Jump to content

dds/gmer logs, bad infections on labtop


Recommended Posts

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Is there another way of cleaning these infections up without combofix or a format? I feel uneasy about running combofix on a machine like this since ive heard and was told that it causes more damage then good from a senior expert on the myspace tech forums long ago. It also did crash with a bsod when saving the ark.txt file. I think it was 0x000000F4.

Link to post
Share on other sites

Hi,

ComboFix can, in theory, cause damage. However, this happens just very rarely, and I'm quite sure it won't happen in your case. And even if it does cause some damage, I should be able to fix it.

Can you please reconsider running ComboFix? I wouldn't advice you to run very dangerous programs. :welcome:

If you still don't want to run ComboFix, then we can try a different approach if you want.

Link to post
Share on other sites

Hi,

ComboFix can, in theory, cause damage. However, this happens just very rarely, and I'm quite sure it won't happen in your case. And even if it does cause some damage, I should be able to fix it.

Can you please reconsider running ComboFix? I wouldn't advice you to run very dangerous programs. :welcome:

If you still don't want to run ComboFix, then we can try a different approach if you want.

Yes I would like to try a different approach but atm I am running dr web cure it to see if its still there with what I removed earlier with it so I will post the dr web log and try the TDSS killer updated zip i got a few days ago and see if it crashes into a BSOD.

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Whoops. Can someone move my recent posts from another topic to here as well as Gammos posts?

http://forums.malwarebytes.org/index.php?s...p;p=322549&

Everytime I run TDSS killer it crashes into a BSOD.

Link to post
Share on other sites

Well i ran it in safe mode twice and once by command line. The logfile never showed up but it did remove 5 infections. I did have a couple of issues with combofix and it auto restarted when it got to stage 3 and only worked with command line on safemode. CHKDSK automatically ran and i will try to have it run the full chkdsk and try to remove mcafee and put AVG on since i waited 3 hours for log to show etc.

So what else can i do? MBAM and sas has been ran but last time i tried i could not get spybot S@D to run :(.

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth code and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hi,

Please do not attach your logs as it is harder for me to read them that way. Post them instead:

OTL logfile created on: 10/6/2010 4:34:11 PM - Run 3

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\geauxfast\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 231.42 Gb Total Space | 184.00 Gb Free Space | 79.51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GEAUXFAST-PC

Current User Name: geauxfast

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/06 15:19:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\geauxfast\Desktop\OTL.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/06/25 23:24:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

PRC - [2010/06/15 22:48:34 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe

PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2008/08/04 16:46:38 | 001,242,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe

PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe

PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008/07/10 20:35:30 | 000,188,416 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

PRC - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2008/07/10 19:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

PRC - [2008/07/02 16:16:20 | 000,393,216 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

PRC - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

PRC - [2008/04/24 15:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2008/04/08 18:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

PRC - [2007/12/13 21:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe

PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/06 15:19:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\geauxfast\Desktop\OTL.exe

MOD - [2009/09/24 21:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll

MOD - [2009/04/11 01:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll

MOD - [2009/04/11 01:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll

MOD - [2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll

MOD - [2009/04/11 01:28:22 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

MOD - [2009/04/11 01:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll

MOD - [2009/04/11 01:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll

MOD - [2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll

MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/20 21:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll

MOD - [2008/01/20 21:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll

MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2008/01/20 21:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2009/11/04 16:13:15 | 000,030,192 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008/05/28 18:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)

SRV - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\GEAUXF~1\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/10/06 16:04:25 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Normandy.sys -- (Normandy)

DRV - [2010/10/03 19:59:11 | 000,053,248 | ---- | M] (eSage Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rk_remover.sys -- (rk_remover-boot)

DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/12/20 11:53:32 | 000,234,016 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2008/08/14 11:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/07/20 20:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2008/07/15 22:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2008/06/12 21:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/04/09 21:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/02/15 20:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2008/01/18 17:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016obex.sys -- (a016obex)

DRV - [2008/01/18 17:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016mdm.sys -- (a016mdm)

DRV - [2008/01/18 17:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)

DRV - [2008/01/18 17:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016mdfl.sys -- (a016mdfl)

DRV - [2008/01/18 17:16:22 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)

DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)

DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)

DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)

DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {f2257711-226b-4529-8e1d-e82e1c55ebd8} - C:\Program Files\Feboz\tbFeb1.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]

IE - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\..\URLSearchHook: {f2257711-226b-4529-8e1d-e82e1c55ebd8} - C:\Program Files\Feboz\tbFeb1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Secure Search"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {57E72829-C158-4341-BBED-58F0AD1740FD}:3.1

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/01 20:25:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/09 21:40:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/12 18:31:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/12 18:30:52 | 000,000,000 | ---D | M]

[2009/07/01 23:07:19 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\Mozilla\Extensions

[2009/02/09 00:45:23 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/08/25 23:38:53 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\Mozilla\Firefox\Profiles\cl1sreer.default\extensions

[2010/05/10 21:32:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\geauxfast\AppData\Roaming\Mozilla\Firefox\Profiles\cl1sreer.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/25 23:38:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\geauxfast\AppData\Roaming\Mozilla\Firefox\Profiles\cl1sreer.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/03/17 21:07:15 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\geauxfast\AppData\Roaming\Mozilla\Firefox\Profiles\cl1sreer.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}

[2010/03/04 00:29:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\geauxfast\AppData\Roaming\Mozilla\Firefox\Profiles\cl1sreer.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/10 21:32:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\geauxfast\AppData\Roaming\Mozilla\Firefox\Profiles\cl1sreer.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/01/10 14:22:25 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\Mozilla\Firefox\Profiles\cl1sreer.default\extensions\ChoiceGuard@Microsoft

[2009/07/01 23:06:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/05 23:09:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (Compliance6060 Toolbar) - {f2257711-226b-4529-8e1d-e82e1c55ebd8} - C:\Program Files\Feboz\tbFeb1.dll (Conduit Ltd.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Compliance6060 Toolbar) - {f2257711-226b-4529-8e1d-e82e1c55ebd8} - C:\Program Files\Feboz\tbFeb1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [cfFncEnabler.exe] File not found

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1821438892-1470541537-297907248-1000..\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)

O4 - HKU\S-1-5-21-1821438892-1470541537-297907248-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-1821438892-1470541537-297907248-1000..\Run: [TOSCDSPD] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 [2010/10/05 22:48:11 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010/10/05 22:48:11 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2010/10/05 22:48:11 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010/10/05 22:48:11 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010/10/05 22:48:11 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2010/10/05 22:48:11 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/10/05 22:48:11 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/10/05 22:48:11 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010/10/05 22:48:11 | 000,000,000 | ---D | M]

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1821438892-1470541537-297907248-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MarketBrowser.lnk - C:\Program Files\MarketBrowser\lmt\mktbrws.exe - ()

MsConfig - StartUpFolder: C:^Users^geauxfast^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 2

MsConfig - State: "bootini" - 0

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PEVSystemStart - Service

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: procexp90.Sys - Driver

SafeBootMin: rootrepeal.sys - Reg Error: Value error.

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PEVSystemStart - Service

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: procexp90.Sys - Driver

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour

ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{46AA243C-6639-4E0B-AB18-E7CA14FCCFBB} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/10/06 15:33:42 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\geauxfast\Desktop\OTL.exe

[2010/10/06 01:18:03 | 000,000,000 | -HSD | C] -- C:\found.001

[2010/10/06 01:13:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/10/06 01:13:33 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/10/06 01:13:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/10/06 01:13:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/10/06 01:03:45 | 000,000,000 | -HSD | C] -- C:\found.000

[2010/10/05 23:09:04 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Local\temp

[2010/10/05 22:49:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/10/05 22:49:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/10/05 22:49:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/10/05 22:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/05 22:46:47 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\Desktop\1

[2010/10/03 19:59:11 | 000,053,248 | ---- | C] (eSage Lab) -- C:\Windows\System32\drivers\rk_remover.sys

[2010/09/30 09:16:22 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\Desktop\mbam forum help

[2010/09/29 15:39:10 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Local\Apple

[2010/09/29 14:00:46 | 000,000,000 | ---D | C] -- C:\VundoFix Backups

[2010/09/29 12:27:32 | 000,000,000 | ---D | C] -- C:\Rustbfix

[2010/09/29 12:27:07 | 000,472,064 | ---- | C] ( ) -- C:\Users\geauxfast\Desktop\RootRepeal.exe

[2010/09/29 12:26:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\geauxfast\Desktop\HiJackThis.exe

[2010/09/29 12:26:30 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\Desktop\sd

[2010/09/29 12:02:26 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Local\Apple Computer

[2010/09/29 10:27:50 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Local\Adobe

[2010/09/29 10:21:39 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Roaming\SUPERAntiSpyware.com

[2010/09/29 10:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/09/29 10:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/09/29 00:34:21 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Roaming\Malwarebytes

[2010/09/29 00:34:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/09/29 00:34:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/09/29 00:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/29 00:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/28 23:32:29 | 000,350,208 | ---- | C] (eSage Lab) -- C:\Users\geauxfast\Desktop\remover.exe

