Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How do I delete "Myway.MyWebSearch" [Closed]


  • This topic is locked This topic is locked

#1
Wildcard_EZ

Wildcard_EZ

    Member

  • Member
  • PipPip
  • 31 posts
Hey,
I'm having a problem getting rid of "Myway.MyWebSearch" and its componants. I have run Spybot, Ad-aware, Clamwin, Panda, a-squared Anti-malware, Spyware Doctor, CCleaner, Registry Mechanic and Hijackthis. They all find it, try to delete it and then come up with errors saying they can't. Spybot couldn't even when I ran it before startup. Any suggestions of how i can be rid of it are greatfully recieved. Thankyou.

Here is my Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:57, on 19/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ares.mp3.es/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Auto EPSON Stylus DX4000 Series on ALICE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S1230.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [MCAFInstaller_mpfins.ui] C:\WINDOWS\TEMP\mcu3F.tmp\MCAPPINS.exe /v=3 /start=mpfins.ui::default.htm
O4 - HKLM\..\Run: [MCAFInstaller_mskins.ui] C:\WINDOWS\TEMP\mcu2A2.tmp\MCAPPINS.exe /v=3 /start=mskins.ui::default.htm
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13591 bytes
  • 0

Advertisements


#2
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, Wildcard_EZ, and welcome to GeeksToGo!

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

The log for OTListIt2 will be very long and may not fit in one post, since there is a character limit on posts. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply. :)
  • 0

#3
Wildcard_EZ

Wildcard_EZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hey, thanks for the reply. Here is the OTListIt.Txt:

OTListIt logfile created on: 21/02/2009 20:21:15 - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Esmee\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.54 Mb Total Physical Memory | 512.32 Mb Available Physical Memory | 50.10% Memory free
2.41 Gb Paging File | 1.98 Gb Available in Paging File | 82.34% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 91.57 Gb Free Space | 39.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EZ
Current User Name: Esmee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Documents and Settings\Esmee\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (a2AntiMalware [Auto | Running]) -- C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (ACDaemon [Auto | Running]) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KService [Auto | Running]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (Norton Save and Restore [Auto | Running]) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe (Symantec Corporation)
SRV - (NSCService [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Symantec Core LC [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Wireless Adapter Configurator [Auto | Running]) -- C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe ()
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YPCService [On_Demand | Stopped]) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (adxapie [On_Demand | Stopped]) -- C:\Documents and Settings\Esmee\Local Settings\Temp\adxapie.sys ()
DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BLKWGU(Belkin) [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\BLKWGU.sys (Belkin Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\lvusbsta.sys (Labtec Inc.)
DRV - (MREMPR5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090221.004\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090221.004\NAVEX15.SYS (Symantec Corporation)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (PID_0928 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS (Labtec Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT73 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (SiSGbeXP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090217.002\SymIDSco.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SymSnap [Boot | Running]) -- C:\WINDOWS\System32\drivers\SymSnap.sys (StorageCraft)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (V2IMount [System | Running]) -- C:\WINDOWS\System32\drivers\V2iMount.sys (Symantec Corporation)
DRV - (ZDPSp50 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

O1 HOSTS File: (909 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all (Kontiki Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus DX4000 Series on ALICE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S1230.tmp" /EF "HKLM" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{03ccdb52-fc19-11dc-bc6c-00173f503e21}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\{eea23aae-bbb8-11dd-bd76-001731711185}\Shell - "" = AutoRun
O33 - MountPoints2\{eea23aae-bbb8-11dd-bd76-001731711185}\Shell\AutoRun - "" = Auto&Play

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/02/21 19:35:05 | 00,494,080 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Esmee\Desktop\OTListIt2.exe
[2009/02/19 22:57:13 | 00,000,438 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/02/19 22:57:12 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/02/19 22:57:08 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/02/19 22:23:44 | 00,000,448 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/02/19 22:23:43 | 00,000,362 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/02/19 22:23:41 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2009/02/19 21:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2009/02/18 18:18:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Esmee\Desktop\Scans
[2009/02/17 04:40:10 | 00,061,440 | ---- | C] (Windswept Software) -- C:\WINDOWS\System32\digitbox.ocx
[2009/02/17 04:40:09 | 00,000,000 | ---D | C] -- C:\Program Files\Alarm
[2009/02/16 21:00:59 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/02/16 01:38:12 | 00,231,627 | ---- | C] () -- C:\Documents and Settings\Esmee\My Documents\fflist.pdf
[2009/02/11 20:09:25 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/02/11 17:24:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Esmee\Application Data\.clamwin
[2009/02/11 17:24:09 | 00,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2009/02/11 17:02:51 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2009/02/11 17:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Esmee\My Documents\a-squared
[2009/02/11 16:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/02/11 16:50:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/11 01:53:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/11 01:52:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Esmee\Application Data\SUPERAntiSpyware.com
[2009/02/07 21:44:51 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/07 16:41:53 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/07 16:41:42 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/07 16:37:20 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/02/07 16:37:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/07 01:46:56 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/06 20:46:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/02/06 17:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/06 17:36:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/01/30 20:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Esmee\Local Settings\Application Data\ArcSoft
[2009/01/30 20:07:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Esmee\Application Data\Panasonic
[2009/01/30 20:07:07 | 00,000,026 | ---- | C] () -- C:\UpdaterforApp.ini
[2009/01/30 20:05:50 | 00,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
[2009/01/30 20:05:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/01/30 20:05:44 | 00,126,976 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\MediaImpression Slideshow.scr
[2009/01/30 20:05:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MediaImpression Slideshow
[2009/01/30 20:05:11 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2009/01/30 19:56:26 | 00,045,056 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\PhDi2.sys
[2009/01/30 19:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2009/01/30 19:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Esmee\Application Data\InstallShield

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/02/21 19:35:10 | 00,494,080 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Esmee\Desktop\OTListIt2.exe
[2009/02/21 19:32:06 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/02/21 19:30:05 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/02/21 19:25:13 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\Esmee\My Documents\My Sharing Folders.lnk
[2009/02/21 19:24:22 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/21 19:23:59 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/02/21 19:23:53 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/02/21 19:21:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/21 19:21:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/21 19:21:20 | 10,722,87744 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/20 01:30:55 | 05,835,852 | -H-- | M] () -- C:\Documents and Settings\Esmee\Local Settings\Application Data\IconCache.db
[2009/02/20 00:32:13 | 00,232,448 | ---- | M] () -- C:\Documents and Settings\Esmee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 22:57:14 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/02/18 18:05:41 | 00,022,350 | ---- | M] () -- C:\Documents and Settings\Esmee\Application Data\wklnhst.dat
[2009/02/18 14:50:33 | 00,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/18 14:50:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/18 14:50:33 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/02/17 04:15:36 | 00,000,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/02/16 21:02:32 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/16 21:02:32 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/16 21:02:31 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/16 16:41:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/16 01:38:12 | 00,231,627 | ---- | M] () -- C:\Documents and Settings\Esmee\My Documents\fflist.pdf
[2009/02/14 07:05:25 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/11 17:06:22 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/11 01:27:00 | 00,292,138 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts.bak
[2009/02/11 00:16:20 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
[2009/02/09 21:21:09 | 00,000,636 | ---- | M] () -- C:\Documents and Settings\Esmee\Desktop\µTorrent.lnk
[2009/02/07 16:41:37 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/07 16:40:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/06 19:47:41 | 00,004,192 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/02/06 17:46:15 | 00,292,138 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090211-012700.backup
[2009/02/03 23:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/31 16:05:18 | 01,667,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/30 20:07:07 | 00,000,026 | ---- | M] () -- C:\UpdaterforApp.ini

