11:53:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\MSNInstaller
[2008/07/31 21:59:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\MySpace
[2008/03/04 23:46:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\OfficeUpdate12
[2008/10/24 21:40:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Real
[2008/09/12 16:11:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Skype
[2008/09/12 15:10:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\skypePM
[2009/02/13 11:06:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\SmartDraw
[2008/06/07 20:58:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Sun
[2009/03/01 21:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\SUPERAntiSpyware.com
[2008/11/30 09:50:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\TomTom
[2008/08/29 12:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\U3
[2008/08/03 10:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Viewpoint
[2009/02/15 23:50:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Vso
[2008/09/02 10:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\webex
[2008/10/29 18:22:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\Winamp
[2009/01/03 22:20:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kara\Application Data\WinRAR
[2009/02/26 07:51:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/04 10:34:20 | 00,000,922 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-57989841-725345543-1003.job
[2009/03/03 13:31:43 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/03/03 13:31:41 | 00,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/03/03 13:05:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/03/04 10:04:36 | 00,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Kara\My Documents\Thumbs.db:encryptable
< End of report >

#9
Jesterette

Posted 04 March 2009 - 12:06 PM

Member

Topic Starter
Member
10 posts

OTListIt Extras logfile created on: 3/4/2009 12:46:09 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\Kara\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 24.72% Memory free
2.59 Gb Paging File | 1.81 Gb Available in Paging File | 70.02% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.99 Gb Free Space | 5.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESTERETTE2
Current User Name: Kara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian (Cerulean Studios)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Documents and Settings\Kara\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack (magicJack L.P.)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C347D234-93D8-4595-BDAA-C04638B23B48}" = Adobe Creative Suite 3 Web Premium
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{EB2AD1F7-5190-4F26-A132-15C21F0BE2B5}" = RapidSketch
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"{FCBE0690-CBE1-4C60-87B0-4A70A6F5434E}" = LightScribe Template Labeler
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_247961ef275e20c5cb073c36394ac32" = Add or Remove Adobe Creative Suite 3 Web Premium
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"Belarc Advisor" = Belarc Advisor 7.2
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"Disney Toontown Online" = Disney Toontown Online
"Disney's Toontown Online" = Disney's Toontown Online
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"kSolo" = kSolo Recorder
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1" = PeerGuardian 2.0
"PopCap Browser Plugin" = PopCap Browser Plugin
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Trillian" = Trillian
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SmartDraw 2009" = SmartDraw 2009

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/2/2009 6:43:38 PM | Computer Name = JESTERETTE2 | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 8.1.0.421, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2009 9:22:23 AM | Computer Name = JESTERETTE2 | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 8.1.0.421, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2009 9:22:26 AM | Computer Name = JESTERETTE2 | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 8.1.0.421, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2009 3:01:27 PM | Computer Name = JESTERETTE2 | Source = Application Error | ID = 1000
Description = Faulting application wordconv.exe, version 12.0.6014.5000, faulting
module unknown, version 0.0.0.0, fault address 0x3134d488.

Error - 3/3/2009 7:29:05 PM | Computer Name = JESTERETTE2 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 5228 (0x146c) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.405
/ 5300.2777 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\DAT\5540.0\mferuntime.dat

by c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 3/4/2009 12:02:27 AM | Computer Name = JESTERETTE2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3306, faulting module
ieframe.dll, version 7.0.6000.16791, fault address 0x000c5128.

Error - 3/4/2009 10:58:02 AM | Computer Name = JESTERETTE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/4/2009 10:58:02 AM | Computer Name = JESTERETTE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/4/2009 10:58:02 AM | Computer Name = JESTERETTE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/4/2009 10:58:02 AM | Computer Name = JESTERETTE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 3/2/2009 6:27:31 PM | Computer Name = JESTERETTE2 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/2/2009 6:37:23 PM | Computer Name = JESTERETTE2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 3/2/2009 6:37:23 PM | Computer Name = JESTERETTE2 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/2/2009 6:39:06 PM | Computer Name = JESTERETTE2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the NMIndexingService service
to connect.

Error - 3/2/2009 6:39:06 PM | Computer Name = JESTERETTE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 3/2/2009 6:39:06 PM | Computer Name = JESTERETTE2 | Source = Service Control Manager | ID = 7000
Description = The NMIndexingService service failed to start due to the following
error: %%1053

Error - 3/3/2009 9:34:03 AM | Computer Name = JESTERETTE2 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/3/2009 9:42:55 AM | Computer Name = JESTERETTE2 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_GMER\0000 disappeared from the system without
first being prepared for removal.

Error - 3/3/2009 7:30:25 PM | Computer Name = JESTERETTE2 | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 3/3/2009 7:31:23 PM | Computer Name = JESTERETTE2 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Real-time Scanner service,
but this action failed with the following error: %%1056

< End of report >

#10
superbird

Posted 09 March 2009 - 10:22 AM

Member

Member
77 posts

Hi,

Sorry for the delay. I'll get back to you as soon as possible.

#11
superbird

Posted 09 March 2009 - 11:54 AM

Member

Member
77 posts

Hi,

Sorry for my late reply.

Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI

:Services

:Reg

:Files
C:\WINDOWS\System32\wulejope

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log

#12
Jesterette

Posted 10 March 2009 - 10:09 AM

Member

Topic Starter
Member
10 posts

I'll do this later today and post my results.

Thanks!

#13
superbird

Posted 10 March 2009 - 11:35 AM

Member

Member
77 posts

#14
Jesterette

Posted 10 March 2009 - 05:15 PM

Member

Topic Starter
Member
10 posts

Here it is:

========== OTLISTIT ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\wulejope moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Kara\Local Settings\Temp\etilqs_CWTGayEx8uPit8CsJNH4 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kara\Local Settings\Temp\~DF63AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kara\Local Settings\Temp\~DF7E15.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kara\Local Settings\Temp\~DF9710.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_IDKMEgZNxq3iVVS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_K5IrGFeABG9h1SR scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_6BTZc4kiojNkOje scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_bhwru2Hs9KrU42y scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_rexvHVAkRXDwiyq scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_taAWXR9A0cNUnej scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_UqHaE13wuK3C2oV scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_yIVwnO9vFimDJFd scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_164.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a34.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_7nw2q2Dl9e3A4SY scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_AdJg9FCfpOf86im scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_jUKfmwtjZFS6LXS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_no39BZ4YYndey3K scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_R8nFFGXu4pNUX7G scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_Rk8cyvX3xhTnB6j scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_W9XK34XBr8gJMmb scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.3.4 log created on 03102009_165907

Files moved on Reboot...
File C:\Documents and Settings\Kara\Local Settings\Temp\etilqs_CWTGayEx8uPit8CsJNH4 not found!
File C:\Documents and Settings\Kara\Local Settings\Temp\~DF63AD.tmp not found!
C:\Documents and Settings\Kara\Local Settings\Temp\~DF7E15.tmp moved successfully.
File C:\Documents and Settings\Kara\Local Settings\Temp\~DF9710.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcafee_IDKMEgZNxq3iVVS not found!
File C:\WINDOWS\temp\mcafee_K5IrGFeABG9h1SR not found!
File C:\WINDOWS\temp\mcmsc_6BTZc4kiojNkOje not found!
File C:\WINDOWS\temp\mcmsc_bhwru2Hs9KrU42y not found!
File C:\WINDOWS\temp\mcmsc_rexvHVAkRXDwiyq not found!
File C:\WINDOWS\temp\mcmsc_taAWXR9A0cNUnej not found!
C:\WINDOWS\temp\mcmsc_UqHaE13wuK3C2oV moved successfully.
File C:\WINDOWS\temp\mcmsc_yIVwnO9vFimDJFd not found!
File C:\WINDOWS\temp\Perflib_Perfdata_164.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_a34.dat not found!
C:\WINDOWS\temp\sqlite_7nw2q2Dl9e3A4SY moved successfully.
C:\WINDOWS\temp\sqlite_AdJg9FCfpOf86im moved successfully.
File C:\WINDOWS\temp\sqlite_jUKfmwtjZFS6LXS not found!
File C:\WINDOWS\temp\sqlite_no39BZ4YYndey3K not found!
File C:\WINDOWS\temp\sqlite_R8nFFGXu4pNUX7G not found!
C:\WINDOWS\temp\sqlite_Rk8cyvX3xhTnB6j moved successfully.
File C:\WINDOWS\temp\sqlite_W9XK34XBr8gJMmb not found!
C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\urlclassifier3.sqlite moved successfully.
File C:\Documents and Settings\Kara\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh1uqqs.default\urlclassifier3.sqlite-journal not found!

Registry entries deleted on Reboot...

-----------------------------------------------------------------

OTListIt logfile created on: 3/10/2009 7:04:50 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.3.4 Folder = C:\Documents and Settings\Kara\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 54.96% Memory free
2.59 Gb Paging File | 2.13 Gb Available in Paging File | 82.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.13 Gb Free Space | 8.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 13.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESTERETTE2
Current User Name: Kara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Documents and Settings\Kara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe ()
PRC - C:\Documents and Settings\Kara\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (0076331236105124mcinstcleanup [Auto | Stopped]) -- File not found
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (LVcKap [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (lvpopflt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PID_0928 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS (Logitech Inc.)
DRV - (PRISM_A02 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys (Cisco-Linksys, LLC.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLWUSB [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wg111v2.sys (NETGEAR Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StarPortLite [System | Running]) -- C:\WINDOWS\system32\DRIVERS\StarPortLite.sys (Rocket Division Software)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (pgfilter [On_Demand | Running]) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a99}:3.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.4.2.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.19.0
FF - prefs.js..extensions.enabledItems: {20291fcc-1471-46c8-8213-0911f5ce6d66}:1.9.0
FF - prefs.js..extensions.enabledItems: {299D6667-B44F-4B17-B0A2-FE4C2FA10767}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom -> C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN ->
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/10/14 23:02:24 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> %ProgramFiles%\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2009/03/03 14:42:39 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/10 18:55:07 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/10 18:55:06 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Extensions [2008/12/27 19:43:27 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/12/27 19:43:27 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Extensions\[email protected] [2008/11/30 10:50:25 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions [2009/03/10 17:04:16 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{20291fcc-1471-46c8-8213-0911f5ce6d66} [2009/02/27 16:46:53 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2009/02/27 15:27:30 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2009/02/26 13:38:01 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99} [2009/02/27 16:50:27 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/02/27 17:37:45 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\[email protected] [2009/02/25 11:24:32 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Kara\Application Data\mozilla\Firefox\Profiles\9uh1uqqs.default\extensions\[email protected] [2009/01/22 00:55:26 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/03/10 17:04:16 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{299D6667-B44F-4B17-B0A2-FE4C2FA10767} [2009/03/01 22:08:41 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/10 18:55:06 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [cdloader] "C:\Documents and Settings\Kara\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Kara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: 44 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...4.14/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://demos.webex....bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\system32\RtlGina2.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\Autorun.exe (NETGEAR Inc.) - [ CDFS ]
O32 - Autorun File - E:\autorun.inf () - [ CDFS ]
O33 - MountPoints2\{3b417773-0822-11de-bb0d-001f33880558}\Shell - "" = AutoRun
O33 - MountPoints2\{3b417773-0822-11de-bb0d-001f33880558}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b417773-0822-11de-bb0d-001f33880558}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{51e51a5a-bb98-11dd-9e40-001f33880558}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{d83435c6-75df-11dd-9e31-000f661c450c}\Shell - "" = AutoRun
O33 - MountPoints2\{d83435c6-75df-11dd-9e31-000f661c450c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d83435c6-75df-11dd-9e31-000f661c450c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[16 C:\Documents and Settings\Kara\My Documents\*.tmp files]
[2009/03/10 16:58:23 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/04 15:14:12 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/04 13:45:34 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kara\Desktop\OTListIt2.exe
[2009/03/04 11:20:27 | 06,251,583 | ---- | C] () -- C:\Documents and Settings\Kara\Desktop\wg111v2_3_4_0.zip
[2009/03/04 11:00:42 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/03/04 11:00:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/04 10:51:32 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/03/04 10:51:30 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17063.exe
[2009/03/04 10:50:50 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/03/03 15:00:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/03/03 14:45:33 | 00,113,743 | ---- | C] () -- C:\Documents and Settings\Kara\Desktop\clipdat2.rdf
[2009/03/03 14:45:05 | 28,868,320 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Kara\Desktop\FileFormatConverters.exe
[2009/03/03 14:38:02 | 00,009,791 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/03 14:37:36 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/03/03 14:37:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/03/03 14:36:39 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/03/03 14:32:28 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/03/03 14:32:27 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/03/03 14:32:27 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/03/03 14:32:19 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/03/03 14:31:42 | 00,000,338 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/03/03 14:31:40 | 00,000,330 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/03 14:31:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/03/03 14:31:09 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/03/03 14:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/03/03 14:26:06 | 00,034,216 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/03/03 14:20:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/03/03 14:20:28 | 01,222,128 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Kara\Desktop\DMSetup.exe
[2009/03/03 00:00:54 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/02 23:03:47 | 02,932,707 | R--- | C] () -- C:\Documents and Settings\Kara\Desktop\ComboFix.exe
[2009/03/02 21:29:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/02 21:29:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/02 21:29:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/02 21:28:38 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kara\Desktop\mbam-setup.exe
[2009/03/02 21:27:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Kara\Desktop\NTREGOPT.lnk
[2009/03/02 21:27:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Kara\Desktop\ERUNT.lnk
[2009/03/02 21:27:05 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/02 21:24:42 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Kara\Desktop\erunt_setup.exe
[2009/03/02 21:23:39 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Kara\Desktop\SysRestorePoint.exe
[2009/03/02 20:28:40 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\myresume.doc
[2009/03/02 20:28:40 | 00,071,168 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\karalingenfelterresume.doc
[2009/03/02 20:28:40 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\comp sci work.doc
[2009/03/02 19:29:11 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/03/02 19:29:09 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/03/02 19:29:09 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/02 19:29:09 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/02 19:29:08 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/03/02 19:21:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/03/02 18:05:15 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/03/02 18:05:08 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/02 18:04:58 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/03/02 18:03:56 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/02 18:03:56 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/02 18:03:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/02 18:03:56 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/02 18:03:56 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/02 18:03:56 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/02 18:03:56 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/02 18:03:56 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/02 18:03:56 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/02 17:54:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/03/02 17:49:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/02 17:41:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/02 17:21:14 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/03/02 17:19:19 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kara\Desktop\HiJackThis.exe
[2009/03/02 16:07:19 | 00,000,000 | ---D | C] -- C:\fixwareout
[2009/03/01 22:42:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/01 22:42:12 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/01 22:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\SUPERAntiSpyware.com
[2009/03/01 22:38:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\Malwarebytes
[2009/03/01 22:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/01 22:02:20 | 00,000,000 | ---D | C] -- C:\Program Files\LightScribe Template Labeler
[2009/03/01 21:47:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/03/01 20:37:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2009/02/28 23:02:26 | 00,145,920 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\EarningsExporter_v1_02d.XLS
[2009/02/27 15:36:29 | 00,008,727 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\clipdat3.rdf
[2009/02/18 14:31:26 | 00,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2009/02/18 14:30:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/02/14 23:55:53 | 00,055,296 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\febangelfood.doc
[2009/02/13 17:32:47 | 00,101,570 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\garage.sdr
[2009/02/13 15:50:32 | 00,000,462 | ---- | C] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2009/02/13 15:45:24 | 00,000,000 | ---D | C] -- C:\Program Files\SmartDraw 2009
[2009/02/13 15:45:19 | 00,074,139 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\garage.rs
[2009/02/13 14:43:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\IsolatedStorage
[2009/02/13 14:42:59 | 00,000,000 | ---D | C] -- C:\Program Files\RapidSketch
[2009/02/13 14:40:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Local Settings\Application Data\{C6DC3137-6676-41E8-B51C-9498F7CF093D}
[2009/02/13 14:36:39 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/02/13 14:35:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/02/13 13:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\SmartDraw 2008
[2009/02/13 11:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\SmartDraw
[2009/02/13 11:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/02/10 04:00:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/02/08 22:05:10 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/08 22:04:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\My Documents\NeroVision
[2009/02/08 22:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Local Settings\Application Data\Ahead
[2009/02/08 21:52:16 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Kara\My Documents\countrywideno.doc
[2009/02/08 21:49:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kara\Application Data\Ahead
[2009/02/08 21:47:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/02/08 21:41:01 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/02/08 21:41:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/02/08 21:41:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/02/08 21:39:30 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/02/08 21:39:26 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[16 C:\Documents and Settings\Kara\My Documents\*.tmp files]
[2009/03/10 18:48:47 | 00,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/10 18:48:47 | 00,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/10 18:48:46 | 00,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/10 18:46:38 | 00,000,462 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2009/03/10 18:46:25 | 00,009,791 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/10 18:46:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/10 18:46:07 | 01,587,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/10 18:45:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/10 18:45:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/10 18:45:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/03/10 18:44:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/03/10 17:09:18 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-57989841-725345543-1003.job
[2009/03/10 16:52:14 | 00,181,760 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\2009budgetcalendar.xls
[2009/03/05 08:51:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/04 13:45:35 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kara\Desktop\OTListIt2.exe
[2009/03/04 11:21:16 | 06,251,583 | ---- | M] () -- C:\Documents and Settings\Kara\Desktop\wg111v2_3_4_0.zip
[2009/03/04 11:00:42 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/03/04 11:00:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/03/04 10:50:50 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/03/04 10:50:50 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17063.exe
[2009/03/03 15:01:42 | 00,071,584 | ---- | M] () -- C:\Documents and Settings\Kara\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/03 14:45:56 | 28,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kara\Desktop\FileFormatConverters.exe
[2009/03/03 14:45:33 | 00,113,743 | ---- | M] () -- C:\Documents and Settings\Kara\Desktop\clipdat2.rdf
[2009/03/03 14:37:36 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2009/03/03 14:36:39 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk
[2009/03/03 14:31:43 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/03/03 14:31:41 | 00,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/03 14:20:29 | 01,222,128 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Kara\Desktop\DMSetup.exe
[2009/03/03 09:39:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/03 09:33:34 | 02,932,707 | R--- | M] () -- C:\Documents and Settings\Kara\Desktop\ComboFix.exe
[2009/03/03 00:00:34 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/03/02 22:22:51 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/02 22:22:50 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Kara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/02 21:28:47 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kara\Desktop\mbam-setup.exe
[2009/03/02 21:27:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Kara\Desktop\NTREGOPT.lnk
[2009/03/02 21:27:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Kara\Desktop\ERUNT.lnk
[2009/03/02 21:24:44 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Kara\Desktop\erunt_setup.exe
[2009/03/02 19:29:11 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/03/02 19:29:09 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/03/02 19:29:09 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/02 19:29:09 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/02 18:36:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/02 18:05:16 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/02 17:19:20 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kara\Desktop\HiJackThis.exe
[2009/03/01 17:50:45 | 00,145,920 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\EarningsExporter_v1_02d.XLS
[2009/02/28 16:50:09 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\budget (version 1).xls
[2009/02/27 15:36:30 | 00,008,727 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\clipdat3.rdf
[2009/02/21 14:31:26 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\budget.xls
[2009/02/16 00:50:19 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Kara\Application Data\vso_ts_preview.xml
[2009/02/14 23:55:53 | 00,055,296 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\febangelfood.doc
[2009/02/14 19:38:40 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/13 17:32:47 | 00,101,570 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\garage.sdr
[2009/02/13 15:45:19 | 00,074,139 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\garage.rs
[2009/02/11 11:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 11:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/11 04:01:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/08 21:52:41 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\Book2 (version 1).xls
[2009/02/08 21:52:31 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Kara\My Documents\countrywideno.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Kara\My Documents\Thumbs.db:encryptable
< End of report >

#15
superbird

Posted 11 March 2009 - 01:33 PM

Member

Member
77 posts

Hi,

1. Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:Scan Archives
  Scan Mail Bases
Click OK and, under select a target to scan, select My Computer

When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Also tell me which problems you still have.