[2010/09/27 20:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\QS

[2010/09/26 16:08:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/09/19 16:38:10 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Local\PokerStars.NET

[2010/09/19 16:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET

[2010/09/12 18:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/09/12 18:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/09/12 18:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/08/14 00:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/07/30 22:22:43 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Roaming\W Photo Studio

[2010/07/30 22:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Walgreens

[2010/07/30 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Roaming\Walgreens

[2010/07/30 22:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP

[2010/07/30 22:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Walgreens

[2010/07/30 22:19:26 | 000,000,000 | ---D | C] -- C:\Users\geauxfast\AppData\Roaming\W Photo Studio Viewer

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/06 16:36:43 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D4179384-CBB0-4265-9CAB-D5460FE0323C}.job

[2010/10/06 16:34:45 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{496581CD-FAC0-4C5C-B21F-D0796DD73324}.job

[2010/10/06 16:34:09 | 004,718,592 | -HS- | M] () -- C:\Users\geauxfast\ntuser.dat

[2010/10/06 16:34:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60C0BD0-C636-4BE9-8FD5-F1A2784D18C2}.job

[2010/10/06 16:30:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/06 16:27:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/06 16:27:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/06 16:27:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/10/06 16:27:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/06 16:26:52 | 000,524,288 | -HS- | M] () -- C:\Users\geauxfast\ntuser.dat{5368a238-322c-11df-a29f-001e3363f65c}.TMContainer00000000000000000001.regtrans-ms

[2010/10/06 16:26:52 | 000,065,536 | -HS- | M] () -- C:\Users\geauxfast\ntuser.dat{5368a238-322c-11df-a29f-001e3363f65c}.TM.blf

[2010/10/06 16:26:48 | 002,210,816 | -H-- | M] () -- C:\Users\geauxfast\AppData\Local\IconCache.db

[2010/10/06 16:04:25 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys

[2010/10/06 15:19:52 | 000,133,632 | ---- | M] () -- C:\Users\geauxfast\Desktop\RKUnhookerLE.EXE

[2010/10/06 15:19:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\geauxfast\Desktop\OTL.exe

[2010/10/05 23:09:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/10/05 22:44:16 | 000,012,045 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2010/10/05 21:50:57 | 260,890,180 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/10/03 19:59:11 | 000,053,248 | ---- | M] (eSage Lab) -- C:\Windows\System32\drivers\rk_remover.sys

[2010/10/03 19:58:22 | 000,064,512 | ---- | M] () -- C:\Windows\System32\umstartup.etl

[2010/10/03 18:25:43 | 000,000,000 | ---- | M] () -- C:\Users\geauxfast\Desktop\gmer.bat

[2010/10/03 15:53:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/30 19:55:31 | 000,000,000 | ---- | M] () -- C:\Users\geauxfast\defogger_reenable

[2010/09/30 18:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2010/09/30 09:04:14 | 000,000,583 | ---- | M] () -- C:\Users\geauxfast\Desktop\TeamViewerQS - Shortcut.lnk

[2010/09/30 00:33:01 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2010/09/29 22:45:39 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010/09/29 15:08:22 | 000,000,015 | ---- | M] () -- C:\Users\geauxfast\Desktop\settings.dat

[2010/09/29 10:21:33 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/09/29 00:34:12 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/28 23:09:16 | 000,036,222 | ---- | M] () -- C:\Users\geauxfast\Desktop\DrWeb1.csv

[2010/09/28 16:19:25 | 000,000,135 | ---- | M] () -- C:\Users\geauxfast\Desktop\DrWeb.csv

[2010/09/27 20:51:17 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/09/19 16:37:55 | 000,000,925 | ---- | M] () -- C:\Users\geauxfast\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk

[2010/09/19 16:37:55 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk

[2010/09/12 18:41:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/09/12 18:41:20 | 000,001,854 | ---- | M] () -- C:\Users\geauxfast\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/09/12 18:36:41 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/09/12 18:30:31 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/09/06 23:33:35 | 000,350,208 | ---- | M] (eSage Lab) -- C:\Users\geauxfast\Desktop\remover.exe

[2010/08/22 21:47:51 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/08/22 17:45:01 | 001,145,671 | ---- | M] () -- C:\Users\geauxfast\Desktop\IMLeadership-Google-Local-PDF10.pdf

[2010/08/15 10:11:31 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/08/15 10:11:31 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/08/15 10:11:31 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/08/14 21:35:06 | 000,412,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/07/30 22:22:24 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Walgreens W Photo Studio.lnk

[2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/06 16:04:14 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys

[2010/10/06 15:33:43 | 000,133,632 | ---- | C] () -- C:\Users\geauxfast\Desktop\RKUnhookerLE.EXE

[2010/10/05 22:49:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/10/05 22:49:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/10/05 22:49:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/10/05 22:49:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/10/05 22:49:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/10/05 22:20:23 | 000,002,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

[2010/10/03 18:25:43 | 000,000,000 | ---- | C] () -- C:\Users\geauxfast\Desktop\gmer.bat

[2010/09/30 19:55:31 | 000,000,000 | ---- | C] () -- C:\Users\geauxfast\defogger_reenable

[2010/09/30 19:52:37 | 260,890,180 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/09/30 09:04:14 | 000,000,583 | ---- | C] () -- C:\Users\geauxfast\Desktop\TeamViewerQS - Shortcut.lnk

[2010/09/29 15:07:21 | 000,000,015 | ---- | C] () -- C:\Users\geauxfast\Desktop\settings.dat

[2010/09/29 12:26:58 | 000,293,376 | ---- | C] () -- C:\Users\geauxfast\Desktop\gmer.exe

[2010/09/29 10:21:33 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/09/29 00:34:12 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/28 23:32:29 | 000,061,440 | ---- | C] () -- C:\Users\geauxfast\Desktop\TDL3_extract.exe

[2010/09/28 23:32:29 | 000,003,116 | ---- | C] () -- C:\Users\geauxfast\Desktop\wimfltr.inf

[2010/09/28 23:09:16 | 000,036,222 | ---- | C] () -- C:\Users\geauxfast\Desktop\DrWeb1.csv

[2010/09/28 16:19:25 | 000,000,135 | ---- | C] () -- C:\Users\geauxfast\Desktop\DrWeb.csv

[2010/09/27 20:59:27 | 000,000,400 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{D4179384-CBB0-4265-9CAB-D5460FE0323C}.job

[2010/09/24 22:35:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/09/19 16:37:55 | 000,000,925 | ---- | C] () -- C:\Users\geauxfast\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk

[2010/09/19 16:37:55 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk

[2010/09/12 18:41:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk

[2010/09/12 18:36:41 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/09/12 18:30:31 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/22 21:47:51 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/08/22 17:45:01 | 001,145,671 | ---- | C] () -- C:\Users\geauxfast\Desktop\IMLeadership-Google-Local-PDF10.pdf

[2010/07/30 22:22:24 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Walgreens W Photo Studio.lnk

[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2009/09/17 20:46:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/11 15:47:17 | 000,000,655 | ---- | C] () -- C:\Windows\aasinst.ini

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/18 22:06:41 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

[2009/03/24 07:40:24 | 000,005,972 | ---- | C] () -- C:\Users\geauxfast\AppData\Local\d3d9caps.dat

[2009/01/04 20:33:01 | 000,029,184 | ---- | C] () -- C:\Users\geauxfast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/28 22:42:49 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

[2008/12/28 21:36:00 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys

[2008/12/28 21:35:12 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys

[2008/12/28 21:15:45 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2008/12/28 21:15:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2008/12/28 21:15:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2008/12/28 21:15:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2008/08/14 14:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/08/14 14:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008/08/14 14:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008/08/14 14:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008/08/14 14:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2008/06/12 21:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll

[2008/04/24 21:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll

[2008/04/24 21:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll

[2008/04/24 21:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll

[2008/04/24 21:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll

[2008/04/24 21:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll

[2008/04/24 21:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll

[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/05/25 20:35:42 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/02/10 23:25:22 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\DriverCure

[2010/01/10 13:40:42 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\LimeWire

[2010/10/03 19:20:31 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\TeamViewer

[2010/03/16 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\TOSHIBA

[2009/09/06 22:06:15 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\Ulead Systems

[2010/08/15 10:24:11 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\W Photo Studio

[2010/07/30 22:19:36 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\W Photo Studio Viewer

[2010/07/30 22:22:16 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\Walgreens

[2009/07/06 21:17:15 | 000,000,000 | ---D | M] -- C:\Users\geauxfast\AppData\Roaming\webex

[2009/12/15 02:47:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2010/05/01 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

[2010/09/30 18:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2010/09/30 00:33:01 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2010/10/06 16:27:00 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/10/06 16:34:45 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{496581CD-FAC0-4C5C-B21F-D0796DD73324}.job

[2010/10/06 16:36:43 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D4179384-CBB0-4265-9CAB-D5460FE0323C}.job

[2010/10/06 16:34:00 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F60C0BD0-C636-4BE9-8FD5-F1A2784D18C2}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008/08/14 14:02:02 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009/11/09 21:40:27 | 000,001,589 | ---- | M] () -- C:\Mozilla Firefox.lnk

[2010/10/06 16:27:33 | 3396,612,096 | -HS- | M] () -- C:\pagefile.sys

[2010/10/03 13:31:40 | 000,061,058 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_03.10.2010_13.30.53_log.txt

[2010/09/29 15:05:42 | 000,000,239 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\Fonts\*.com >

[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/09/20 14:29:13 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

[2010/08/15 10:21:42 | 000,001,634 | -H-- | M] () -- C:\Users\geauxfast\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2008/08/14 14:01:51 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/08/14 14:01:46 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/08/14 14:01:51 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2008/08/14 14:01:58 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2008/08/14 14:01:59 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2009/03/26 18:51:28 | 000,000,286 | -HS- | M] () -- C:\Users\geauxfast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

[2010/04/02 14:08:37 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\geauxfast\Desktop\ATF-Cleaner.exe

[2009/12/19 11:30:40 | 000,293,376 | ---- | M] () -- C:\Users\geauxfast\Desktop\gmer.exe

[2010/05/03 15:17:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\geauxfast\Desktop\HiJackThis.exe

[2010/10/06 15:19:32 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\geauxfast\Desktop\OTL.exe

[2010/09/06 23:33:35 | 000,350,208 | ---- | M] (eSage Lab) -- C:\Users\geauxfast\Desktop\remover.exe

[2010/10/06 15:19:52 | 000,133,632 | ---- | M] () -- C:\Users\geauxfast\Desktop\RKUnhookerLE.EXE

[2009/08/13 12:14:18 | 000,472,064 | ---- | M] ( ) -- C:\Users\geauxfast\Desktop\RootRepeal.exe

[2010/04/28 17:11:47 | 000,061,440 | ---- | M] () -- C:\Users\geauxfast\Desktop\TDL3_extract.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

[2009/09/20 15:07:00 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk

[2009/09/20 15:06:30 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log

[2009/09/20 15:06:30 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs

[2009/09/20 15:06:30 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

[2009/09/20 15:06:30 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log

[2009/09/20 15:06:30 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2008/12/28 21:35:21 | 000,000,402 | -HS- | M] () -- C:\Users\geauxfast\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

[2008/12/28 22:42:49 | 000,005,115 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini

[2010/09/29 22:45:39 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

[2006/09/18 16:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\System32\acwizard.ico

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >

[2010/10/06 16:37:49 | 004,718,592 | -HS- | M] () -- C:\Users\geauxfast\ntuser.dat

< %UserProfile%\*.dll >

[2009/02/27 12:07:48 | 000,660,840 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\geauxfast\AcroPDF.dll

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

[2010/10/03 18:25:43 | 000,000,000 | ---- | M] () -- C:\Users\geauxfast\Desktop\gmer.bat

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

[2009/12/21 21:34:16 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv

[2009/12/21 21:34:16 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv

[2009/12/21 21:34:16 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Fire.rpv

[2009/12/21 21:34:16 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv

[2009/12/21 21:34:17 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >

[2010/02/07 00:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe

[2009/07/18 21:58:19 | 000,000,000 | ---D | M] -- C:\Program Files\Akamai

[2009/02/08 18:01:14 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update

[2009/08/11 13:58:00 | 000,000,000 | ---D | M] -- C:\Program Files\Auction-O-Matic

[2009/03/11 20:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest update

[2009/05/23 20:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\BlueVoda Website Builder

[2010/08/14 00:08:13 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour

[2008/12/28 21:03:28 | 000,000,000 | ---D | M] -- C:\Program Files\Camera Assistant Software for Toshiba

[2009/12/26 22:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner

[2008/12/28 21:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco

[2009/05/04 21:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix

[2010/10/05 23:07:35 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files

[2010/02/01 01:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit

[2008/08/14 14:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink

[2009/12/26 22:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler

[2010/05/31 20:16:50 | 000,000,000 | ---D | M] -- C:\Program Files\Feboz

[2010/01/10 14:00:14 | 000,000,000 | ---D | M] -- C:\Program Files\Google

[2009/06/30 21:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\Google Goggles

[2009/10/08 15:38:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2008/12/28 21:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Intel

[2010/08/14 01:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2008/08/14 14:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo

[2009/07/18 22:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit

[2009/09/09 22:16:32 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility

[2010/09/12 18:35:49 | 000,000,000 | ---D | M] -- C:\Program Files\iPod

[2009/12/14 22:40:05 | 000,000,000 | ---D | M] -- C:\Program Files\iPod(104)

[2010/09/12 18:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes

[2009/11/26 13:54:55 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes(105)

[2008/08/14 14:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java

[2008/12/28 21:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh

[2010/09/29 00:34:13 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/08 15:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\MarketBrowser

[2010/07/23 20:33:39 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee

[2008/12/28 22:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com

[2009/12/17 12:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft

[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games

[2008/12/28 20:49:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2009/12/17 12:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector

[2008/12/28 20:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant

[2010/09/10 07:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight

[2009/12/13 17:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2009/12/13 17:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework

[2008/12/28 20:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio

[2009/12/17 11:48:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works

[2010/06/25 22:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET

[2010/08/14 01:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker

[2010/09/27 21:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox

[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild

[2009/11/08 04:33:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache

[2008/08/14 14:59:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0

[2009/07/01 22:58:33 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters

[2010/03/12 17:33:27 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2

[2010/09/19 16:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET

[2010/09/27 20:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\QS

[2010/09/12 18:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime

[2009/11/26 13:44:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime(214)

[2009/12/21 21:26:07 | 000,000,000 | ---D | M] -- C:\Program Files\real

[2009/11/29 10:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\real(215)

[2008/12/28 20:58:06 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek

[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies

[2010/09/12 18:41:08 | 000,000,000 | ---D | M] -- C:\Program Files\Safari

[2009/02/08 21:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson

[2010/03/17 21:40:11 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy

[2010/09/29 10:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware

[2008/08/14 14:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics

[2008/12/28 21:25:14 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba

[2008/08/14 14:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Games

[2008/08/14 14:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Registration

[2008/08/14 14:25:39 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems

[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2010/07/30 22:22:03 | 000,000,000 | ---D | M] -- C:\Program Files\Walgreens

[2009/09/20 14:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar

[2009/09/20 14:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration

[2009/09/20 14:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender

[2009/09/20 14:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal

[2009/12/17 12:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live

[2009/12/17 12:05:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive

[2010/09/17 19:43:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail

[2008/08/14 14:28:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components

[2009/10/29 03:16:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2009/09/20 14:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery

[2009/11/17 19:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices

[2009/09/20 14:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

[2009/03/26 18:46:23 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

[2010/08/27 00:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\Zynga

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-28 17:52:03

< End of report >

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png


      Ok the only way i can update mbam is by cd. It will not work on my router for internet wireless by being plugged in. Where can i find the latest definition updates?
Link to post
Share on other sites

Hi,

You can transfer the Kaspersky AVP Tool with an USB flash drive or a CD.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the
    F8
    key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit
    enter
    .


  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • Hidden Startup Objects

  • System Memory

  • Disk Boot Sectors.

  • My Computer.

  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

Autoscan: completed 4 minutes ago (events: 116, objects: 867287, time: 02:25:53)

10/9/2010 3:16:05 PM Task started

10/9/2010 3:22:57 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\14b[1]\12b[1]\salespage\index.html

10/9/2010 3:23:37 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\14b[1]\12b[1]\salespage\index.html

10/9/2010 3:24:54 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\36b[1]\ArticleSubmitterRights.zip/ArticleSubmitterRights/index.html

10/9/2010 3:27:03 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\36b[1]\ArticleSubmitterRights.zip/ArticleSubmitterRights/index.html

10/9/2010 3:27:03 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\36b[1]\index.html

10/9/2010 3:27:12 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\36b[1]\index.html

10/9/2010 3:27:17 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\37b[1]\reprint-rights.html

10/9/2010 3:27:21 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\37b[1]\reprint-rights.html

10/9/2010 3:27:23 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/Sales-Letter-Creator-Rebrander/Template1.html

10/9/2010 3:27:27 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/Sales-Letter-Creator-Rebrander/Template1.html

10/9/2010 3:27:28 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/Sales-Letter-Creator-Rebrander/Template2.html

10/9/2010 3:27:30 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/Sales-Letter-Creator-Rebrander/Template2.html

10/9/2010 3:27:30 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/Sales-Letter-Creator-Rebrander/Template3.html

10/9/2010 3:27:35 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/Sales-Letter-Creator-Rebrander/Template3.html

10/9/2010 3:27:35 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/bin/Template1.html

10/9/2010 3:27:37 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/bin/Template1.html

10/9/2010 3:27:37 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/bin/Template2.html

10/9/2010 3:27:42 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/bin/Template2.html

10/9/2010 3:27:43 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/bin/Template3.html

10/9/2010 3:27:43 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/bin/Template3.html

10/9/2010 3:27:43 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/Template1.html

10/9/2010 3:27:43 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/Template1.html

10/9/2010 3:27:43 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/Template2.html

10/9/2010 3:27:43 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/Template2.html

10/9/2010 3:27:43 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/Template3.html

10/9/2010 3:27:43 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/Source-Code/SLC-Source-Code/Template3.html

10/9/2010 3:27:43 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/index.html

10/9/2010 3:27:43 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/index.html

10/9/2010 3:27:44 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/reprint-rights.html

10/9/2010 3:27:50 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights.zip/reprint-rights.html

10/9/2010 3:27:52 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\index.html

10/9/2010 3:27:54 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\index.html

10/9/2010 3:27:54 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\reprint-rights.html

10/9/2010 3:27:54 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\reprint-rights.html

10/9/2010 3:27:58 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\Sales-Letter-Creator-Rebrander\Template1.html

10/9/2010 3:28:00 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\Sales-Letter-Creator-Rebrander\Template1.html

10/9/2010 3:28:01 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\Sales-Letter-Creator-Rebrander\Template2.html

10/9/2010 3:28:04 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\Sales-Letter-Creator-Rebrander\Template2.html

10/9/2010 3:28:04 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\Sales-Letter-Creator-Rebrander\Template3.html

10/9/2010 3:28:07 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\Sales-Letter-Creator-Rebrander\Template3.html

10/9/2010 3:28:08 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\Template1.html

10/9/2010 3:28:10 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\Template1.html

10/9/2010 3:28:10 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\Template2.html

10/9/2010 3:28:12 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\Template2.html

10/9/2010 3:28:12 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\Template3.html

10/9/2010 3:28:14 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\Template3.html

10/9/2010 3:28:15 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\bin\Template1.html

10/9/2010 3:28:17 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\bin\Template1.html

10/9/2010 3:28:17 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\bin\Template2.html

10/9/2010 3:28:20 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\bin\Template2.html

10/9/2010 3:28:20 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\bin\Template3.html

10/9/2010 3:28:23 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\SalesLetterCreatorRights\Source-Code\SLC-Source-Code\bin\Template3.html

10/9/2010 3:28:24 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\Sales-Letter-Creator-Rebrander\InUse.html

10/9/2010 3:28:26 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\Sales-Letter-Creator-Rebrander\InUse.html

10/9/2010 3:28:27 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\Sales-Letter-Creator-Rebrander\Template1.html

10/9/2010 3:28:28 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\Sales-Letter-Creator-Rebrander\Template1.html

10/9/2010 3:28:29 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\Sales-Letter-Creator-Rebrander\Template2.html

10/9/2010 3:28:31 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\Sales-Letter-Creator-Rebrander\Template2.html

10/9/2010 3:28:32 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\Sales-Letter-Creator-Rebrander\Template3.html

10/9/2010 3:28:34 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\Sales-Letter-Creator-Rebrander\Template3.html

10/9/2010 3:28:37 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\Template1.html

10/9/2010 3:28:38 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\Template1.html

10/9/2010 3:28:39 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\Template2.html

10/9/2010 3:28:40 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\Template2.html

10/9/2010 3:28:41 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\Template3.html

10/9/2010 3:28:43 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\Template3.html

10/9/2010 3:28:44 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\bin\InUse.html

10/9/2010 3:28:46 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\bin\InUse.html

10/9/2010 3:28:47 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\bin\Template1.html

10/9/2010 3:28:49 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\bin\Template1.html

10/9/2010 3:28:49 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\bin\Template2.html

10/9/2010 3:28:51 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\bin\Template2.html

10/9/2010 3:28:51 PM Detected: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\bin\Template3.html

10/9/2010 3:28:53 PM Deleted: Trojan-Clicker.JS.Iframe.cb C:\Documents and Settings\geauxfast\Documents\37b[1]\Source-Code\SLC-Source-Code\bin\Template3.html

10/9/2010 3:29:40 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\about_rss[1]\index.htm

10/9/2010 3:29:45 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\about_rss[1]\index.htm

10/9/2010 3:29:45 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\about_rss[1]\reprint-rights.htm

10/9/2010 3:29:45 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\about_rss[1]\reprint-rights.htm

10/9/2010 3:29:48 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\articlesitedirectory[1]\index.htm

10/9/2010 3:29:48 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\articlesitedirectory[1]\index.htm

10/9/2010 3:29:51 PM Detected: Trojan-PSW.Win32.LdPinch.anrx C:\Documents and Settings\geauxfast\Documents\automatic_money_machine[1]\BYAMM.exe/ASPack

10/9/2010 3:29:53 PM Deleted: Trojan-PSW.Win32.LdPinch.anrx C:\Documents and Settings\geauxfast\Documents\automatic_money_machine[1]\BYAMM.exe

10/9/2010 3:29:59 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\blog_link_generator[1]\index.htm

10/9/2010 3:29:59 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\blog_link_generator[1]\index.htm

10/9/2010 3:30:05 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\create_ebook_without_writing[1]\index.htm

10/9/2010 3:30:05 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\create_ebook_without_writing[1]\index.htm

10/9/2010 3:30:05 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\create_ebook_without_writing[1]\reprint-rights.htm

10/9/2010 3:30:05 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\create_ebook_without_writing[1]\reprint-rights.htm

10/9/2010 3:30:34 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\index.htm

10/9/2010 3:30:34 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\index.htm

10/9/2010 3:30:36 PM Detected: P2P-Worm.Win32.Palevo.atkz C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\Sitemap Generator src\MfService\bin\Debug\MfService.dll

10/9/2010 3:41:27 PM Deleted: P2P-Worm.Win32.Palevo.atkz C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\Sitemap Generator src\MfService\bin\Debug\MfService.dll

10/9/2010 3:41:27 PM Detected: P2P-Worm.Win32.Palevo.atky C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\Sitemap Generator src\MfService\bin\Release\MfService.dll

10/9/2010 3:41:33 PM Deleted: P2P-Worm.Win32.Palevo.atky C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\Sitemap Generator src\MfService\bin\Release\MfService.dll

10/9/2010 3:41:34 PM Detected: P2P-Worm.Win32.Palevo.atkz C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\Sitemap Generator src\MfService\obj\Debug\MfService.dll

10/9/2010 3:43:09 PM Deleted: P2P-Worm.Win32.Palevo.atkz C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\Sitemap Generator src\MfService\obj\Debug\MfService.dll

10/9/2010 3:43:09 PM Detected: P2P-Worm.Win32.Palevo.atky C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\Sitemap Generator src\MfService\obj\Release\MfService.dll

10/9/2010 3:43:19 PM Deleted: P2P-Worm.Win32.Palevo.atky C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\Sitemap Generator src\MfService\obj\Release\MfService.dll

10/9/2010 3:43:20 PM Detected: P2P-Worm.Win32.Palevo.aqxs C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\SMC-Brander\MfService.dll

10/9/2010 3:43:22 PM Deleted: P2P-Worm.Win32.Palevo.aqxs C:\Documents and Settings\geauxfast\Documents\google_sitemap_maker[1]\SourceCode\SMC-Brander\MfService.dll

10/9/2010 3:46:30 PM Detected: Trojan-Clicker.HTML.IFrame.aer C:\Documents and Settings\geauxfast\Documents\membership_site_manager[1]\index.htm

10/9/2010 3:46:30 PM Deleted: Trojan-Clicker.HTML.IFrame.aer C:\Documents and Settings\geauxfast\Documents\membership_site_manager[1]\index.htm

10/9/2010 3:46:32 PM Detected: Trojan-Clicker.HTML.IFrame.aer C:\Documents and Settings\geauxfast\Documents\membership_site_manager[1]\reprint-rights.htm

10/9/2010 3:46:33 PM Deleted: Trojan-Clicker.HTML.IFrame.aer C:\Documents and Settings\geauxfast\Documents\membership_site_manager[1]\reprint-rights.htm

10/9/2010 3:47:38 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\podcasting_for_profit[1]\index.htm

10/9/2010 3:47:43 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\podcasting_for_profit[1]\index.htm

10/9/2010 3:47:43 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\podcasting_for_profit[1]\reprint-rights.htm

10/9/2010 3:47:43 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\podcasting_for_profit[1]\reprint-rights.htm

10/9/2010 3:47:44 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\podcasting_teleprompter[1]\index.htm

10/9/2010 3:47:44 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\podcasting_teleprompter[1]\index.htm

10/9/2010 3:47:45 PM Detected: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\podcasting_teleprompter[1]\reprint-rights.htm

10/9/2010 3:47:45 PM Deleted: HEUR:Trojan.Script.Iframer C:\Documents and Settings\geauxfast\Documents\podcasting_teleprompter[1]\reprint-rights.htm

10/9/2010 3:47:54 PM Detected: Trojan-PSW.Win32.LdPinch.anrx C:\Documents and Settings\geauxfast\Documents\sell_using_the_web[1]\sizzbrd.exe/ASPack

10/9/2010 3:47:56 PM Deleted: Trojan-PSW.Win32.LdPinch.anrx C:\Documents and Settings\geauxfast\Documents\sell_using_the_web[1]\sizzbrd.exe

10/9/2010 5:41:58 PM Task completed

All removed so what next? It did not crash anymore this time when i reran the dr web cure it but the updated version of spybot S@d in a zip ran on it still doesnt work. Only the installed application does for spybot.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.