========== LOP Check ==========

[2009/02/11 01:53:15 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/06 21:38:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/07 16:37:41 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/11/19 16:16:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/10/21 16:44:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/06/07 16:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/06/07 16:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/07/14 14:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/07/14 14:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/02/06 20:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2007/08/03 21:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/01/28 00:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2008/09/04 22:43:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2008/01/10 00:37:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/04/17 23:32:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/01/04 16:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/02/21 20:27:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/02/07 16:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/07/12 18:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/07/15 15:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/07/12 19:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2008/03/02 16:03:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/12 11:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2006/12/06 20:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/07/23 23:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2008/12/19 01:14:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/01/04 16:56:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/01/04 16:40:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/02/19 23:28:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/11 01:53:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/08/11 19:22:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/02/19 23:06:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/01 18:29:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2006/12/02 17:45:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/06/07 16:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/08 17:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/12/06 20:47:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/03/02 15:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2008/01/15 16:45:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2006/12/17 15:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/02/19 23:06:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Esmee\Application Data
[2009/02/11 17:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\.clamwin
[2007/06/07 16:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\acccore
[2008/09/20 00:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Adobe
[2007/05/18 15:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\AdobeUM
[2006/12/02 20:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Ahead
[2008/04/07 01:48:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Apple Computer
[2007/08/23 15:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\ArchosLink
[2006/10/21 16:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\ATI
[2008/09/25 19:37:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Azureus
[2008/04/25 18:14:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Business Logic
[2008/04/18 18:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Cabos
[2007/06/10 01:31:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\DivX
[2008/11/19 00:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\dvdcss
[2007/06/04 19:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\funkitron
[2008/03/27 17:45:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Google
[2008/04/18 18:40:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Help
[2006/10/21 15:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Identities
[2009/01/30 19:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\InstallShield
[2006/12/08 20:54:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\InterVideo
[2007/08/20 14:17:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Macromedia
[2008/07/12 19:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\McAfee.com Personal Firewall
[2007/08/27 19:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Media Player Classic
[2008/11/21 21:04:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Esmee\Application Data\Microsoft
[2006/12/17 20:15:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Motive
[2008/08/27 19:42:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Mozilla
[2009/01/30 20:07:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Panasonic
[2007/07/24 23:17:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Pegasys Inc
[2008/12/19 01:14:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\PlayFirst
[2007/08/23 20:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Real
[2008/01/04 17:09:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Roxio
[2008/09/26 19:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Skype
[2008/09/26 19:40:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\skypePM
[2008/01/06 22:06:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Sonic
[2008/04/14 02:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\StumbleUpon
[2007/03/24 18:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Sun
[2009/02/11 20:11:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\SUPERAntiSpyware.com
[2007/11/09 23:55:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Symantec
[2007/07/23 23:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Talkback
[2006/12/03 21:38:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Template
[2009/02/21 20:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\uTorrent
[2007/08/01 19:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Viewpoint
[2007/06/25 18:30:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\vlc
[2008/03/05 21:49:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\WinRAR
[2008/02/22 21:52:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Esmee\Application Data\Yahoo!
[2009/02/16 16:41:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/02/14 07:05:25 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/02/21 19:30:05 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/10 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/02/21 19:23:59 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/02/19 22:57:14 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/02/21 19:21:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2008/12/01 20:04:34 | 00,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\TechGuys Scheduled Defrag.job
[2009/02/21 19:23:53 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE 2.job
[2009/02/21 19:32:06 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE.job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74699137
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Esmee\My Documents\Thumbs.db:encryptable
< End of report >
  • 0

#4
Wildcard_EZ

Wildcard_EZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
And here's the Extras.Txt

OTListIt Extras logfile created on: 21/02/2009 20:21:15 - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Esmee\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.54 Mb Total Physical Memory | 512.32 Mb Available Physical Memory | 50.10% Memory free
2.41 Gb Paging File | 1.98 Gb Available in Paging File | 82.34% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 91.57 Gb Free Space | 39.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EZ
Current User Name: Esmee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger ()
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1181234111\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1181234111\ee\aim6.exe:*:Enabled:AIM File not found
C:\Documents and Settings\Esmee\My Documents\utorrent.exe:*:Enabled:µTorrent File not found
C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Documents and Settings\Esmee\My Documents\Important Stuff\Intalation Programs\utorrent.exe:*:Enabled:µTorrent File not found
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client File not found
C:\Program Files\Qnext\qnext.exe:*:Enabled:Qnext File not found
C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ File not found
C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service (Kontiki Inc.)
C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb File not found
C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray File not found
C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client File not found
C:\Program Files\Norton 360\MAINSTUB.EXE:*:Enabled:Norton 360 (Symantec Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire File not found
C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B1C719C-3547-4007-86DA-3C214DBE400B}" = ArchosLink
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2274624C-5B38-41AD-AD27-CEC0924EB628}" = Adobe Setup
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = GearDrvs
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{54358FF9-7E78-42EA-8CC8-CDA0A466B7CA}" = Symantec Real Time Storage Protection Component
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8C8814-00DF-4F4B-BBC7-E817531416CC}" = Norton Spyware Scan
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE8E9B7-A286-44BF-0080-C947C6C1FC21}" = FIFA 07
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B0255743-165B-4BD5-8DA8-37DFB993B101}" = Norton Save and Restore
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7777E08-1344-42E8-975B-6F541F9ADBD8}" = ATI Catalyst Control Center
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BDC4AC60-96F3-11D5-AE1E-0000210292ED}" = Packard Bell DSC3 Installer Shield
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Labtec WebCam Software
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C92A5A89-B218-46F7-8898-77C52113FFE0}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDD55C1D-FC16-41F7-9E8D-884466E622EC}" = Roxio Easy DVD Copy 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D7A53E41-3F32-4A44-989C-53DDEBB2130C}" = Adobe Extension Manager CS3
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E0A192C7-2C4A-4F7D-99A6-F7347E0FEAC9}" = Poker Masters
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run™
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"4oD" = 4oD
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_bbef028176efa5abf0233d3e1747be8" = Adobe Fireworks CS3
"Adobe_cbb2ea61da9c780bd7e47a5230a9ed7" = Adobe Stock Photos CS3
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Alarm_is1" = Alarm 2.0.4
"All ATI Software" = ATI - Software Uninstall Utility
"a-squared Anti-Malware_is1" = a-squared Anti-Malware 4.0
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"BT Home Hub" = BT Home Hub
"BT Softphone 1.5_is1" = BT Softphone 1.5.3.6
"BT Yahoo! Applications" = BT Yahoo! Applications
"btbb.MCCInstall" = BT Broadband Desktop Help
"CCleaner" = CCleaner (remove only)
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.94.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"DShow-WMA" = DirectShow WMA converter (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESDX4000_4050_CX3900" = ESDX4000_4050_CX3900
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"LHTTSENG" = L&H TTS3000 British English
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Master of Olympus - Zeus" = Master of Olympus - Zeus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Plato DVD Ripper_is1" = Plato DVD Ripper 7.87
"PowerISO" = PowerISO
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"QcDrv" = Labtec® Camera Driver
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure 1.5.2.7
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Shockwave" = Shockwave
"SpellForce" = SpellForce
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"Vikki Blows " = Vikki Blows Screen Saver
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XoftSpySE" = XoftSpySE
"XP Codec Pack" = XP Codec Pack
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ArchosLink" = ArchosLink
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/02/2009 21:12:06 | Computer Name = EZ | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 15/02/2009 21:12:06 | Computer Name = EZ | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 16/02/2009 10:42:51 | Computer Name = EZ | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 16/02/2009 10:42:51 | Computer Name = EZ | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 16/02/2009 13:15:25 | Computer Name = EZ | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 8.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16/02/2009 13:15:35 | Computer Name = EZ | Source = Application Hang | ID = 1001
Description = Fault bucket 1106953062.

Error - 16/02/2009 20:06:45 | Computer Name = EZ | Source = Application Error | ID = 1000
Description = Faulting application update.exe, version 5.5.0.53, faulting module
update.exe, version 5.5.0.53, fault address 0x003bf20f.

Error - 19/02/2009 17:56:51 | Computer Name = EZ | Source = Application Hang | ID = 1002
Description = Hanging application RunAlyzer.exe, version 1.6.0.22, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/02/2009 17:56:53 | Computer Name = EZ | Source = Application Hang | ID = 1001
Description = Fault bucket 959761012.

Error - 19/02/2009 19:06:02 | Computer Name = EZ | Source = pctsSvc.exe | ID = 0
Description =

[ System Events ]
Error - 16/02/2009 14:31:28 | Computer Name = EZ | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 16/02/2009 20:00:05 | Computer Name = EZ | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 17/02/2009 00:23:36 | Computer Name = EZ | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 17/02/2009 14:25:32 | Computer Name = EZ | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 18/02/2009 02:12:30 | Computer Name = EZ | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 18/02/2009 07:59:36 | Computer Name = EZ | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 19/02/2009 14:09:18 | Computer Name = EZ | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 20/02/2009 12:41:30 | Computer Name = EZ | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 20/02/2009 17:54:16 | Computer Name = EZ | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 21/02/2009 15:23:41 | Computer Name = EZ | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.


< End of report >
  • 0

#5
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 6 Update 12.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u12-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u12-windows-i586-p.exe and select "Run as an Administrator.")

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ 6 Update 11


  • Please double-click OTListIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Files
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\Esmee\Application Data\Viewpoint
    C:\Program Files\Viewpoint
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
  • Click the red Run Fix button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTListIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTListIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply, along with the OTListIt2 Moved Files log, and a new HijackThis log.

  • 0

#6
Wildcard_EZ

Wildcard_EZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is the OTListIt2 Log

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
C:\Documents and Settings\Esmee\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\Esmee\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\Esmee\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\Esmee\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\Esmee\Application Data\Viewpoint\Viewpoint Media Player\Resources moved successfully.
C:\Documents and Settings\Esmee\Application Data\Viewpoint\Viewpoint Media Player moved successfully.
C:\Documents and Settings\Esmee\Application Data\Viewpoint moved successfully.
File/Folder C:\Program Files\Viewpoint not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Esmee\Local Settings\Temp\~DFFEE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET9CD0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JET9D6D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3b0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.1.0 log created on 02212009_215253

Files moved on Reboot...
C:\Documents and Settings\Esmee\Local Settings\Temp\~DFFEE.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\JET9CD0.tmp not found!
File C:\WINDOWS\temp\JET9D6D.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_3b0.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_8b0.dat moved successfully.

Registry entries deleted on Reboot...

The Kaspersky Scan report is attached and below is the Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:17, on 22/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Auto EPSON Stylus DX4000 Series on ALICE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S1230.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13330 bytes

Attached Files


  • 0

#7
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Please post a new HijackThis log in your next reply.

Is your computer running better now?
  • 0

#8
Wildcard_EZ

Wildcard_EZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I'm afraid not Spybot is still finding "Myway.MyWebSearch" and cannot remove it.
  • 0

#9
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Can you tell me the filepath or registry paths it finds?
  • 0

#10
Wildcard_EZ

Wildcard_EZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The registry path is:
HKEY_USERS\S-1-5-21-2255801001-2913101256-807077043-1005\Software\FunWebProducts

I will also send you the Spybot log after the scan has finished completely.
  • 0

Advertisements


#11
Wildcard_EZ

Wildcard_EZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
My latest Spybot results are attached...

Attached Files


  • 0

#12
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
  • Please double-click OTListIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Reg
    HKEY_USERS\S-1-5-21-2255801001-2913101256-807077043-1005\Software\FunWebProducts
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
  • Click the red Run Fix button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTListIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTListIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Try scanning with Spybot again. Are you still getting it?
  • 0

#13
Wildcard_EZ

Wildcard_EZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Everytime I try to run the OTListIt2.exe fix it freezes and says it is not responding. Am I meant to change any of the settings?
  • 0

#14
handhfan

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#15
Wildcard_EZ

Wildcard_EZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Here is the log:

ComboFix 09-02-24.02 - Esmee 2009-02-25 0:04:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.353 [GMT 0:00]
Running from: c:\documents and settings\Esmee\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxserv.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-23 18:37 . 2009-02-23 18:37 <DIR> d-------- c:\program files\MSBuild
2009-02-23 18:34 . 2009-02-23 18:34 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-23 18:34 . 2009-02-24 19:53 46,640 --a------ c:\windows\system32\msln.exe
2009-02-23 18:31 . 2009-02-23 18:31 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-23 18:29 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-23 15:54 . 2009-02-23 15:54 0 --a------ c:\windows\system32\budda
2009-02-23 15:36 . 2009-02-23 15:36 <DIR> dr-h----- c:\documents and settings\Esmee\Application Data\SecuROM
2009-02-23 15:30 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-02-23 15:30 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-02-23 15:30 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-02-23 15:30 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2009-02-23 15:30 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2009-02-23 15:30 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2009-02-23 15:30 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2009-02-23 15:30 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll
2009-02-23 15:30 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2009-02-23 15:30 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2009-02-23 15:30 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2009-02-23 15:30 . 2007-10-22 03:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll
2009-02-23 15:28 . 2009-02-23 15:28 <DIR> d-------- c:\windows\Logs
2009-02-23 15:09 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2009-02-23 15:09 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2009-02-23 15:09 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2009-02-23 15:08 . 2009-02-23 15:08 <DIR> d-------- c:\windows\system32\xlive
2009-02-23 15:08 . 2009-02-23 15:08 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-02-23 04:56 . 2009-02-23 04:56 18,432 --a------ c:\windows\ss3unstl.exe
2009-02-23 02:09 . 2009-02-23 02:09 <DIR> d-------- c:\documents and settings\Esmee\Application Data\ArcSoft
2009-02-23 00:09 . 2009-02-23 00:09 <DIR> d-------- c:\program files\JoshMadison
2009-02-21 21:52 . 2009-02-21 21:52 <DIR> d-------- C:\_OTListIt
2009-02-21 21:42 . 2009-02-21 21:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-19 22:57 . 2009-02-19 23:11 <DIR> d-------- c:\program files\RegCure
2009-02-19 22:23 . 2009-02-19 23:28 <DIR> d-------- c:\program files\XoftSpySE
2009-02-19 21:52 . 2009-02-19 21:52 <DIR> d-------- c:\program files\Safer Networking
2009-02-17 04:40 . 2009-02-17 04:40 <DIR> d-------- c:\program files\Alarm
2009-02-17 04:40 . 2007-04-29 23:24 61,440 --a------ c:\windows\system32\digitbox.ocx
2009-02-13 04:05 . 2009-02-13 15:44 <DIR> d-------- c:\documents and settings\Esmee\th
2009-02-11 17:24 . 2009-02-11 17:24 <DIR> d-------- c:\program files\ClamWin
2009-02-11 17:24 . 2009-02-11 17:24 <DIR> d-------- c:\documents and settings\Esmee\Application Data\.clamwin
2009-02-11 17:24 . 2009-02-11 17:24 <DIR> d-------- c:\documents and settings\All Users\.clamwin
2009-02-11 17:02 . 2009-02-14 08:37 <DIR> d-------- c:\program files\a-squared Anti-Malware
2009-02-11 16:56 . 2009-02-19 23:14 <DIR> d-------- c:\program files\Panda Security
2009-02-11 16:50 . 2009-02-11 16:50 <DIR> d-------- c:\program files\Trend Micro
2009-02-11 01:53 . 2009-02-11 01:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-11 01:52 . 2009-02-11 20:11 <DIR> d-------- c:\documents and settings\Esmee\Application Data\SUPERAntiSpyware.com
2009-02-07 21:44 . 2009-02-07 16:41 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-07 16:41 . 2009-02-07 16:40 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-07 16:37 . 2009-02-07 16:37 <DIR> d-------- c:\program files\Lavasoft
2009-02-07 16:37 . 2009-02-07 16:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-07 01:46 . 2009-02-07 16:37 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 20:46 . 2009-02-06 20:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\ArcSoft
2009-02-06 17:36 . 2009-02-06 17:36 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-06 17:36 . 2009-02-23 18:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-30 20:07 . 2009-01-30 20:07 <DIR> d-------- c:\documents and settings\Esmee\Application Data\Panasonic
2009-01-30 20:07 . 2009-01-30 20:07 26 --a------ C:\UpdaterforApp.ini
2009-01-30 20:05 . 2009-01-30 20:05 <DIR> d-------- c:\windows\system32\MediaImpression Slideshow
2009-01-30 20:05 . 2009-01-30 20:07 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-01-30 20:05 . 2009-01-30 20:05 <DIR> d-------- c:\program files\ArcSoft
2009-01-30 20:05 . 2007-02-13 11:22 126,976 --a------ c:\windows\system32\MediaImpression Slideshow.scr
2009-01-30 20:05 . 2005-02-23 14:58 11,776 --a------ c:\windows\system32\drivers\afc.sys
2009-01-30 19:56 . 2009-01-30 19:56 <DIR> d-------- c:\program files\Panasonic
2009-01-30 19:56 . 2009-01-30 19:56 <DIR> d-------- c:\documents and settings\Esmee\Application Data\InstallShield
2009-01-30 19:56 . 2005-03-07 19:44 45,056 --a------ c:\windows\system32\PhDi2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 00:16 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-02-24 01:27 --------- d-----w c:\documents and settings\Esmee\Application Data\uTorrent
2009-02-23 19:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 19:23 --------- d-----w c:\program files\Rockstar Games
2009-02-23 16:12 22,350 ----a-w c:\documents and settings\Esmee\Application Data\wklnhst.dat
2009-02-21 21:35 --------- d-----w c:\program files\Java
2009-02-19 23:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-17 21:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-08 18:48 --------- d-----w c:\program files\Kontiki
2009-01-06 16:02 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 16:02 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 16:02 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 16:02 --------- d-----w c:\program files\Symantec
2009-01-03 05:17 --------- d-----w c:\program files\CCleaner
2009-01-03 01:58 --------- d-----w c:\program files\Audible
2008-01-04 16:58 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-09-16 22:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091620080917\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
backup=c:\windows\pss\Norton GoBack.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Esmee^Start Menu^Programs^Startup^wkcalrem.LNK]
backup=c:\windows\pss\wkcalrem.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2009-01-27 16:59 2784912 c:\program files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-02-07 16:40 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-04-17 14:14 98616 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
--------- 2007-08-22 13:34 936960 c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
--a------ 2006-12-07 06:59 935936 c:\program files\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-10 05:59 115816 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
--a------ 2008-11-09 10:20 86016 c:\program files\ClamWin\bin\ClamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 11:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series]
--a------ 2006-02-21 04:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBEE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
--a------ 2006-07-31 20:00 19857408 c:\program files\BT Broadband Talk Softphone\BTSoftphone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2004-12-14 18:57 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2004-12-14 18:51 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-12-14 18:19 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-12 18:05 1117184 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore]
--a------ 2006-03-03 20:36 1582744 c:\program files\Norton Save and Restore\Agent\NSRTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 23:50 233472 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:11 21811496 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-21 21:41 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-25 00:14 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-31 17:11 2478080 c:\progra~1\Yahoo!\MESSEN~1\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 c:\progra~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-06-26 13:48 509224 c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 16:43 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 15:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-08-23 18:08 16050688 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 16:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Ex"=2 (0x2)
"Norton Save and Restore"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Norton 360\\MAINSTUB.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-07 64160]
R2 EraserSvc10824;Symantec Eraser Service;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-15 99376]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 adxapie;adxapie;\??\c:\docume~1\Esmee\LOCALS~1\Temp\adxapie.sys --> c:\docume~1\Esmee\LOCALS~1\Temp\adxapie.sys [?]
S3 EraserUtilDrvI4;EraserUtilDrvI4;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI4.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI4.sys [?]
S4 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [2006-03-03 2107032]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03ccdb52-fc19-11dc-bc6c-00173f503e21}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea23aae-bbb8-11dd-bd76-001731711185}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TechGuys.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-07 16:40]

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-25 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-02-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2008-12-01 c:\windows\Tasks\TechGuys Scheduled Defrag.job
- c:\windows\system32\cmd.exe [2008-04-14 00:12]

2009-02-25 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-02-18 14:32]

2009-02-22 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-02-18 14:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SysMetrix - c:\program files\SysMetrix\SysMetrix.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://home.bt.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &Subscribe with ArchosLink - file://c:\program files\Archos\ArchosLink\\script.js
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Esmee\Application Data\Mozilla\Firefox\Profiles\73yrp661.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 00:14:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2255801001-2913101256-807077043-1005\Software\FunWebProducts\Settings\MSNMessenger]
@DACL=(02 0000)
"SessionCount"=dword:0000006a
"SessionTimestamp"=dword:000b583c

[HKEY_USERS\S-1-5-21-2255801001-2913101256-807077043-1005\Software\SecuROM\License information*]
"datasecu"=hex:82,41,a1,4c,ea,57,ff,3d,67,1f,72,8b,2e,a4,a0,1c,8a,f3,23,ec,9d,
0f,56,e8,33,89,05,fe,37,19,a1,36,fe,9c,4c,de,89,c5,1f,4c,05,2a,e6,f2,e6,64,\
"rkeysecu"=hex:21,c7,b0,98,6c,f8,26,57,08,dd,92,02,77,7b,35,e7
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1096)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2009-02-25 0:25:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-25 00:24:48

Pre-Run: 93,888,331,776 bytes free
Post-Run: 93,787,885,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

345 --- E O F --- 2009-02-11 17:18:09
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP