Hello and I need help

View previous topic View next topic Go down

Hello and I need help

Post by sweetpea_771 on 14th April 2010, 7:27 pm

Hello everyone and I need some help with my computer I have a security program on it that I did not want and I can't find it in my program list. It has taken over my computer and given me a virus and would like to remove it. thanks to anyone that can help. I can't get into any programs when I am signed in as the main user.

sweetpea_771
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-14
Gender Gender : Female
OS OS : Vista
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hello and I need help

Post by Belahzur on 15th April 2010, 2:58 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

otl.txt file

Post by sweetpea_771 on 15th April 2010, 8:46 pm

OTL logfile created on: 4/15/2010 1:38:44 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Lance\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.29 Gb Total Space | 85.82 Gb Free Space | 61.61% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 0.01 Gb Free Space | 0.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LYNN-PC
Current User Name: Lynn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/15 13:32:16 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Lance\Desktop\OTL.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/05 13:14:00 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/02/22 03:25:20 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006/11/16 16:04:58 | 002,348,584 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/09/25 17:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1177957379\ee\aolsoftware.exe


========== Modules (SafeList) ==========

MOD - [2010/04/15 13:32:16 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Lance\Desktop\OTL.exe
MOD - [2008/11/26 21:35:06 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/01/19 00:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/05 13:14:00 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/15 14:49:26 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2007/04/11 09:23:32 | 000,035,328 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/03/12 18:49:30 | 000,354,816 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2007/01/26 01:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/01/02 17:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/28 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/17 15:22:02 | 000,181,176 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 13:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =



IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\10.0.357.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/03/26 14:14:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/03/26 14:14:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/05 14:15:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/11/28 12:12:05 | 000,022,664 | ---- | M] (mozilla.org)

[2010/04/10 11:21:34 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions
[2010/04/15 13:20:29 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\o0fpjvvp.default\extensions
[2010/03/26 15:05:06 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\o0fpjvvp.default\extensions\DefaultManager@Microsoft
[2009/09/02 10:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/31 20:08:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/11/28 12:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/11/28 12:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/11/28 12:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/11/28 12:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/11/28 12:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll File not found
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe (BigFix Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177957379\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000..\Run: [55668535] C:\ProgramData\55668535\55668535.exe ()
O4 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3777651122-2117734261-3338017706-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} More: [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.126.133.1 64.126.155.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 20:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TikGames
[2010/04/12 14:16:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/12 13:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\55668535
[2010/04/12 13:15:33 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/30 22:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Online Entertainment
[2010/03/30 21:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Beanbag Studios
[2010/03/30 20:24:59 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Gamelab
[2010/03/30 19:20:26 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Documents\Hunting Unlimited 2008
[2010/03/30 18:38:01 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Shape games
[2010/03/30 13:57:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/30 13:57:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/30 13:57:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/30 13:57:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/30 13:57:51 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/30 13:57:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/30 13:57:50 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/30 13:57:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/30 13:57:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/30 13:57:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/30 13:57:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/30 13:57:47 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/30 13:57:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/30 13:57:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/30 13:57:46 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/30 13:43:23 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/30 13:43:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/30 13:43:22 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/03/30 13:43:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/03/30 13:43:20 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/03/30 13:43:19 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/30 13:43:19 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/30 13:43:19 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/03/30 13:43:17 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/03/30 13:43:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/03/30 13:43:16 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/30 13:43:16 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/03/30 13:43:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/30 13:43:16 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/03/30 13:43:15 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/03/30 13:43:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/30 13:43:13 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/30 13:43:13 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/30 13:43:13 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/03/30 13:43:10 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/03/30 13:43:10 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/30 13:43:10 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/03/30 13:43:09 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/03/30 13:43:09 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/03/30 13:43:09 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/03/30 13:43:09 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/03/30 13:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/30 13:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/03/30 13:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/03/30 13:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/03/26 21:49:56 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Mind Control Software
[2010/03/26 20:33:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Gold Casual Games
[2010/03/26 19:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Operation Mania
[2010/03/26 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Pogo Games
[2010/03/26 15:40:32 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\SaveThePuppy
[2010/03/26 15:09:35 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Documents\Hasbro
[2010/03/26 14:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/03/26 14:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/03/26 14:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/03/25 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\DivoGames
[2010/03/25 10:36:46 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\QB9
[2010/03/25 09:34:17 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Braintonik
[2010/03/25 09:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Braintonik
[2010/03/20 19:57:40 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Frogwares
[2010/03/20 18:56:36 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Merscom
[2010/03/20 18:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Merscom
[2010/03/20 17:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2010/03/20 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\BigFishv1002
[2010/03/20 11:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alice in Wonderland
[2010/03/20 11:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/15 13:36:13 | 004,718,592 | -HS- | M] () -- C:\Users\Lynn\ntuser.dat
[2010/04/15 13:25:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 13:23:24 | 001,733,670 | -H-- | M] () -- C:\Users\Lynn\AppData\Local\IconCache.db
[2010/04/15 13:22:41 | 000,000,632 | RHS- | M] () -- C:\Users\Lynn\ntuser.pol
[2010/04/15 13:21:28 | 000,000,658 | ---- | M] () -- C:\Users\Lynn\Desktop\Security Tool.lnk
[2010/04/15 13:04:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/15 12:52:01 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2010/04/15 12:38:18 | 000,005,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/15 12:38:18 | 000,005,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/15 10:45:13 | 000,524,288 | -HS- | M] () -- C:\Users\Lynn\ntuser.dat{4c1aaf9b-0704-11dd-96a1-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/04/15 10:45:13 | 000,065,536 | -HS- | M] () -- C:\Users\Lynn\ntuser.dat{4c1aaf9b-0704-11dd-96a1-00038a000015}.TM.blf
[2010/04/15 10:44:37 | 000,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/15 10:44:37 | 000,642,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/15 10:44:37 | 000,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/15 10:38:24 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/15 10:38:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/15 10:38:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/12 19:59:42 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/04/12 19:51:34 | 000,379,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/12 16:08:20 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010/04/12 16:08:12 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010/04/10 11:23:18 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/04/10 11:09:56 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/04/10 11:09:56 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/03/30 13:30:40 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/30 13:17:06 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/03/28 17:42:48 | 000,001,699 | ---- | M] () -- C:\Users\Lynn\Desktop\Backup and Restore Center.lnk
[2010/03/28 17:41:13 | 000,002,637 | ---- | M] () -- C:\Users\Lynn\Desktop\Rhapsody Play Music Free.lnk
[2010/03/20 11:07:38 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/12 15:05:25 | 000,000,658 | ---- | C] () -- C:\Users\Lynn\Desktop\Security Tool.lnk
[2010/04/10 11:23:18 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/03/30 13:50:09 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/03/30 13:30:40 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/30 13:17:06 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/03/30 13:12:02 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/03/30 13:12:02 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/03/28 17:42:48 | 000,001,699 | ---- | C] () -- C:\Users\Lynn\Desktop\Backup and Restore Center.lnk
[2010/03/20 11:07:38 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 19:40:19 | 000,010,240 | ---- | C] () -- C:\Users\Lynn\Certified Letter to Nathaniel Cook pontiac car.wps
[2008/12/08 15:07:00 | 001,048,576 | -HS- | C] () -- C:\Users\Lynn\ntuser.dat{4c1aaf9a-0704-11dd-96a1-00038a000015}.TxR.2.regtrans-ms
[2008/12/08 15:07:00 | 001,048,576 | -HS- | C] () -- C:\Users\Lynn\ntuser.dat{4c1aaf9a-0704-11dd-96a1-00038a000015}.TxR.1.regtrans-ms
[2008/12/08 15:07:00 | 001,048,576 | -HS- | C] () -- C:\Users\Lynn\ntuser.dat{4c1aaf9a-0704-11dd-96a1-00038a000015}.TxR.0.regtrans-ms
[2008/12/08 15:06:59 | 000,065,536 | -HS- | C] () -- C:\Users\Lynn\ntuser.dat{4c1aaf9a-0704-11dd-96a1-00038a000015}.TxR.blf
[2008/11/26 08:07:08 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2008/04/10 06:45:59 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\ntuser.dat{4c1aaf9b-0704-11dd-96a1-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2008/04/10 06:45:59 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\ntuser.dat{4c1aaf9b-0704-11dd-96a1-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2008/04/10 06:45:59 | 000,065,536 | -HS- | C] () -- C:\Users\Lynn\ntuser.dat{4c1aaf9b-0704-11dd-96a1-00038a000015}.TM.blf
[2008/03/31 12:51:04 | 001,138,161 | ---- | C] () -- C:\Users\Lynn\PlanTemp.potx
[2008/03/31 12:50:38 | 001,885,373 | ---- | C] () -- C:\Users\Lynn\Sales.pptx
[2008/02/03 18:59:59 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2008/01/25 18:10:05 | 000,000,115 | ---- | C] () -- C:\Users\Lynn\AppData\Local\DownloadLog.txt
[2007/12/31 17:46:52 | 000,007,680 | ---- | C] () -- C:\Users\Lynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/25 18:40:27 | 000,000,680 | ---- | C] () -- C:\Users\Lynn\AppData\Local\d3d9caps.dat
[2007/11/27 18:52:49 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{bb2bd1d8-9d49-11dc-b8ae-00032544e778}.TMContainer00000000000000000002.regtrans-ms
[2007/11/27 18:52:49 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{bb2bd1d8-9d49-11dc-b8ae-00032544e778}.TMContainer00000000000000000001.regtrans-ms
[2007/11/27 18:52:49 | 000,065,536 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{bb2bd1d8-9d49-11dc-b8ae-00032544e778}.TM.blf
[2007/11/27 17:38:51 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{1a377d24-9d39-11dc-9069-00032544e778}.TMContainer00000000000000000002.regtrans-ms
[2007/11/27 17:38:50 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{1a377d24-9d39-11dc-9069-00032544e778}.TMContainer00000000000000000001.regtrans-ms
[2007/11/27 17:38:50 | 000,065,536 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{1a377d24-9d39-11dc-9069-00032544e778}.TM.blf
[2007/11/25 19:23:50 | 000,000,632 | RHS- | C] () -- C:\Users\Lynn\ntuser.pol
[2007/11/25 19:23:47 | 000,000,020 | -HS- | C] () -- C:\Users\Lynn\ntuser.ini
[2007/11/25 18:55:25 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/11/25 18:55:24 | 004,718,592 | -HS- | C] () -- C:\Users\Lynn\ntuser.dat
[2007/11/25 18:55:24 | 003,145,728 | -HS- | C] () -- C:\Users\Lynn\ntuser.dat_previous
[2007/11/25 18:55:24 | 000,524,288 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/11/25 18:55:24 | 000,262,144 | -H-- | C] () -- C:\Users\Lynn\ntuser.dat.LOG2
[2007/11/25 18:55:24 | 000,262,144 | -H-- | C] () -- C:\Users\Lynn\ntuser.dat.LOG1
[2007/11/25 18:55:24 | 000,065,536 | -HS- | C] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/11/25 18:38:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/11/25 18:38:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/05/01 16:32:39 | 000,026,340 | ---- | C] () -- C:\Users\Lynn\AppData\Roaming\UserTile.png
[2007/04/30 13:41:32 | 000,006,806 | ---- | C] () -- C:\Users\Lynn\AppData\Roaming\wklnhst.dat
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997/11/10 12:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:066DBD0D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5AF0DC60
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CDCEE6BF
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C43BFB01
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:803039D6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A00BCDEF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:522EA216
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BED8A204
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8776F88E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:067F588D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D1713795
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:12C32D25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CC4C59B4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3F2212BB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F9283DA1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:F21A3A5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:0A6D6CB4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2CFBE2D1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D4607CB4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:EFCCC46E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:6AF6F459
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0459F5AC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:05113FB9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:404390E0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:FA7CDE12
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:38B32B54
< End of report >

sweetpea_771
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-14
Gender Gender : Female
OS OS : Vista
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

extras.txt file

Post by sweetpea_771 on 15th April 2010, 8:47 pm

OTL Extras logfile created on: 4/15/2010 1:38:44 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Lance\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.29 Gb Total Space | 85.82 Gb Free Space | 61.61% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 0.01 Gb Free Space | 0.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LYNN-PC
Current User Name: Lynn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF18384-E6F4-4B41-B91A-A024943B9616}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{91513C9D-4AC2-4782-A043-AC2FDBD511C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9E1DC02-7853-4B8C-892C-1A376F898CCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0168643A-62B5-4478-8ADE-F434D487D44A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1177957379\ee\aolsoftware.exe |
"{059619D9-3359-4BEB-81CC-E6E7E8609097}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{104E291B-2023-4756-9E72-80444C13DB89}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{229FFC42-FA0D-451D-BC25-8A8E480DE85D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{3DF275EB-1544-4E49-9E83-F644695B1289}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{3F184A7A-59B5-4EAE-9A1F-EFB25964ED5A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{58C8B34D-8FF7-42BD-B60B-D861063F1E1B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{70F2B725-10C6-429F-8696-480D39D0932C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7481463B-F26F-4A30-9AC0-4716F21B42E4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7B1B2E61-2FE3-4C64-90A1-620086177325}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7BBC8930-CC8B-4989-A7F7-D833C64E416A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{7D8ABB3E-6230-422C-8939-CDC59C68DBBD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{7EBE6156-5B15-4DD0-9358-B090A484CEF4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{92B7C791-97C2-4A39-ABA3-A6CFCEB3F559}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{A1527C76-2B4C-4ADE-869E-EC1E1CEAACA5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{AC20C47B-3618-4EC6-9AC6-1F93D8A58C24}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{C3794864-0311-4F29-AC75-E830DF9952E0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C5D225E8-E33D-4F40-9171-7CBE0A75477A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{CD0C7568-B913-4DB9-BF60-FD65A1F06557}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D3F31D43-256B-4326-99F7-7B4FD644C66E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{D87ED869-5D4A-459C-A230-E8C8E737ACCB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1177957379\ee\aolsoftware.exe |
"TCP Query User{65ABDD1E-D703-48CE-950D-CD35A1293A23}C:\my games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\my games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{9264C2EA-ACEF-4FF9-9420-59EFE8B82BC9}C:\my games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\my games\wheel of fortune\wheel of fortune.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0002E558-0ECD-A936-10A5-1B729DA43556}" = CCC Help Swedish
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DB429C-A7FD-A497-AB63-474312DA319A}" = CCC Help Hungarian
"{0EB2E325-0E93-E290-0050-2C7DD347F1C8}" = Catalyst Control Center Localization Swedish
"{0F3841EE-E95D-A803-BEAD-BCEF7599E9E4}" = Catalyst Control Center Localization Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1949C64B-A7B5-DEBF-77E2-1BDB7F2680AF}" = CCC Help Turkish
"{22B2E56B-3890-BE26-3A74-B7826095AEF4}" = Catalyst Control Center Localization Polish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25E7798D-2B75-10A0-EBDD-6C190984F63E}" = Catalyst Control Center Localization French
"{27F0AAD2-0C7D-7C60-7B2B-03591B325373}" = Catalyst Control Center Localization Italian
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{322206DC-9408-F212-D620-A8FB2036B2FB}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{360DF404-E2A5-C0FC-8408-F2205F8F93F0}" = Catalyst Control Center Localization Turkish
"{3935969C-E8AC-0352-CE71-1ABDA33934ED}" = Catalyst Control Center Localization Hungarian
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{46CE3A3E-ADE9-0C32-88DF-9F591BC51418}" = Catalyst Control Center Localization Spanish
"{495BA862-D59D-4676-C759-57269564E61E}" = CCC Help Japanese
"{49879A92-C58E-1519-0173-33DBC905264B}" = Catalyst Control Center Localization Danish
"{4DE0B33E-019A-CDBA-C2D1-C66F8598EF15}" = ccc-core-static
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C16BD0-9FFD-C784-A00B-91033B395CCD}" = CCC Help Chinese Standard
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{547962FC-1693-51BD-AE67-4A5624F248D7}" = Catalyst Control Center Localization Portuguese
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A30E7D9-5931-2E3B-24A5-1C61A8A32BEA}" = CCC Help Chinese Traditional
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63AD467C-DD3C-6F83-BEAA-3AECD0A9ADE1}" = CCC Help Spanish
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64FB04DB-0D65-379A-25AF-2364DD4CC808}" = CCC Help Thai
"{658F96CA-2453-4BF0-092E-940DA7B17771}" = Catalyst Control Center Localization Korean
"{65A3266C-E2B2-0516-6BD9-9646848582B6}" = CCC Help Finnish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8E9408-AD5B-949A-BDAB-5E4CFB87F2D7}" = ccc-utility
"{6E7913EF-6D6F-CC09-F938-F90529786DD9}" = Catalyst Control Center Localization Chinese Traditional
"{759601D2-35EC-F152-9F50-83D340AB103F}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{778C1AE0-219C-9B6F-CA78-DA141B923863}" = Catalyst Control Center Graphics Full New
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{83C4AB8A-532A-ED1A-E09A-F4AD42116482}" = Catalyst Control Center Graphics Full Existing
"{878C05F8-97C4-0F5E-0C3F-0E61E4B3D217}" = CCC Help Greek
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A9B0682-04CE-DBF8-BC78-CB22F05D8C66}" = CCC Help French
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{938DB600-40A0-B699-5B42-DC9D61AB7BB4}" = CCC Help Korean
"{9426CB58-993A-79FF-55F3-98848521EBC5}" = Catalyst Control Center Localization Finnish
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0971531-1B42-06E0-8ECC-8EE08C0459D0}" = CCC Help Norwegian
"{A133AB8B-A1F6-78E8-E328-45A76A0468AE}" = Catalyst Control Center Localization Thai
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3A60756-C33D-27DB-B02E-76429268C190}" = Catalyst Control Center Localization Greek
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E38E54-26D5-90C6-B90B-466F152018A7}" = CCC Help Portuguese
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A70B3041-50D7-005A-4FF3-36E93F6AB694}" = Catalyst Control Center Core Implementation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AF6D6F8A-CAA7-8222-14BC-0B22DDFADF1E}" = Catalyst Control Center Localization Chinese Standard
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAF474E1-48BA-398A-07BE-ABB3C990E78B}" = Catalyst Control Center Localization Czech
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C553BA7A-425C-2714-4501-6B6CB5A6B827}" = CCC Help Czech
"{CAC37C33-B7E6-46F2-6417-CE35D9A67139}" = Skins
"{CBFF2367-B391-5C21-B52B-AA3865E4EC91}" = Catalyst Control Center Localization Japanese
"{CD97508D-5478-A687-9DBE-7CB9BF9D470B}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4E9BCD-0F71-581D-07B0-E1BF99D0369D}" = CCC Help English
"{CE706D4B-0F0D-E88D-6D3F-511E1F95EF98}" = Catalyst Control Center Graphics Light
"{D1B6D42E-5616-BD1B-5819-EC933F93FBB7}" = CCC Help Polish
"{D4BD3E17-1948-3F83-A0EC-1672C0A7A7F7}" = Catalyst Control Center Localization Norwegian
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DF19E545-6D54-1C97-A2CB-E9999C60AC93}" = CCC Help Dutch
"{E425773B-79C4-598E-E898-A8162D9A262A}" = Catalyst Control Center Localization Dutch
"{EB4000D9-3766-971E-E337-89706683D7D2}" = CCC Help Danish
"{EC481AEA-EEA3-1AD7-76F3-4A97E875CC3E}" = Catalyst Control Center Localization German
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FF515342-20EE-3F8B-D1FA-DD605BE90FAF}" = Catalyst Control Center Graphics Previews Vista
"{FFC7BA3F-3B0E-4BD8-B638-8547F4E841C0}" = Nickelodeon Toon Twister 3-D
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Uninstaller" = ATI Uninstaller
"BFGC" = Big Fish Games: Game Manager
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Desktop" = Google Desktop
"ieSpell" = ieSpell
"InterActual Player" = InterActual Player
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (2.0.0.11)" = Mozilla Firefox (2.0.0.11)
"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville (remove only)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"PROR" = Microsoft Office Professional 2007 Trial
"RealArcade 1.2" = RealArcade
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Scholastic Phonics Booster Books" = Scholastic Phonics Booster Books
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"Weather Services" = Weather Services
"WildTangent gateway Master Uninstall" = Gateway Games
"Windows Live Toolbar" = Windows Live Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3777651122-2117734261-3338017706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2010 1:04:14 PM | Computer Name = Lynn-PC | Source = Google Update | ID = 20
Description =

Error - 4/15/2010 2:04:07 PM | Computer Name = Lynn-PC | Source = Google Update | ID = 20
Description =

Error - 4/15/2010 2:15:13 PM | Computer Name = Lynn-PC | Source = System Restore | ID = 8199
Description =

Error - 4/15/2010 3:04:06 PM | Computer Name = Lynn-PC | Source = Google Update | ID = 20
Description =

Error - 4/15/2010 3:04:42 PM | Computer Name = Lynn-PC | Source = Application Error | ID = 1000
Description = Faulting application aolsoftware.exe, version 1.5.6.1, time stamp
0x451879bc, faulting module wpclsp.dll_unloaded, version 0.0.0.0, time stamp 0x4791a786,
exception code 0xc0000005, fault offset 0x752b2df5, process id 0xe10, application
start time 0x01cadcc29254e52c.

Error - 4/15/2010 3:22:06 PM | Computer Name = Lynn-PC | Source = System Restore | ID = 8193
Description =

Error - 4/15/2010 4:20:09 PM | Computer Name = Lynn-PC | Source = ESENT | ID = 215
Description = WinMail (5528) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 4/15/2010 4:20:44 PM | Computer Name = Lynn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/15/2010 4:23:25 PM | Computer Name = Lynn-PC | Source = EventSystem | ID = 4622
Description =

Error - 4/15/2010 4:23:25 PM | Computer Name = Lynn-PC | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 10/15/2007 9:46:18 PM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/17/2007 9:46:23 PM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/23/2007 6:30:31 PM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/23/2007 7:48:07 PM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/28/2007 7:40:34 PM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/19/2007 2:50:03 AM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/21/2007 10:51:51 PM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/15/2008 7:55:52 PM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/31/2008 10:19:55 PM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 1/2/2009 9:51:50 PM | Computer Name = Lynn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 12/31/2007 4:09:41 PM | Computer Name = Lynn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 179
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/19/2008 12:15:06 PM | Computer Name = Lynn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6021.5000. This session lasted 2825
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 5/20/2008 1:16:02 AM | Computer Name = Lynn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6021.5000. This session lasted 341
seconds with 120 seconds of active time. This session ended with a crash.

Error - 5/20/2008 1:28:57 AM | Computer Name = Lynn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6021.5000. This session lasted 252
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/14/2010 8:41:38 PM | Computer Name = Lynn-PC | Source = DCOM | ID = 10016
Description =

Error - 4/15/2010 1:38:22 PM | Computer Name = Lynn-PC | Source = HTTP | ID = 15016
Description =

Error - 4/15/2010 1:39:44 PM | Computer Name = Lynn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/15/2010 1:39:44 PM | Computer Name = Lynn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/15/2010 3:04:26 PM | Computer Name = Lynn-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 00C0A8DD9C99 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/15/2010 3:05:29 PM | Computer Name = Lynn-PC | Source = DCOM | ID = 10016
Description =

Error - 4/15/2010 3:05:59 PM | Computer Name = Lynn-PC | Source = DCOM | ID = 10016
Description =

Error - 4/15/2010 3:07:57 PM | Computer Name = Lynn-PC | Source = DCOM | ID = 10016
Description =

Error - 4/15/2010 4:21:46 PM | Computer Name = Lynn-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description =

Error - 4/15/2010 4:21:53 PM | Computer Name = Lynn-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description =


< End of report >

sweetpea_771
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-14
Gender Gender : Female
OS OS : Vista
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hello and I need help

Post by Belahzur on 16th April 2010, 8:33 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hello and I need help

Post by sweetpea_771 on 17th April 2010, 12:13 am

Thanks so much that seemed to work so far. Thank You!

sweetpea_771
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-14
Gender Gender : Female
OS OS : Vista
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hello and I need help

Post by Belahzur on 17th April 2010, 12:34 pm

Please post the MBAM log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

MBAM Log

Post by sweetpea_771 on 17th April 2010, 4:03 pm

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3999

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

4/16/2010 4:51:08 PM
mbam-log-2010-04-16 (16-51-08).txt

Scan type: Quick scan
Objects scanned: 128965
Time elapsed: 23 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 54
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{4a3d609a-43b8-4406-b793-84f244246325} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\timesink, inc. (AdWare.TimeSink) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\webinst.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\55668535 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\55668535 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\ProgramData\96274937 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\Error Safe Free (Rogue.Errorsafe) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\Error Safe Free\Logs (Rogue.Errorsafe) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\WeatherDPA\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\WeatherDPA\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\WeatherDPA\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\55668535\55668535.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\Error Safe Free\Logs\update.log (Rogue.Errorsafe) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\WeatherDPA\Weather\log.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Lynn\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

sweetpea_771
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-14
Gender Gender : Female
OS OS : Vista
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hello and I need help

Post by Belahzur on 17th April 2010, 7:15 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

combofix.txt

Post by sweetpea_771 on 18th April 2010, 9:27 pm

ComboFix 10-04-17.07 - Lynn 04/18/2010 13:50:36.1.2 - x86
Running from: c:\users\Lynn\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3777651122-2117734261-3338017706-1002
c:\$recycle.bin\S-1-5-21-3777651122-2117734261-3338017706-500
c:\program files\Mozilla Firefox\components\npclntax.xpt
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 21:08 . 2010-04-18 21:08 -------- d-----w- c:\users\Reggie\AppData\Local\temp
2010-04-18 21:08 . 2010-04-18 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-18 21:08 . 2010-04-18 21:08 -------- d-----w- c:\users\Lance\AppData\Local\temp
2010-04-18 01:21 . 2010-04-18 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-18 01:02 . 2010-04-18 01:02 -------- d-----w- c:\programdata\GameHouse
2010-04-18 00:22 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-04-17 21:06 . 2010-04-17 21:06 -------- d-----w- c:\users\Reggie\AppData\Roaming\WildTangentv1001
2010-04-17 18:47 . 2010-04-17 18:47 -------- d-----w- c:\users\Reggie\AppData\Roaming\PlayFirst
2010-04-17 15:37 . 2010-04-17 15:37 -------- d-----w- c:\users\Lance\AppData\Roaming\Malwarebytes
2010-04-17 02:47 . 2010-04-17 02:47 -------- d-----w- c:\users\Reggie\AppData\Roaming\Malwarebytes
2010-04-17 01:53 . 2010-04-17 01:53 -------- d-----w- c:\programdata\WildTangentv1005
2010-04-17 00:58 . 2010-04-17 00:58 -------- d-----w- c:\users\Lynn\AppData\Roaming\FlowPlay
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\users\Lynn\AppData\Roaming\Malwarebytes
2010-04-16 23:24 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\programdata\Malwarebytes
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 23:24 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 00:15 . 2010-04-16 00:15 -------- d-----w- c:\program files\Sony Online Entertainment
2010-04-15 19:32 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 19:32 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 19:32 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 19:32 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-04-15 19:32 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-04-15 19:31 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 19:31 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 19:31 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 19:31 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 19:31 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 19:31 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 19:30 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2010-04-15 19:30 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2010-04-15 19:30 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2010-04-15 19:30 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-15 19:30 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2010-04-15 19:30 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2010-04-15 19:30 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-04-15 19:30 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2010-04-15 19:30 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2010-04-15 19:30 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-04-15 19:30 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2010-04-15 19:30 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2010-04-15 19:21 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 19:20 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 18:28 . 2010-04-15 18:28 -------- d-----w- c:\users\Lance\AppData\Local\Microsoft Games
2010-04-15 17:32 . 2010-04-15 17:32 -------- d-----w- c:\users\Lance\AppData\Roaming\WildTangent
2010-04-15 17:12 . 2010-04-15 17:12 -------- d-----w- c:\users\Lance\AppData\Roaming\SampleView
2010-04-15 15:54 . 2010-04-15 15:54 102424 ----a-w- c:\users\Lance\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-13 03:49 . 2010-04-13 03:49 -------- d-----w- c:\users\Reggie\AppData\Roaming\TikGames
2010-04-13 03:49 . 2010-04-13 03:49 -------- d-----w- c:\programdata\TikGames
2010-04-12 23:14 . 2010-04-12 23:20 -------- d-----w- c:\users\Reggie\AppData\Roaming\Template
2010-03-31 05:29 . 2010-03-31 05:29 -------- d-----w- c:\programdata\Sony Online Entertainment
2010-03-31 04:12 . 2010-03-31 04:12 -------- d-----w- c:\programdata\Beanbag Studios
2010-03-31 03:24 . 2010-03-31 03:24 -------- d-----w- c:\users\Lynn\AppData\Roaming\Gamelab
2010-03-31 01:38 . 2010-03-31 01:38 -------- d-----w- c:\users\Lynn\AppData\Roaming\Shape games
2010-03-30 20:15 . 2010-03-30 20:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-30 20:12 . 2010-03-30 20:12 -------- d-----w- c:\programdata\McAfee Security Scan
2010-03-30 20:12 . 2010-04-10 18:09 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-30 20:10 . 2010-03-31 01:32 -------- d-----w- c:\programdata\NOS
2010-03-27 04:49 . 2010-03-28 21:39 -------- d-----w- c:\users\Lynn\AppData\Roaming\Mind Control Software
2010-03-27 03:33 . 2010-03-27 03:33 -------- d-----w- c:\users\Lynn\AppData\Roaming\Gold Casual Games
2010-03-27 02:56 . 2010-03-27 02:56 -------- d-----w- c:\programdata\Operation Mania
2010-03-27 02:56 . 2010-03-27 02:56 -------- d-----w- c:\users\Lynn\AppData\Roaming\Pogo Games
2010-03-26 22:40 . 2010-03-26 22:40 -------- d-----w- c:\users\Lynn\AppData\Roaming\SaveThePuppy
2010-03-26 21:14 . 2010-03-26 21:14 -------- d-----w- c:\program files\Microsoft
2010-03-26 21:14 . 2010-03-26 21:14 -------- d-----w- c:\program files\MSN Toolbar
2010-03-26 21:07 . 2010-03-26 21:15 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-03-25 18:40 . 2010-03-25 18:40 -------- d-----w- c:\users\Lynn\AppData\Roaming\DivoGames
2010-03-25 17:36 . 2010-03-25 17:36 -------- d-----w- c:\users\Lynn\AppData\Roaming\QB9
2010-03-25 16:34 . 2010-03-25 16:34 -------- d-----w- c:\users\Lynn\AppData\Roaming\Braintonik
2010-03-25 16:34 . 2010-03-25 16:34 -------- d-----w- c:\programdata\Braintonik
2010-03-21 02:57 . 2010-03-21 02:57 -------- d-----w- c:\users\Lynn\AppData\Roaming\Frogwares
2010-03-21 01:56 . 2010-03-21 01:56 -------- d-----w- c:\users\Lynn\AppData\Roaming\Merscom
2010-03-21 01:56 . 2010-03-21 01:56 -------- d-----w- c:\programdata\Merscom
2010-03-21 00:55 . 2010-03-21 00:55 -------- d-----w- c:\programdata\Big Fish Games
2010-03-20 20:39 . 2010-03-20 20:39 -------- d-----w- c:\users\Lynn\AppData\Roaming\BigFishv1002
2010-03-20 18:26 . 2010-03-21 02:57 -------- d-----w- c:\program files\Alice in Wonderland
2010-03-20 18:01 . 2010-03-20 18:01 -------- d-----w- c:\programdata\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 01:30 . 2007-03-17 00:33 -------- d-----w- c:\program files\Gateway Games
2010-04-17 18:53 . 2007-03-17 00:33 -------- d-----w- c:\programdata\WildTangent
2010-04-17 18:47 . 2007-09-10 22:16 -------- d-----w- c:\programdata\PlayFirst
2010-04-16 14:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 14:55 . 2007-03-17 00:41 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 17:42 . 2008-03-12 02:36 -------- d-----w- c:\program files\Intermix_media
2010-04-15 15:53 . 2007-05-19 21:51 -------- d-----w- c:\program files\Common Files\Sandlot Shared
2010-04-15 15:52 . 2007-04-30 18:23 -------- d-----w- c:\program files\Common Files\AOL
2010-04-13 05:25 . 2007-05-04 01:43 -------- d-----w- c:\program files\AOL 9.0a
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-13 00:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-13 00:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-12 23:28 . 2008-01-01 20:00 -------- d-----w- c:\program files\Norton Security Scan
2010-04-12 23:14 . 2010-04-12 23:14 0 ----a-w- c:\users\Reggie\AppData\Roaming\wklnhst.dat
2010-04-12 23:08 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-12 23:08 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-12 22:56 . 2007-06-09 04:12 -------- d-----w- c:\program files\ArcSoft
2010-04-12 22:56 . 2007-03-17 00:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 17:51 . 2007-04-30 22:31 -------- d-----w- c:\users\Lynn\AppData\Roaming\PlayFirst
2010-03-31 20:32 . 2007-11-11 03:27 -------- d-----w- c:\program files\Nick Arcade
2010-03-30 20:29 . 2008-03-08 23:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-30 20:12 . 2007-03-17 00:50 -------- d-----w- c:\programdata\McAfee
2010-03-26 23:41 . 2008-05-30 15:21 -------- d-----w- c:\users\Lynn\AppData\Roaming\Flood Light Games
2010-03-26 23:41 . 2008-05-30 15:21 -------- d-----w- c:\programdata\Flood Light Games
2010-03-21 00:55 . 2010-03-13 23:50 -------- d-----w- c:\users\Lynn\AppData\Roaming\Big Fish Games
2010-03-20 18:07 . 2007-09-05 01:13 -------- d-----w- c:\program files\bfgclient
2010-03-12 15:53 . 2009-12-05 02:33 102424 ----a-w- c:\users\Reggie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 00:34 . 2007-04-30 20:41 6806 ----a-w- c:\users\Lynn\AppData\Roaming\wklnhst.dat
2010-02-28 23:15 . 2007-11-26 02:26 102424 ----a-w- c:\users\Lynn\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-28 21:06 . 2007-03-17 00:44 -------- d-----w- c:\program files\Microsoft Works
2010-02-24 17:16 . 2009-12-07 21:35 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-30 20:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 20:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-30 20:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-30 20:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-12 21:37 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-12 21:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-12 21:37 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-25 12:48 . 2010-02-24 19:09 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-24 19:09 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-24 19:09 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-24 19:09 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-24 19:09 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-24 19:09 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 19:09 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-24 19:09 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-24 19:09 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 19:11 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-05 20:14 . 2009-12-05 20:14 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-28 19:12 . 2008-01-01 03:08 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2008-01-01 03:08 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2008-01-01 03:08 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2008-01-01 03:08 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2008-01-01 03:08 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]
"HostManager"="c:\program files\Common Files\AOL\1177957379\ee\AOLSoftware.exe" [2006-09-26 50736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-09-21 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-05 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-13 354816]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 01:00]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 01:00]

2010-03-12 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-20 05:42]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [You must be registered and logged in to see this link.] files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\o0fpjvvp.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
AddRemove-WT026901 - c:\program files\Gateway Games\G.H.O.S.T. Hunters



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-18 14:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-04-18 14:18:44
ComboFix-quarantined-files.txt 2010-04-18 21:18

Pre-Run: 88,410,628,096 bytes free
Post-Run: 88,851,337,216 bytes free

- - End Of File - - 61AB8AFE23716D89BDC9ED70EA1F6F4C

sweetpea_771
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-14
Gender Gender : Female
OS OS : Vista
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hello and I need help

Post by Belahzur on 18th April 2010, 10:27 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyOverride =

    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hello and I need help

Post by sweetpea_771 on 21st April 2010, 6:49 pm

ComboFix 10-04-17.07 - Lynn 04/21/2010 11:13:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.957.320 [GMT -7:00]
Running from: c:\users\Lynn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lynn\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 18:30 . 2010-04-21 18:30 -------- d-----w- c:\users\Reggie\AppData\Local\temp
2010-04-21 18:30 . 2010-04-21 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-21 18:30 . 2010-04-21 18:30 -------- d-----w- c:\users\Lance\AppData\Local\temp
2010-04-21 18:30 . 2010-04-21 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-21 02:31 . 2010-04-21 02:31 -------- d-----w- c:\users\Lynn\AppData\Local\Midnight Synergy
2010-04-21 02:28 . 2010-04-21 02:29 -------- d-----w- c:\program files\Wonderland Adventures - Mysteries of Fire Island
2010-04-21 02:21 . 2010-04-21 02:21 -------- d-----w- c:\program files\Wonderland Secret Worlds
2010-04-21 02:08 . 2010-04-21 02:09 -------- d-----w- c:\program files\Hidden Wonders of the Depths 3 - Atlantis Adventures
2010-04-19 17:10 . 2010-04-19 17:10 -------- d-----w- c:\users\Lynn\AppData\Roaming\WildTangentv1001
2010-04-18 21:57 . 2010-04-21 02:13 -------- d-----w- C:\BigFishGamesCache
2010-04-18 01:21 . 2010-04-18 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-18 01:02 . 2010-04-18 01:02 -------- d-----w- c:\programdata\GameHouse
2010-04-18 00:22 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-04-17 21:06 . 2010-04-17 21:06 -------- d-----w- c:\users\Reggie\AppData\Roaming\WildTangentv1001
2010-04-17 18:47 . 2010-04-17 18:47 -------- d-----w- c:\users\Reggie\AppData\Roaming\PlayFirst
2010-04-17 15:37 . 2010-04-17 15:37 -------- d-----w- c:\users\Lance\AppData\Roaming\Malwarebytes
2010-04-17 02:47 . 2010-04-17 02:47 -------- d-----w- c:\users\Reggie\AppData\Roaming\Malwarebytes
2010-04-17 01:53 . 2010-04-17 01:53 -------- d-----w- c:\programdata\WildTangentv1005
2010-04-17 00:58 . 2010-04-17 00:58 -------- d-----w- c:\users\Lynn\AppData\Roaming\FlowPlay
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\users\Lynn\AppData\Roaming\Malwarebytes
2010-04-16 23:24 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\programdata\Malwarebytes
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 23:24 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 00:15 . 2010-04-16 00:15 -------- d-----w- c:\program files\Sony Online Entertainment
2010-04-15 19:32 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 19:32 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 19:32 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 19:32 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-04-15 19:32 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-04-15 19:31 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 19:31 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 19:31 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 19:31 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 19:31 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 19:31 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 19:30 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2010-04-15 19:30 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2010-04-15 19:30 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2010-04-15 19:30 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-15 19:30 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2010-04-15 19:30 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2010-04-15 19:30 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-04-15 19:30 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2010-04-15 19:30 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2010-04-15 19:30 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-04-15 19:30 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2010-04-15 19:30 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2010-04-15 19:21 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 19:20 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 18:28 . 2010-04-15 18:28 -------- d-----w- c:\users\Lance\AppData\Local\Microsoft Games
2010-04-15 17:32 . 2010-04-15 17:32 -------- d-----w- c:\users\Lance\AppData\Roaming\WildTangent
2010-04-15 17:12 . 2010-04-15 17:12 -------- d-----w- c:\users\Lance\AppData\Roaming\SampleView
2010-04-15 15:54 . 2010-04-15 15:54 102424 ----a-w- c:\users\Lance\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-13 03:49 . 2010-04-13 03:49 -------- d-----w- c:\users\Reggie\AppData\Roaming\TikGames
2010-04-13 03:49 . 2010-04-13 03:49 -------- d-----w- c:\programdata\TikGames
2010-04-12 23:14 . 2010-04-12 23:20 -------- d-----w- c:\users\Reggie\AppData\Roaming\Template
2010-03-31 05:29 . 2010-03-31 05:29 -------- d-----w- c:\programdata\Sony Online Entertainment
2010-03-31 04:12 . 2010-03-31 04:12 -------- d-----w- c:\programdata\Beanbag Studios
2010-03-31 03:24 . 2010-03-31 03:24 -------- d-----w- c:\users\Lynn\AppData\Roaming\Gamelab
2010-03-31 01:38 . 2010-03-31 01:38 -------- d-----w- c:\users\Lynn\AppData\Roaming\Shape games
2010-03-30 20:15 . 2010-03-30 20:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-30 20:12 . 2010-03-30 20:12 -------- d-----w- c:\programdata\McAfee Security Scan
2010-03-30 20:12 . 2010-04-10 18:09 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-30 20:10 . 2010-03-31 01:32 -------- d-----w- c:\programdata\NOS
2010-03-27 04:49 . 2010-03-28 21:39 -------- d-----w- c:\users\Lynn\AppData\Roaming\Mind Control Software
2010-03-27 03:33 . 2010-03-27 03:33 -------- d-----w- c:\users\Lynn\AppData\Roaming\Gold Casual Games
2010-03-27 02:56 . 2010-03-27 02:56 -------- d-----w- c:\programdata\Operation Mania
2010-03-27 02:56 . 2010-03-27 02:56 -------- d-----w- c:\users\Lynn\AppData\Roaming\Pogo Games
2010-03-26 22:40 . 2010-03-26 22:40 -------- d-----w- c:\users\Lynn\AppData\Roaming\SaveThePuppy
2010-03-26 21:14 . 2010-03-26 21:14 -------- d-----w- c:\program files\Microsoft
2010-03-26 21:14 . 2010-03-26 21:14 -------- d-----w- c:\program files\MSN Toolbar
2010-03-26 21:07 . 2010-03-26 21:15 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-03-25 18:40 . 2010-03-25 18:40 -------- d-----w- c:\users\Lynn\AppData\Roaming\DivoGames
2010-03-25 17:36 . 2010-03-25 17:36 -------- d-----w- c:\users\Lynn\AppData\Roaming\QB9
2010-03-25 16:34 . 2010-03-25 16:34 -------- d-----w- c:\users\Lynn\AppData\Roaming\Braintonik
2010-03-25 16:34 . 2010-03-25 16:34 -------- d-----w- c:\programdata\Braintonik

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 00:31 . 2007-03-17 00:33 -------- d-----w- c:\program files\Gateway Games
2010-04-19 22:43 . 2007-04-30 22:31 -------- d-----w- c:\users\Lynn\AppData\Roaming\PlayFirst
2010-04-19 17:03 . 2008-04-21 03:28 -------- d-----w- c:\users\Lynn\AppData\Roaming\Ludia
2010-04-19 17:03 . 2008-04-21 03:28 -------- d-----w- c:\programdata\Ludia
2010-04-17 18:53 . 2007-03-17 00:33 -------- d-----w- c:\programdata\WildTangent
2010-04-17 18:47 . 2007-09-10 22:16 -------- d-----w- c:\programdata\PlayFirst
2010-04-16 14:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 14:55 . 2007-03-17 00:41 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 17:42 . 2008-03-12 02:36 -------- d-----w- c:\program files\Intermix_media
2010-04-15 15:53 . 2007-05-19 21:51 -------- d-----w- c:\program files\Common Files\Sandlot Shared
2010-04-15 15:52 . 2007-04-30 18:23 -------- d-----w- c:\program files\Common Files\AOL
2010-04-13 05:25 . 2007-05-04 01:43 -------- d-----w- c:\program files\AOL 9.0a
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-13 00:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-12 23:28 . 2008-01-01 20:00 -------- d-----w- c:\program files\Norton Security Scan
2010-04-12 23:14 . 2010-04-12 23:14 0 ----a-w- c:\users\Reggie\AppData\Roaming\wklnhst.dat
2010-04-12 23:08 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-12 23:08 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-12 22:56 . 2007-06-09 04:12 -------- d-----w- c:\program files\ArcSoft
2010-04-12 22:56 . 2007-03-17 00:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 20:32 . 2007-11-11 03:27 -------- d-----w- c:\program files\Nick Arcade
2010-03-30 20:29 . 2008-03-08 23:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-30 20:12 . 2007-03-17 00:50 -------- d-----w- c:\programdata\McAfee
2010-03-26 23:41 . 2008-05-30 15:21 -------- d-----w- c:\users\Lynn\AppData\Roaming\Flood Light Games
2010-03-26 23:41 . 2008-05-30 15:21 -------- d-----w- c:\programdata\Flood Light Games
2010-03-21 02:57 . 2010-03-21 02:57 -------- d-----w- c:\users\Lynn\AppData\Roaming\Frogwares
2010-03-21 02:57 . 2010-03-20 18:26 -------- d-----w- c:\program files\Alice in Wonderland
2010-03-21 01:56 . 2010-03-21 01:56 -------- d-----w- c:\users\Lynn\AppData\Roaming\Merscom
2010-03-21 01:56 . 2010-03-21 01:56 -------- d-----w- c:\programdata\Merscom
2010-03-21 00:55 . 2010-03-21 00:55 -------- d-----w- c:\programdata\Big Fish Games
2010-03-21 00:55 . 2010-03-13 23:50 -------- d-----w- c:\users\Lynn\AppData\Roaming\Big Fish Games
2010-03-20 20:39 . 2010-03-20 20:39 -------- d-----w- c:\users\Lynn\AppData\Roaming\BigFishv1002
2010-03-20 18:07 . 2007-09-05 01:13 -------- d-----w- c:\program files\bfgclient
2010-03-20 18:01 . 2010-03-20 18:01 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-12 15:53 . 2009-12-05 02:33 102424 ----a-w- c:\users\Reggie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 00:34 . 2007-04-30 20:41 6806 ----a-w- c:\users\Lynn\AppData\Roaming\wklnhst.dat
2010-02-28 23:15 . 2007-11-26 02:26 102424 ----a-w- c:\users\Lynn\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-28 21:06 . 2007-03-17 00:44 -------- d-----w- c:\program files\Microsoft Works
2010-02-24 17:16 . 2009-12-07 21:35 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-30 20:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 20:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-30 20:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-30 20:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-12 21:37 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-12 21:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-12 21:37 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-25 12:48 . 2010-02-24 19:09 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-24 19:09 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-24 19:09 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-24 19:09 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-24 19:09 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-24 19:09 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 19:09 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-24 19:09 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-24 19:09 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 19:11 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-05 20:14 . 2009-12-05 20:14 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-28 19:12 . 2008-01-01 03:08 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2008-01-01 03:08 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2008-01-01 03:08 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2008-01-01 03:08 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2008-01-01 03:08 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]
"HostManager"="c:\program files\Common Files\AOL\1177957379\ee\AOLSoftware.exe" [2006-09-26 50736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-09-21 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-05 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-13 354816]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 01:00]

2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 01:00]

2010-03-12 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-20 05:42]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [You must be registered and logged in to see this link.] files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\o0fpjvvp.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-21 11:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-21 11:46:46
ComboFix-quarantined-files.txt 2010-04-21 18:46
ComboFix2.txt 2010-04-18 21:18
ComboFix3.txt 2010-04-19 05:52

Pre-Run: 88,107,622,400 bytes free
Post-Run: 89,335,312,384 bytes free

- - End Of File - - 00C85E0D69D772C37145BA82F0563CEB

sweetpea_771
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-14
Gender Gender : Female
OS OS : Vista
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hello and I need help

Post by Belahzur on 21st April 2010, 9:17 pm

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Hello and I need help

Post by sweetpea_771 on 22nd April 2010, 2:24 am

Hello Belahzur,
I uninstalled ComboFix. Is this all I have to do to fix this problem. If I have to do system restore should I trust that the microsoft program I upgraded won't come back and infect my computer again?

Thank you for helping.

Lynn

sweetpea_771
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-04-14
Gender Gender : Female
OS OS : Vista
Points Points : 24418
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Hello and I need help

Post by Belahzur on 22nd April 2010, 6:51 pm

Hello.
No need to do a system restore, the malware is gone now.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum