Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think I may have the Conficker worm-SERIOUSLY


  • Please log in to reply

#1
BethErin

BethErin

    Member

  • Member
  • PipPip
  • 14 posts
OK, so this problem is just multiplying. I, myself, am very comfortable working on my pc and contacted Geek Squad when all the antivirus software i have on disk didnt work. the guy told me to bring it in and they would help me but for a huge price. I had to start my pc in safe mode because it wont do anything else and delete all the files that I could visibly see that were associated with these fiels because everything else on the pc was locked. I had success and was able to get ComboFix to run on the pc and get a log. ALL my antivirus software had been disabled and i couldnt get on any of the websites to get more help. I am using my mothers pc and cd burner and downloading things onto cd then installing it on mine. Same goes for how I am going to have to get the logfiles and such. I have disconnected my computer completely from the internet(unplugged the ethernet cord). If this thing can make a new user on my computer then im sure it can bypass the firewall but it cant make a connection through thin air. I deleted the username on my computer named "trustworthy user", yeah, right. For now, until i figure out what else to do, I am just running my antivirus software simultaneously to hopefully keep it at bay. Everytime they run they find a different critical file. What do i do? I talked to an IT that comes into where I work and they helped me fix it yesterday but it has just returned. AND multiplied. It ran fine all night last night then a mysterious thing said it was installing an update so my husband just unplugged the pc immediately. I turned it on this morning and thats when i discovered it multiplied. AAAHHHHH.
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Can you rerun combofix and post the log into this thread
  • 0

#3
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
yes

Edited by BethErin, 01 May 2009 - 11:36 AM.

  • 0

#4
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OK....




ComboFix 09-04-29.07 - Jason And Beth 05/01/2009 13:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1046 [GMT -4:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\ecobar.dll
c:\program files\runit
c:\program files\runit\config.txt
c:\program files\SelectRebates
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\Setup Wizard
c:\program files\Setup Wizard\asycfilt.dll
c:\program files\Setup Wizard\comcat.dll
c:\program files\Setup Wizard\Comdlg32.ocx
c:\program files\Setup Wizard\MSCOMCTL.OCX
c:\program files\Setup Wizard\MSINET.OCX
c:\program files\Setup Wizard\msvbvm60.dll
c:\program files\Setup Wizard\Mswinsck.ocx
c:\program files\Setup Wizard\oleaut32.dll
c:\program files\Setup Wizard\olepro32.dll
c:\program files\Setup Wizard\stdole2.tlb
c:\windows\system32\drivers\gxvxcpwnpvxoqdpvkmmbbsfprxtaiivrppxji.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcmpidgbragoxvqfyspeycekilrphxkolt.dll
c:\windows\system32\gzmrot-uninst.exe
c:\windows\system32\rightonadz-uninst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 00:41 . 2009-04-30 03:53 680 ----a-w c:\users\Jason And Beth\AppData\Local\d3d9caps.dat
2009-04-29 10:23 . 2000-07-15 04:00 101888 ----a-w c:\windows\system32\VB6STKIT.DLL
2009-04-16 09:11 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-08 19:25 . 2009-04-08 19:51 -------- d-----w c:\users\Jason And Beth\AppData\Roaming\Download Manager
2009-04-08 19:10 . 2009-04-08 19:14 -------- d-----w c:\users\Jason And Beth\AppData\Roaming\gtk-2.0
2009-04-08 19:10 . 2009-04-08 19:10 -------- d-----w c:\users\Jason And Beth\.thumbnails
2009-04-08 19:06 . 2009-04-09 00:51 -------- d-----w c:\users\Jason And Beth\.gimp-2.6
2009-04-08 19:06 . 2009-04-08 19:06 -------- d-----w c:\users\Jason And Beth\.gegl-0.0
2009-04-08 19:05 . 2009-04-08 19:05 -------- d-----w c:\program files\GIMP-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 19:25 . 2009-04-30 03:46 5018 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-04-30 04:19 . 2008-11-12 15:49 126704 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-30 00:53 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-30 00:53 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-30 00:53 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-29 23:46 . 2007-09-13 15:16 126704 ----a-w c:\users\Jason And Beth\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 23:11 . 2008-12-29 00:16 -------- d-----w c:\program files\Mixxx
2009-04-29 14:31 . 2007-09-10 20:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-29 12:38 . 2009-03-09 01:05 -------- d-----w c:\program files\Image-Line
2009-04-26 20:49 . 2007-09-10 20:27 -------- d-----w c:\program files\McAfee
2009-04-17 07:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-29 14:18 . 2009-03-02 00:17 -------- d-----w c:\program files\VST
2009-03-29 01:17 . 2009-03-29 01:17 -------- d-----w c:\program files\DDClip LE
2009-03-29 01:17 . 2009-03-29 01:17 -------- d-----w c:\program files\Common Files\SoftLab-NSK
2009-03-25 23:37 . 2009-03-25 23:37 120 ----a-w c:\users\Guest\AppData\Roaming\wklnhst.dat
2009-03-25 15:06 . 2007-09-10 20:27 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 15:06 . 2007-09-10 20:27 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 15:06 . 2007-09-10 20:27 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 15:06 . 2007-09-10 20:27 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 15:05 . 2007-09-10 20:27 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-23 16:19 . 2009-03-23 16:18 -------- d-----w c:\program files\iTunes
2009-03-23 16:19 . 2009-03-23 16:19 -------- d-----w c:\program files\iPod
2009-03-23 16:19 . 2009-03-09 15:33 -------- d-----w c:\program files\Common Files\Apple
2009-03-23 16:18 . 2009-03-23 16:18 -------- d-----w c:\program files\Bonjour
2009-03-23 16:14 . 2009-03-23 16:13 -------- d-----w c:\program files\QuickTime
2009-03-17 03:38 . 2009-04-16 09:11 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 09:11 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 09:11 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 15:34 . 2009-03-09 15:34 -------- d-----w c:\program files\Apple Software Update
2009-03-09 15:26 . 2009-03-09 15:26 -------- d-----w c:\program files\ShareDRMusic
2009-03-09 01:08 . 2009-03-09 01:08 -------- d-----w c:\program files\ASIO4ALL v2
2009-03-09 01:07 . 2009-03-09 01:07 -------- d-----w c:\program files\Outsim
2009-03-06 00:12 . 2007-09-14 02:56 -------- d-----w c:\program files\LimeWire
2009-03-03 04:46 . 2009-04-16 09:12 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 09:12 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 09:11 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 09:12 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 09:12 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 09:12 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 09:11 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 09:12 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 09:12 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 09:12 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 09:12 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 09:12 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 09:11 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-02 00:17 . 2009-03-02 00:17 -------- d-----w c:\program files\Acoustica Mixcraft 3
2009-03-02 00:17 . 2007-09-21 21:59 -------- d-----w c:\program files\Acoustica Shared Effects
2009-03-01 23:04 . 2009-03-01 23:04 -------- d-----w c:\program files\NZCSM
2009-03-01 23:03 . 2009-03-01 23:03 -------- d-----w c:\program files\Cosmi
2009-03-01 23:03 . 2009-03-01 23:03 -------- d-----w c:\program files\Common Files\Borland Shared
2009-02-13 08:49 . 2009-04-16 09:11 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-09 03:10 . 2009-03-10 22:14 2033152 ----a-w c:\windows\system32\win32k.sys
2008-09-03 19:30 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-10-04 18:30 . 2007-10-04 18:30 774144 ----a-w c:\program files\RngInterstitial.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w c:\program files\mozilla firefox\plugins\MyCamera.dll
2007-09-11 03:57 . 2007-09-11 03:54 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-15 90192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-15 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-15 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-3 139776]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-10 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC6C8184-9A0E-4333-AA5C-9CF87E91EE79}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.12.6
"{D9C2F0E7-990F-4F19-B074-C222FC36E6FE}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire 4.12.6
"TCP Query User{AF3B86B1-430F-4FBF-8F26-55D24A6B5150}c:\\program files\\myspace\\im\\myspaceim.exe"= UDP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{7799BF1F-9C1E-45BD-B1A5-C9B4BFE11D3A}c:\\program files\\myspace\\im\\myspaceim.exe"= TCP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{B0EB85EF-DB14-40E3-8A5A-29661EF9AAC8}"= UDP:c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe:LimeWireWin4.18.8
"{091BD266-7C0F-4CE7-9690-9379908E50AB}"= TCP:c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe:LimeWireWin4.18.8
"TCP Query User{9AE29C2E-3D17-49BB-96BA-3017DE422865}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4E657B8C-93D0-438A-95A6-C5B42F63B578}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{E9ED1647-2391-4667-ACAC-6EC592D431DD}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A4996830-67D5-442B-9A81-1F9226516535}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{BD38C0CF-3F7D-43C1-9D16-6548D5F5E6DF}c:\\program files\\myspace\\im\\myspaceim.exe"= UDP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{691A42F1-6BBF-45EA-B700-0224E841E9CC}c:\\program files\\myspace\\im\\myspaceim.exe"= TCP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{AF573D87-179A-45E4-A5E4-9F0CB5F1B6C0}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{2C5606DE-7834-4ADB-9432-0C38225B90D9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{ADFE8B83-AE4E-41C8-A5F0-74D05200247D}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CB0E697A-4A5A-41EE-9A90-2D237D4695EC}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{65A126E5-70D3-4F63-81E8-16EE05A6CCA2}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{D36DE65B-2B2D-4442-9182-CD2A104C633E}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{85102ED6-36AF-4AE3-BFB7-470559CCC694}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B2703649-A39D-4088-B6BF-3327FCFEFD5B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{34B17DD5-F707-484F-8079-407A3577EDC5}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BE9942CC-5D0D-495C-8EDC-89A296639D47}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 CV2K1;CommView Network Monitor; [x]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
S0 cdburner;cdburner;c:\windows\system32\DRIVERS\cdburner.sys [2008-07-24 15872]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0072b2-7156-11dc-8342-001aa05883ab}]
\shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-29 00:21]

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{B74F8B6A-7D8B-4807-B10B-A4D6186F2CE0}.job
- c:\windows\system32\msfeedssync.exe [2008-09-03 03:33]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{7EFBC57C-CD57-481F-B794-648FCE9C9116} - (no file)
HKCU-Run-Aim6 - (no file)
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: {C4F33308-35DB-4A32-AFC1-A70CC175E70F} = 85.255.0.0,85.255.0.0
FF - ProfilePath - c:\users\Jason And Beth\AppData\Roaming\Mozilla\Firefox\Profiles\357jezpm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Jason And Beth\AppData\Roaming\Mozilla\Firefox\Profiles\357jezpm.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 15:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\JASONA~1\AppData\Local\Temp\gxvxc000 0 bytes
c:\windows\TEMP\mcafee_Sjb9THooHM56kgC 0 bytes
c:\windows\TEMP\mcafee_Sjb9THooHM56kgC-journal 20 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxchhixntrnrsrdxfmtvrmjaqwvbddlyvgd.sys"

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-01 13:33
ComboFix-quarantined-files.txt 2009-05-01 13:26

Pre-Run: 160,124,379,136 bytes free
Post-Run: 160,528,728,064 bytes free

349 --- E O F --- 2009-05-01 12:11
  • 0

#5
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Good,

Not conflicker but something just as nasty but should go after a few steps. First I need a little more info

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#6
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OK my computer is in safe mode and while i posted earlier i ran Malwarebytes Anti-Malware. Here is the OTLISTIT.TXT file.

OTListIt logfile created on: 5/1/2009 2:06:11 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = G:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 76.83% Memory free
4.00 Gb Paging File | 3.77 Gb Available in Paging File | 94.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 149.14 Gb Free Space | 66.94% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.86 Gb Free Space | 58.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 495.22 Mb Total Space | 487.91 Mb Free Space | 98.52% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASONANDBETH-PC
Current User Name: Jason And Beth
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - G:\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AdobeActiveFileMonitor6.0 [Auto | Stopped]) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (AERTFilters [Auto | Stopped]) -- C:\Windows\system32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (lxcz_device [Disabled | Stopped]) -- C:\Windows\system32\lxczcoms.exe ( )
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Stopped]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Stopped]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Stopped]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Stopped]) -- C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (ASPI [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ASPI32.sys (Adaptec)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cdburner [Boot | Running]) -- C:\Windows\system32\DRIVERS\cdburner.sys ()
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (CV2K1 [On_Demand | Stopped]) -- .~lock.paper.odt# ()
DRV - (DLABMFSM [Auto | Stopped]) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Stopped]) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [System | Running]) -- C:\Windows\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Stopped]) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Stopped]) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Stopped]) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Stopped]) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\Windows\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Stopped]) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Stopped]) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Stopped]) -- C:\Windows\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elagopro [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Stopped]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (IpInIp [On_Demand | Stopped]) -- .~lock.paper.odt# ()
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (mfeavfk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Boot | Running]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvrd32 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvstor32 [Boot | Running]) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NwlnkFlt [On_Demand | Stopped]) -- .~lock.paper.odt# ()
DRV - (NwlnkFwd [On_Demand | Stopped]) -- .~lock.paper.odt# ()
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Stopped]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbbus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://www9.yoog.com.../search.php?q="

FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www9.yoog.com.../search.php?q="
FF - user.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/10/28 22:08:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 09:35:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 09:35:56 | 00,000,000 | ---D | M]

[2009/03/05 20:12:39 | 00,000,000 | ---D | M] -- C:\Users\Jason And Beth\AppData\Roaming\mozilla\Extensions
[2008/11/17 11:11:19 | 00,000,000 | ---D | M] -- C:\Users\Jason And Beth\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/05 20:12:39 | 00,000,000 | ---D | M] -- C:\Users\Jason And Beth\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/04/30 16:08:10 | 00,000,000 | ---D | M] -- C:\Users\Jason And Beth\AppData\Roaming\mozilla\Firefox\Profiles\357jezpm.default\extensions
[2008/03/06 19:20:27 | 00,000,000 | ---D | M] -- C:\Users\Jason And Beth\AppData\Roaming\mozilla\Firefox\Profiles\357jezpm.default\extensions\[email protected]
[2009/02/04 09:37:27 | 00,001,739 | ---- | M] () -- C:\Users\Jason And Beth\AppData\Roaming\Mozilla\FireFox\Profiles\357jezpm.default\searchplugins\aim-search.xml
[2008/12/12 14:23:54 | 00,002,158 | ---- | M] () -- C:\Users\Jason And Beth\AppData\Roaming\Mozilla\FireFox\Profiles\357jezpm.default\searchplugins\MySpace.xml
[2009/01/14 18:03:08 | 00,000,246 | ---- | M] () -- C:\Users\Jason And Beth\AppData\Roaming\Mozilla\FireFox\Profiles\357jezpm.default\searchplugins\Yoog Search.xml
[2009/04/30 00:05:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/02/04 02:37:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{45925a5c-e3de-447f-bed2-ded87acae111}
[2009/04/29 09:35:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [NvExportOEMDefaults] RUNDLL32.EXE C:\Windows\system32\NVCPL.DLL,ExportOEMDefaults (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [NvRegisterMCTray] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvMCRegisterApp C:\Windows\system32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files\SmartWhois\swmsie.exe (TamoSoft)
O9 - Extra 'Tools' menuitem : SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files\SmartWhois\swmsie.exe (TamoSoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/10/01 21:49:32 | 00,000,000 | ---D | M] - C:\AUTOTECH -- [ NTFS ]
O33 - MountPoints2\{7b0072b2-7156-11dc-8342-001aa05883ab}\Shell - "" = AutoRun
O33 - MountPoints2\{7b0072b2-7156-11dc-8342-001aa05883ab}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\*.tmp files]
[2 C:\Windows\*.tmp files]
[2009/05/01 04:32:09 | 22,217,6960 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/04/30 19:30:31 | 00,000,934 | ---- | C] () -- C:\Users\Jason And Beth\Desktop\FL Studio 8.lnk
[2009/04/30 17:02:16 | 00,000,000 | ---D | C] -- C:\Users\Jason And Beth\Desktop\ANTI VIRAL DO NOT RUN THESE PROGRAMS!!!
[2009/04/30 16:13:27 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/04/30 16:12:54 | 00,000,000 | ---D | C] -- C:\Users\Jason And Beth\AppData\Roaming\SUPERAntiSpyware.com
[2009/04/30 16:12:54 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/30 15:38:31 | 00,000,000 | ---D | C] -- C:\Users\Jason And Beth\AppData\Roaming\Malwarebytes
[2009/04/30 15:38:29 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/30 15:38:27 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/30 15:38:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/04/30 15:38:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 15:13:58 | 00,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2009/04/30 15:12:56 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/04/30 15:12:56 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/04/30 15:12:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/04/30 15:12:56 | 00,117,248 | ---- | C] () -- C:\Windows\vFind.exe
[2009/04/30 15:12:56 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/04/30 15:12:56 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/04/30 15:12:56 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/04/30 15:12:56 | 00,029,696 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/04/30 15:12:28 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/04/30 15:12:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/29 23:44:16 | 00,004,640 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2009/04/29 23:43:20 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/04/29 23:39:14 | 00,442,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/29 09:35:59 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/04/29 06:23:05 | 00,245,760 | ---- | C] (LansSoft Studio) -- C:\Windows\System32\aUpdateNow.ocx
[2009/04/29 06:23:04 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
[2009/04/28 14:36:49 | 00,018,444 | ---- | C] () -- C:\Users\Jason And Beth\Desktop\small_small_beat-cd-cover.jpg
[2009/04/18 22:05:01 | 00,000,000 | ---D | C] -- C:\Users\Jason And Beth\Desktop\SSS Bass Test_data
[2009/04/16 05:12:18 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/16 05:12:15 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/16 05:12:15 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/16 05:12:07 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/16 05:12:07 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/16 05:12:07 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/16 05:12:06 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/16 05:12:05 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/16 05:12:05 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/16 05:12:05 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/16 05:12:05 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/16 05:12:05 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/16 05:12:05 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/16 05:11:59 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/16 05:11:58 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/16 05:11:58 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/16 05:11:58 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/16 05:11:57 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/16 05:11:52 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/16 05:11:51 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/16 05:11:50 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/16 05:11:49 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/16 05:11:49 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/16 05:11:49 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/16 05:11:49 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/16 05:11:48 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/16 05:11:48 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/16 05:11:48 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/16 05:11:48 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/16 05:11:48 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/16 05:11:47 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/16 05:11:46 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/16 05:11:44 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/13 18:15:44 | 00,000,000 | ---D | C] -- C:\Users\Jason And Beth\Desktop\TEST
[2009/04/08 15:25:26 | 85,386,0607 | ---- | C] () -- C:\Users\Jason And Beth\Documents\ADBEPHSPCS4_LS1.7z
[2009/04/08 15:25:22 | 00,000,000 | ---D | C] -- C:\Users\Jason And Beth\AppData\Roaming\Download Manager
[2009/04/08 15:10:24 | 00,000,000 | ---D | C] -- C:\Users\Jason And Beth\AppData\Roaming\gtk-2.0
[2009/04/08 15:05:18 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2009/04/03 22:09:12 | 00,000,000 | ---D | C] -- C:\Users\Jason And Beth\Desktop\Beats
[2009/03/09 11:26:23 | 00,015,872 | ---- | C] () -- C:\Windows\System32\drivers\cdburner.sys
[2009/03/01 19:03:12 | 00,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll
[2009/03/01 19:03:12 | 00,063,488 | ---- | C] () -- C:\Windows\System32\Eztw32.dll
[2008/07/17 17:56:37 | 00,001,204 | ---- | C] () -- C:\Windows\AWSHKWV.INI
[2008/02/04 04:26:19 | 00,004,608 | ---- | C] () -- C:\Windows\System32\ittycmgy.dll
[2007/10/01 21:49:19 | 00,000,035 | ---- | C] () -- C:\Windows\atechloc.ini
[2007/10/01 21:49:07 | 00,000,083 | ---- | C] () -- C:\Windows\atech.ini
[2007/09/15 22:16:25 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/09/15 22:16:21 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/09/13 21:34:46 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
[2007/09/13 21:34:46 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
[2007/09/13 21:30:22 | 00,000,252 | ---- | C] () -- C:\Windows\Lexstat.ini
[2007/09/13 21:25:21 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2007/09/13 21:21:17 | 00,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/09/13 21:20:46 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2007/09/13 21:20:46 | 00,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2007/09/13 21:20:45 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2007/09/13 21:20:44 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2007/09/13 21:20:43 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2007/09/13 21:20:43 | 00,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2007/09/13 21:20:42 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2007/09/13 21:20:42 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2007/09/13 21:20:41 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2007/09/13 21:20:41 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2007/09/13 21:20:40 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2007/09/13 21:20:36 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2007/09/13 21:20:32 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2007/09/13 21:20:32 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2007/08/20 20:26:52 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/08/20 20:26:52 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/08/15 18:33:14 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/03/19 05:04:58 | 00,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 00,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 00,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/07 15:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:31 | 00,000,307 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/07 14:23:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 12:19:14 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/07 12:59:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 18:11:05 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 18:11:05 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[1999/05/31 10:29:14 | 00,008,539 | ---- | C] () -- C:\Windows\System32\ddcfxprs.ini

========== Files - Modified Within 30 Days ==========

[2 C:\*.tmp files]
[1 C:\Windows\System32\*.tmp files]
[2 C:\Windows\*.tmp files]
[2009/05/01 13:27:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/01 12:44:46 | 00,004,640 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/05/01 12:44:25 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/05/01 12:42:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/01 12:41:53 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/01 12:41:53 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/01 07:20:30 | 00,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B74F8B6A-7D8B-4807-B10B-A4D6186F2CE0}.job
[2009/05/01 04:32:34 | 22,217,6960 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/04/30 19:30:31 | 00,000,934 | ---- | M] () -- C:\Users\Jason And Beth\Desktop\FL Studio 8.lnk
[2009/04/30 16:50:17 | 00,117,248 | ---- | M] () -- C:\Windows\vFind.exe
[2009/04/30 15:25:35 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/04/30 00:18:18 | 00,442,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/29 09:35:59 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/04/29 06:53:35 | 00,018,444 | ---- | M] () -- C:\Users\Jason And Beth\Desktop\small_small_beat-cd-cover.jpg
[2009/04/14 10:22:48 | 00,051,193 | ---- | M] () -- C:\Users\Jason And Beth\Documents\Jason's Resumeword.doc
[2009/04/09 12:50:15 | 00,749,965 | ---- | M] () -- C:\Users\Jason And Beth\Documents\midnightsun_partial_draft4.pdf
[2009/04/08 15:51:31 | 85,386,0607 | ---- | M] () -- C:\Users\Jason And Beth\Documents\ADBEPHSPCS4_LS1.7z
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >
  • 0

#7
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
AND the EXTRAS.TXT file-


OTListIt Extras logfile created on: 5/1/2009 2:06:11 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = G:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 76.83% Memory free
4.00 Gb Paging File | 3.77 Gb Available in Paging File | 94.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 149.14 Gb Free Space | 66.94% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.86 Gb Free Space | 58.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 495.22 Mb Total Space | 487.91 Mb Free Space | 98.52% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JASONANDBETH-PC
Current User Name: Jason And Beth
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{00B71CD7-3F13-4883-A041-DE4278486D5E} = LPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28527 | APP=SYSTEM |
{15F80AD3-35A0-42AB-8BD7-A8298BA687B6} = LPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28519 | APP=SYSTEM |
{16234546-2007-472B-9EF6-7C486A4CCFC1} = RPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28515 | APP=SYSTEM |
{2945C3F1-4C37-41EB-937E-4759FA4455CA} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-32785 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{4EF5013F-1883-4AC8-B17E-8B835FEBEEA6} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-32753 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{5261F1BE-E083-4BCD-88F9-98F3F31C7DFE} = RPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28523 | APP=SYSTEM |
{60521DFE-27C6-475D-BB54-689C92B40F3A} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-32757 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{6992C5ED-3A0D-4D0C-BBBF-AA3D7DCF84E2} = LPORT=RPC-EPMAP | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28539 | SVC=RPCSS |
{7F4EBDD5-4A59-4F8E-85E4-AB7EB1BB0C2A} = LPORT=RPC | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{89D411A0-D996-412B-8D5E-FA16FD9EE3E8} = RPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-32805 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{9A34FD83-A81F-488F-A539-E7793241DD38} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-32789 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{9CC9FCE3-0D78-4A37-B127-2EE33B69A815} = LPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28503 | APP=SYSTEM |
{AA7C8897-FF31-463D-8337-D4C4B3F2F1D9} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-32809 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{B385B4F2-624B-49AF-8FD6-52F99BF67A56} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-32811 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{D4C1E018-E78A-4E94-B68C-8CF5E52865D1} = LPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28511 | APP=SYSTEM |
{D8EA6F9B-0716-4988-A5C3-0C3BAAFBE6F4} = RPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28531 | APP=SYSTEM |
{E90AA815-AB2A-44E3-B5C2-36BEA46A3ACD} = LPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-32801 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{FB63BE80-7928-469C-ACE6-BA9AD2C22558} = RPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28507 | APP=SYSTEM |

========== Vista Active Application Exception List ==========

{091BD266-7C0F-4CE7-9690-9379908E50AB} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIREWIN4.18.8 | APP=C:\PROGRAM FILES\LIMEWIRE\.NETWORKSHARE\LIMEWIREWIN4.18.8.EXE |
{215A2AD6-AD11-49A1-9E5D-B0AB0D254A00} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-32821 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{2BD79DD8-A36E-4A32-9DD4-C55628B12FB7} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | [email protected],-28545 |
{2C5606DE-7834-4ADB-9432-0C38225B90D9} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{4131AC54-9D6F-406F-BD06-AD6289F36014} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | [email protected],-28544 |
{5601DEF9-DA1D-4853-A9AC-76E8E7BD265E} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=IN | ACTION=ALLOW | [email protected],-28543 |
{65A126E5-70D3-4F63-81E8-16EE05A6CCA2} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES\AIM6\AIM6.EXE |
{6773D983-695E-4D15-89DF-7CA3D195DC58} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MALWAREBYTES' ANTI-MALWARE | APP=C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE |
{85102ED6-36AF-4AE3-BFB7-470559CCC694} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{87483FE9-6342-4732-A63A-4046DFDD3781} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=OUT | ACTION=ALLOW | [email protected],-28546 |
{ADFE8B83-AE4E-41C8-A5F0-74D05200247D} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AOL LOADER | APP=C:\PROGRAM FILES\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{AF573D87-179A-45E4-A5E4-9F0CB5F1B6C0} = DIR=IN | ACTION=ALLOW | NAME=MYSPACEIM | APP=C:\PROGRAM FILES\MYSPACE\IM\MYSPACEIM.EXE |
{B0EB85EF-DB14-40E3-8A5A-29661EF9AAC8} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIREWIN4.18.8 | APP=C:\PROGRAM FILES\LIMEWIRE\.NETWORKSHARE\LIMEWIREWIN4.18.8.EXE |
{B2703649-A39D-4088-B6BF-3327FCFEFD5B} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{B8DF093B-4A22-4826-902E-729B048C991B} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MALWAREBYTES' ANTI-MALWARE | APP=C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE |
{CB0E697A-4A5A-41EE-9A90-2D237D4695EC} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES\AIM6\AIM6.EXE |
{D36DE65B-2B2D-4442-9182-CD2A104C633E} = PROFILE=DOMAIN | DIR=IN | ACTION=ALLOW | NAME=MCAFEE NETWORK AGENT | APP=C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE |
{D9C2F0E7-990F-4F19-B074-C222FC36E6FE} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE 4.12.6 | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
{DC6C8184-9A0E-4333-AA5C-9CF87E91EE79} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE 4.12.6 | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
TCP Query User{322AD807-C24D-411E-9BB5-B7F82F000277}C:\program files\sony pictures games\wheel of fortune\wheel of fortune.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=WHEEL OF FORTUNE | APP=C:\PROGRAM FILES\SONY PICTURES GAMES\WHEEL OF FORTUNE\WHEEL OF FORTUNE.EXE |
TCP Query User{9A7F1776-2A3B-4054-842D-DF556BC6D94B}C:\program files\mozilla firefox\firefox.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
TCP Query User{9AE29C2E-3D17-49BB-96BA-3017DE422865}C:\program files\limewire\limewire.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
TCP Query User{AF3B86B1-430F-4FBF-8F26-55D24A6B5150}C:\program files\myspace\im\myspaceim.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MYSPACE INSTANT MESSENGER | APP=C:\PROGRAM FILES\MYSPACE\IM\MYSPACEIM.EXE |
TCP Query User{BD38C0CF-3F7D-43C1-9D16-6548D5F5E6DF}C:\program files\myspace\im\myspaceim.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MYSPACE INSTANT MESSENGER | APP=C:\PROGRAM FILES\MYSPACE\IM\MYSPACEIM.EXE |
TCP Query User{E9ED1647-2391-4667-ACAC-6EC592D431DD}C:\program files\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{4E657B8C-93D0-438A-95A6-C5B42F63B578}C:\program files\limewire\limewire.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LIMEWIRE | APP=C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE.EXE |
UDP Query User{56C91094-C53B-4DBD-BFAE-630AD2D80C46}C:\program files\mozilla firefox\firefox.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{691A42F1-6BBF-45EA-B700-0224E841E9CC}C:\program files\myspace\im\myspaceim.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MYSPACE INSTANT MESSENGER | APP=C:\PROGRAM FILES\MYSPACE\IM\MYSPACEIM.EXE |
UDP Query User{7799BF1F-9C1E-45BD-B1A5-C9B4BFE11D3A}C:\program files\myspace\im\myspaceim.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MYSPACE INSTANT MESSENGER | APP=C:\PROGRAM FILES\MYSPACE\IM\MYSPACEIM.EXE |
UDP Query User{A0BB3EB4-D361-4341-A09D-C7B430395853}C:\program files\sony pictures games\wheel of fortune\wheel of fortune.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=WHEEL OF FORTUNE | APP=C:\PROGRAM FILES\SONY PICTURES GAMES\WHEEL OF FORTUNE\WHEEL OF FORTUNE.EXE |
UDP Query User{A4996830-67D5-442B-9A81-1F9226516535}C:\program files\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{78006003-D0E7-4031-A89B-C9833B59E6D0}" = PreVisor Simulation Player 2.0d Update
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 3.1" = Acoustica Mixcraft 3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.3 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"DDClip LE_is1" = DDClip LE 3.51
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"eBook to Images_is1" = eBook to Images
"Finale 2009 Demo" = Finale 2009 Demo
"Finale SongWriter 2007" = Finale SongWriter 2007
"FL Studio 8" = FL Studio 8
"GameSpotDownloadManager" = GameSpot Download Manager
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HHD Hex Editor 4.x" = HHD Software Free Hex Editor Neo 4.51
"HTML Password Lock_is1" = HTML Password Lock 4.1
"IL Download Manager" = IL Download Manager
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"JEOPARDY!" = JEOPARDY! (remove only)
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LimeWire" = LimeWire 5.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mixxx" = NSIS Mixxx
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSC" = McAfee SecurityCenter
"Musicnotes Player_is1" = Musicnotes Player V1.23.2 and Viewer
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MySpaceIM" = MySpaceIM
"Native Instruments Traktor DJ Studio 3 Demo" = Native Instruments Traktor DJ Studio 3 Demo
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Editor Plus" = Photo Editor Plus
"PhotoStitch" = Canon Utilities PhotoStitch
"PoiZone" = PoiZone
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"ShareDRMusic_is1" = ShareDRMusic 2.3.1.0
"SmartWhois" = SmartWhois
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Toxic Biohazard" = Toxic Biohazard
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wheel of Fortune" = Wheel of Fortune (remove only)
"Windows Live Toolbar" = Windows Live Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/30/2009 12:07:22 AM | Computer Name = JasonAndBeth-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

[ Media Center Events ]
Error - 10/27/2007 5:42:36 PM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/27/2007 7:42:55 PM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/2/2007 1:50:04 AM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/5/2007 4:56:22 AM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/16/2008 3:46:40 PM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/24/2008 6:39:59 PM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/26/2008 7:22:45 PM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 8:13:16 AM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/7/2008 2:06:19 PM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 2/26/2009 12:52:27 AM | Computer Name = JasonAndBeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 3/4/2008 5:00:38 AM | Computer Name = JasonAndBeth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/1/2009 1:28:02 PM | Computer Name = JasonAndBeth-PC | Source = DCOM | ID = 10005
Description =

Error - 5/1/2009 1:28:02 PM | Computer Name = JasonAndBeth-PC | Source = LSM | ID = 1048
Description =

Error - 5/1/2009 1:28:05 PM | Computer Name = JasonAndBeth-PC | Source = DCOM | ID = 10005
Description =

Error - 5/1/2009 1:28:12 PM | Computer Name = JasonAndBeth-PC | Source = DCOM | ID = 10005
Description =

Error - 5/1/2009 1:28:12 PM | Computer Name = JasonAndBeth-PC | Source = DCOM | ID = 10005
Description =

Error - 5/1/2009 1:28:15 PM | Computer Name = JasonAndBeth-PC | Source = DCOM | ID = 10005
Description =

Error - 5/1/2009 1:28:19 PM | Computer Name = JasonAndBeth-PC | Source = DCOM | ID = 10005
Description =

Error - 5/1/2009 1:28:20 PM | Computer Name = JasonAndBeth-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/1/2009 1:28:20 PM | Computer Name = JasonAndBeth-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/1/2009 1:32:04 PM | Computer Name = JasonAndBeth-PC | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

#8
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
    FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
    FF - prefs.js..keyword.URL: "http://www9.yoog.com/search.php?q="
    FF - user.js..browser.search.selectedEngine: "Yoog Search"
    FF - user.js..keyword.URL: "http://www9.yoog.com/search.php?q="
    [2009/01/14 18:03:08 | 00,000,246 | ---- | M] () -- C:\Users\Jason And Beth\AppData\Roaming\Mozilla\FireFox\Profiles\357jezpm.default\searchplugins\Yoog Search.xml
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

Also please run and post the report from malwarebytes
  • 0

#9
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OK, I will do that tonight as soon as I get back home. Thanks
  • 0

#10
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK :)
  • 0

Advertisements


#11
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OK, today when I got on the unknown user was on my computer again so i'm not sure what to do. The log you requested will follow. It seems like maybe something didnt go right? not sure

Error: Unable to interpret <:OTLIPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...trie7&query="FF - prefs.js..browser.search.selectedEngine: "Yoog Search"FF - prefs.js..keyword.URL: "http://www9.yoog.com...earch.php?q="FF - user.js..browser.search.selectedEngine: "Yoog Search"FF - user.js..keyword.URL: "http://www9.yoog.com.../search.php?q="[2009/01/14 18:03:08 | 00,000,246 | ---- | M] () -- C:\Users\Jason And Beth\AppData\Roaming\Mozilla\FireFox\Profiles\357jezpm.default\searchplugins\Yoog Search.xmlO2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found:Services:Reg:Files:Commands[purity][emptytemp][start explorer][Reboot]> in the current context!

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05032009_200213
  • 0

#12
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I did CTRL print screen so you could see this unknown user thing. It has a red ? beside the little guy icon but you cant see it because i had to hover over it to get the full thing. I am uploading it as an attachment. THIS is why I WILL NOT put the computer online... I see this kind of thing keep popping up on here and I'm like what the heck! I can't wait to beat this thing. I dont know why people think its funny to do this stuff... there are even videos on youtube that are telling people how to make these viruses... youd think youtube would stop it... especially since they remove stuff for copyright infringement.. grrrr.


unknown_user_acct.jpg
  • 0

#13
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OK, I ran malwarebytes just now and it is saying that there is nothing at all detected... that just doesnt explain why this unknown user is on my pc... there is obviously something up with it still....
  • 0

#14
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I didn't know it and my husband wrote down the name of the trojan that was on mcafee when this all first started, if that helps anything. it was NTOSKRNL-HOOK.
  • 0

#15
BethErin

BethErin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am running Malwarebytes' Anti-Malware now and will post the log as soon as get it. It said there were NO infections last night and today it has found 4 so far... weird?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP