Jump to content

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:22:03 PM, on 5/25/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4141

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

5/25/2010 6:07:47 PM

mbam-log-2010-05-25 (18-07-47).txt

Scan type: Quick scan

Objects scanned: 123127

Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\PJ\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1060933

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Keyword Elite 2.0 Toolbar - {c93defc5-00ec-4a13-b760-177001208408} - C:\Program Files\Keyword_Elite_2.0\tbKeyw.dll (file missing)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\PJ\AppData\Local\Temp\low\COUPON~1.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Keyword Elite 2.0 Toolbar - {c93defc5-00ec-4a13-b760-177001208408} - C:\Program Files\Keyword_Elite_2.0\tbKeyw.dll (file missing)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Keyword Elite 2.0 Toolbar - {c93defc5-00ec-4a13-b760-177001208408} - C:\Program Files\Keyword_Elite_2.0\tbKeyw.dll (file missing)

O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\PJ\AppData\Local\Temp\low\CouponsBar.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9f14c7fa9b09e) (gupdate1c9f14c7fa9b09e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 9848 bytes

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Link to post
Share on other sites

Hello ,

And :welcome: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 5/26/2010 5:57:36 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\PJ\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 47.36 Gb Free Space | 21.26% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 6.78 Gb Free Space | 67.75% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JESUSPROVISION

Current User Name: PJ

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/26 17:44:49 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\PJ\Downloads\OTL.exe

PRC - [2010/04/05 00:12:02 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/03/18 03:54:06 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

PRC - [2010/02/28 19:04:02 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2010/01/04 18:04:22 | 000,959,824 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

PRC - [2010/01/04 18:02:10 | 001,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

PRC - [2010/01/04 11:39:21 | 000,116,024 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock.exe

PRC - [2009/11/24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

PRC - [2009/11/10 11:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

PRC - [2009/08/03 10:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2008/09/03 12:53:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2007/05/14 05:03:20 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (SafeList) ==========

MOD - [2010/05/26 17:44:49 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\PJ\Downloads\OTL.exe

MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/20 22:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/02/28 19:04:02 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)

SRV - [2010/01/04 18:02:10 | 001,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)

SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)

SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2009/11/10 10:27:06 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)

DRV - [2009/10/13 09:22:50 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)

DRV - [2009/08/10 20:06:28 | 000,069,936 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)

DRV - [2009/07/15 09:17:58 | 000,203,056 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (sbtis)

DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/01/20 22:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 22:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 22:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 22:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 22:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 22:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 22:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 22:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 22:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 22:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 22:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 22:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 22:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 22:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 22:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 22:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 22:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 22:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 22:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 22:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 22:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 22:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/05/21 07:35:14 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2007/05/14 05:08:48 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)

DRV - [2007/05/14 05:03:22 | 001,773,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c93defc5-00ec-4a13-b760-177001208408} - C:\Program Files\Keyword_Elite_2.0\tbKeyw.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1060933

IE - HKCU\..\URLSearchHook: {c93defc5-00ec-4a13-b760-177001208408} - C:\Program Files\Keyword_Elite_2.0\tbKeyw.dll File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Free Traffic Bar Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1734448&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Free Traffic Bar Customized Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3

FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0

FF - prefs.js..extensions.enabledItems: {B97F57B9-1B42-4aed-9475-0022600C62DC}:2.3

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.5.6.0

FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.1

FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.0

FF - prefs.js..extensions.enabledItems: {F807FACD-E46A-4793-B345-D58CB177673C}:3.5.1

FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.9

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {7104ec46-5dfb-4609-84f0-915970e383d7}:2.5.6.0

FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363

FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.0.7

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315

FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01

FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2428397&SearchSource=2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 16:54:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/05 00:13:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2010/04/24 14:16:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/05/03 19:02:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/07 23:25:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/07 23:25:42 | 000,000,000 | ---D | M]

[2010/04/16 00:40:42 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Extensions

[2010/04/16 00:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PJ\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}

[2009/10/16 00:50:43 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/05/25 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions

[2010/02/18 15:50:36 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

[2009/07/03 07:53:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/11/10 07:51:01 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

[2010/02/18 15:51:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/02/18 15:50:51 | 000,000,000 | ---D | M] (Thirty Day Challenge Toolbar) -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\{7104ec46-5dfb-4609-84f0-915970e383d7}

[2009/10/16 21:37:02 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/02/18 15:50:36 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}

[2010/03/26 07:59:22 | 000,000,000 | ---D | M] (Google Global) -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}

[2010/03/26 07:59:31 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}

[2009/10/21 00:17:07 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\FFToolbar@upromise

[2010/03/13 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\firebug@software.joehewitt.com

[2009/12/13 14:21:06 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\fireform@mozilla.org

[2009/12/12 11:15:02 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\firefox@tvunetworks.com

[2009/10/24 12:00:58 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\plugin@yontoo.com

[2010/02/18 15:50:51 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\rankchecker@seobook.com

[2009/12/12 11:15:04 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\seo4firefox@seobook.com

[2009/10/21 00:16:33 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\seoquake-plugin-ask@seoquake.com

[2009/10/21 00:16:33 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\seoquake-plugin-delicious@seoquake.com

[2009/10/21 00:16:33 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\seoquake-plugin-seolinx@seoquake.com

[2009/10/21 00:16:33 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\seoquake-plugin-technorati@seoquake.com

[2010/02/18 15:50:50 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\seotoolbar@seobook.com

[2010/03/13 18:29:02 | 000,000,000 | ---D | M] -- C:\Users\PJ\AppData\Roaming\Mozilla\Firefox\Profiles\zedmgkwm.default\extensions\yslow@yahoo-inc.com

[2010/05/07 23:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/10/24 12:01:12 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}

[2010/02/18 07:46:30 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2009/10/24 12:00:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\plugin@yontoo.com

[2010/03/31 11:20:50 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll

[2009/11/20 17:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2009/11/20 17:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\PJ\AppData\Local\Temp\low\COUPON~1.DLL File not found

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Keyword Elite 2.0 Toolbar) - {c93defc5-00ec-4a13-b760-177001208408} - C:\Program Files\Keyword_Elite_2.0\tbKeyw.dll File not found

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\PJ\AppData\Local\Temp\low\CouponsBar.dll File not found

O3 - HKLM\..\Toolbar: (Keyword Elite 2.0 Toolbar) - {c93defc5-00ec-4a13-b760-177001208408} - C:\Program Files\Keyword_Elite_2.0\tbKeyw.dll File not found

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Keyword Elite 2.0 Toolbar) - {C93DEFC5-00EC-4A13-B760-177001208408} - C:\Program Files\Keyword_Elite_2.0\tbKeyw.dll File not found

O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe File not found

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/25 18:59:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/05/25 18:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/25 07:56:51 | 000,000,000 | ---D | C] -- C:\Users\PJ\AppData\Roaming\Malwarebytes

[2010/05/25 07:56:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/05/25 07:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/05/25 07:56:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/05/25 07:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/24 18:19:59 | 000,000,000 | ---D | C] -- C:\Users\PJ\Desktop\IM Education

[2010/05/23 16:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai

[2010/05/23 14:47:15 | 000,000,000 | ---D | C] -- C:\Users\PJ\Desktop\re-Written Articles

[2010/05/22 07:08:07 | 000,000,000 | ---D | C] -- C:\Users\PJ\AppData\Local\cqdnkvlut

[2010/05/15 22:55:01 | 000,000,000 | ---D | C] -- C:\Users\PJ\Desktop\odiogo_listen_button

[2010/05/13 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\PJ\AppData\Roaming\EurekaLog

[2010/05/10 18:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters

[2010/05/10 18:10:23 | 000,000,000 | ---D | C] -- C:\Users\PJ\AppData\Local\Citrix

[2010/05/10 10:19:04 | 000,000,000 | ---D | C] -- C:\Users\PJ\Documents\Resumes

[2010/05/09 23:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS

[2010/05/09 23:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\PJ\*.tmp files -> C:\Users\PJ\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/26 18:00:07 | 003,932,160 | -HS- | M] () -- C:\Users\PJ\NTUSER.DAT

[2010/05/26 17:59:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/05/26 17:43:10 | 000,698,178 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/05/26 17:43:10 | 000,600,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/05/26 17:43:10 | 000,102,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/05/26 17:38:19 | 000,005,216 | ---- | M] () -- C:\Users\PJ\AppData\Local\d3d9caps.dat

[2010/05/26 17:38:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/26 17:37:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/05/26 17:37:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/05/26 17:37:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/05/26 17:37:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/05/26 17:37:25 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/26 17:36:15 | 000,524,288 | -HS- | M] () -- C:\Users\PJ\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms

[2010/05/26 17:36:15 | 000,065,536 | -HS- | M] () -- C:\Users\PJ\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf

[2010/05/26 17:36:13 | 003,426,394 | -H-- | M] () -- C:\Users\PJ\AppData\Local\IconCache.db

[2010/05/26 09:23:02 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9663D50D-7833-49B8-83DF-AE947456BBB3}.job

[2010/05/25 18:21:07 | 000,001,876 | ---- | M] () -- C:\Users\PJ\Desktop\HijackThis.lnk

[2010/05/25 18:10:59 | 000,002,645 | ---- | M] () -- C:\Users\PJ\Desktop\Traffic Mania - BlogBot.lnk

[2010/05/25 18:10:13 | 000,002,635 | ---- | M] () -- C:\Users\PJ\Desktop\Traffic Mania - RSSBot.lnk

[2010/05/25 07:56:33 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/24 19:10:09 | 000,002,659 | ---- | M] () -- C:\Users\PJ\Desktop\Traffic Mania - VideoBot.lnk

[2010/05/24 18:38:25 | 001,164,800 | ---- | M] () -- C:\Users\PJ\Desktop\incansoft issues.doc

[2010/05/24 18:31:48 | 000,000,520 | ---- | M] () -- C:\Users\PJ\Desktop\slicksocialpro - Shortcut.lnk

[2010/05/24 18:28:18 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2010/05/24 18:22:13 | 000,002,673 | ---- | M] () -- C:\Users\PJ\Desktop\Desktop Acquisition Manager.lnk

[2010/05/23 20:56:38 | 000,002,643 | ---- | M] () -- C:\Users\PJ\Desktop\Content Mania.lnk

[2010/05/23 16:15:46 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk

[2010/05/23 14:45:14 | 000,002,649 | ---- | M] () -- C:\Users\PJ\Desktop\SocialBot.lnk

[2010/05/23 09:24:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null

[2010/05/20 18:53:01 | 000,003,228 | ---- | M] () -- C:\Users\PJ\Desktop\index.php

[2010/05/17 14:59:32 | 000,108,920 | ---- | M] () -- C:\Users\PJ\g2ax_customer_downloadhelper_win32_x86.exe

[2010/05/16 17:49:25 | 000,000,751 | ---- | M] () -- C:\Users\PJ\Desktop\LeapFrog Connect.lnk

[2010/05/13 20:36:04 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Tutor.com Classroom.lnk

[2010/05/12 15:03:18 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010/05/10 18:10:23 | 000,103,720 | ---- | M] () -- C:\Users\PJ\GoToAssistDownloadHelper.exe

[2010/05/07 23:25:45 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/05/05 06:38:22 | 000,018,944 | ---- | M] () -- C:\Users\PJ\Desktop\adswaps.xls

[2010/05/05 06:38:12 | 000,018,944 | ---- | M] () -- C:\Users\PJ\Documents\adswaps.xls

[2010/05/03 19:02:19 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/05/03 18:58:20 | 000,325,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/04/28 21:59:38 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/04/28 13:40:26 | 000,466,944 | ---- | M] (Invenda Corporation) -- C:\Windows\System32\BSTIEPrintCtl1.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\PJ\*.tmp files -> C:\Users\PJ\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 18:21:07 | 000,001,876 | ---- | C] () -- C:\Users\PJ\Desktop\HijackThis.lnk

[2010/05/25 07:56:33 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/24 18:38:25 | 001,164,800 | ---- | C] () -- C:\Users\PJ\Desktop\incansoft issues.doc

[2010/05/24 18:28:17 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2010/05/23 16:15:46 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk

[2010/05/20 18:53:01 | 000,003,228 | ---- | C] () -- C:\Users\PJ\Desktop\index.php

[2010/05/17 14:59:31 | 000,108,920 | ---- | C] () -- C:\Users\PJ\g2ax_customer_downloadhelper_win32_x86.exe

[2010/05/16 17:49:25 | 000,000,751 | ---- | C] () -- C:\Users\PJ\Desktop\LeapFrog Connect.lnk

[2010/05/16 17:49:25 | 000,000,520 | ---- | C] () -- C:\Users\PJ\Desktop\slicksocialpro - Shortcut.lnk

[2010/05/12 15:03:18 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010/05/11 01:43:24 | 000,007,378 | ---- | C] () -- C:\Users\PJ\Desktop\widlink.php

[2010/05/10 18:10:22 | 000,103,720 | ---- | C] () -- C:\Users\PJ\GoToAssistDownloadHelper.exe

[2010/05/09 23:03:44 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2010/05/08 18:30:32 | 000,000,278 | ---- | C] () -- C:\Users\PJ\opt-in-copy.txt

[2010/05/07 23:25:45 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/05/05 22:55:15 | 000,000,504 | ---- | C] () -- C:\Users\PJ\fastincomeformula.txt

[2010/05/05 06:38:22 | 000,018,944 | ---- | C] () -- C:\Users\PJ\Desktop\adswaps.xls

[2010/05/05 06:38:12 | 000,018,944 | ---- | C] () -- C:\Users\PJ\Documents\adswaps.xls

[2010/04/30 15:59:14 | 000,001,238 | ---- | C] () -- C:\Users\PJ\infoproductkiller.txt

[2010/04/30 08:47:40 | 000,002,078 | ---- | C] () -- C:\Users\PJ\moreaffiliate.txt

[2009/12/25 08:59:56 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/13 09:05:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2008/09/25 10:35:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/09/03 15:36:55 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2008/09/03 15:36:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll

[2008/09/03 15:36:55 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

< End of report >

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 5/26/2010 5:57:36 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\PJ\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 47.36 Gb Free Space | 21.26% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 6.78 Gb Free Space | 67.75% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JESUSPROVISION

Current User Name: PJ

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FlockHTML] -- C:\Program Files\Flock\flock.exe (Flock, Inc.)

.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe File not found

.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe File not found

.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0BC53968-7BF3-4179-AB20-D114C9CB2D23}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

"{16BAE420-FA3E-49A4-82FD-AB78631048F2}" = rport=137 | protocol=17 | dir=out | app=system |

"{17B35178-57B3-4BC3-AD7C-68CEDB7F397F}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

"{2B59F4D1-0E70-4504-BF03-E1C737E6BB83}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{3D29FCBC-B24C-4708-A39D-AD05FC5ECBA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{50D70F2F-17D4-49A1-ACA9-654DA4E19A7A}" = lport=137 | protocol=17 | dir=in | app=system |

"{56137959-7639-40B3-908B-182A5E15AF81}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EC5299E-967C-40EC-9C3C-2A708E83396E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{70487AA4-401F-479B-BE34-D2FFE356B221}" = rport=138 | protocol=17 | dir=out | app=system |

"{97058458-F0A2-4186-8F8A-D50540CB7A41}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{98CDCEF0-2233-4555-82E4-62E494F53B34}" = lport=138 | protocol=17 | dir=in | app=system |

"{A49891B6-C0C7-4D5D-A40F-0D1B4F4FF9A2}" = lport=139 | protocol=6 | dir=in | app=system |

"{AFAAAE7F-4820-4E9B-9565-7EBA9FB416A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B27453E0-E443-4619-9D27-780C8D7A432B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B72EE0F5-FD1C-40AA-93DF-87D28E32AC79}" = rport=445 | protocol=6 | dir=out | app=system |

"{B9D5E537-96CF-4C0C-8656-047F84E3FA74}" = lport=445 | protocol=6 | dir=in | app=system |

"{D6A228EF-604D-447A-BF50-15AC851DAD0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{DF4CF69C-9870-41FD-B8B0-301F10EC6DEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F0ACF772-51E0-4B9A-932C-18FE9FBA4E21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FFAEA083-A126-41F4-BDB2-53334EC385BD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2856F080-3F8E-4609-8556-553504056B3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{2CC9B0F6-9F6C-4565-AF12-44ED38913C8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{353C4639-7301-4508-B171-0C211C53E4E8}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{3C37D19D-C114-48C3-91BE-078CF1E85447}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{4F626FEA-8789-445D-B140-FEA86397D78A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{5B4F31D4-E6F1-4C70-8D62-C3EAF66EE20B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{6F690141-E2AF-4CB8-9D58-CDFB0C81F13B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{76E692CB-4825-4BF1-9693-E5A8D69B470F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{860B9CA0-F82A-42D3-82DD-4B0988E4DF8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{92732743-6CBA-4D83-91EE-D23583C28E44}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{B31693CA-EB54-4143-86B2-45F9F5B2F31F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{F124AF62-6C71-4EF6-A02D-1727D3AFFAFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"TCP Query User{129F17C8-1E2C-432B-A6F0-C09033BA4A1E}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"TCP Query User{A1A5982D-655A-4C3C-A6A2-50E14F118BA9}C:\program files\koe\magic article submitter\magic article submitter.exe" = protocol=6 | dir=in | app=c:\program files\koe\magic article submitter\magic article submitter.exe |

"TCP Query User{AFC9EC25-1451-4C6B-86F0-FCDC9631AAAD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{DE86F934-5A01-473F-B98D-085DCB554449}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

"UDP Query User{301C7A39-F666-440F-B6A1-5309EA596CEE}C:\program files\koe\magic article submitter\magic article submitter.exe" = protocol=17 | dir=in | app=c:\program files\koe\magic article submitter\magic article submitter.exe |

"UDP Query User{3FDC6EF6-B1B8-43CF-AD5E-CFD95C1118A9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"UDP Query User{4A8DCC05-6B0E-4A38-8EA4-CDE0BCA8DE30}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{5B30DC8C-3053-4C1B-A6EF-0C2C5B6F8039}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{04179174-F3AC-4CE6-BBBE-83B46D5041CB}" = SocialBot

"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant

"{126A0FEB-8413-4DA2-8056-29ACB7C93546}" = Tutor.com Classroom

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1BB744F5-793A-4F94-A019-4EFD792370B8}" = BlogBot

"{210309F3-7A5A-474C-B474-390D99C6A257}" = VIPRE Antivirus + Antispyware

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14

"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1

"{2A3B323E-24DB-8AE8-73D2-2F93CE055F54}" = Market Samurai

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{305C3094-6921-4683-AEE7-DA78AF3F54B2}" = Desktop Acquisition Manager

"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7E15C4B8-85FC-4539-94F2-8280C0B213A3}" = LeapFrog Tag Plugin

"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect

"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AF3DCBE-16A0-496E-8068-C3D36A589134}_is1" = Clickbank Marketplace Product Detective 1.0

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90206544-8DAA-416E-8D78-A6A3352BC10B}" = PressBot

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{A0B1E09A-1FEA-4E45-9557-8B1871D43834}" = VideoBot

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A661F592-AC09-4A48-83C4-F211FA52F289}" = Content Mania

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 1.3

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher

"{BE3CFE0A-B312-446D-A483-F88C85EF0EBB}" = Consign Design

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CC33E708-A795-4AB3-908A-8F45919BC097}" = LeapFrog My Pals Plugin

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-27 21:03:58

Windows 6.0.6002 Service Pack 2

Running: 5n8fsfuo.exe; Driver: C:\Users\PJ\AppData\Local\Temp\uwlyipob.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[5668] ntdll.dll!LdrLoadDll 77609390 5 Bytes JMP 000913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)

AttachedDevice \Driver\tdx \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)

AttachedDevice \Driver\tdx \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi again, please run the following script and afterwards let me know how things are running. What problems do you still have left?

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555

Folder::
c:\users\PJ\AppData\Local\cqdnkvlut

Driver::
UWLYIPOB

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.