hijackthis_file_1.txt ( 10.6K ) Number of downloads: 18
 hijackthis_file_1.txt ( 10.6K ) Number of downloads: 18
Hi,
I had this crop up today, black box, red title as per the topic title and white text system has been stopped due to a serious malfunction spyware activity has been detected, It ios recommended to use spyware removal tool to prevent data loss do not use the computer before all spyware removed.

I\get pop ups for advanced virus remover, a system warning message, and a message telling me my computer is infected. I cannot access my emails and everytime I try to access a site for help I get an access denied message due to the infection. I am now using a different laptop to do this with, I have uploaded a
hjt, file hopefully correctly. Look forward to any help you can give me.

Thanks

Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.

Hi, thanks for your reply, sorry for jumping the gun. I have gone through the recommendations listing and had a couple of problems along with some changes. TFC - not sure if it went as needed, blue screen with stop, problem detected and dumping physical memory to disc. System restore eventually worked. ERUNT did as shown. MBAM will not run, had to change the name and load that way, took ages, jusdt will not run the programme. Loaded Avast and scanned the system, found malware and a virus in the memoryu and asked for a boot scan. Did this, it found a virus in the windows file that could not be removed. Did a full system scan and found and deleted 3 issues, Win32 Zbot.bcw, WMA Wimad, Win32 DNS Changer - vj, it was unable to scan any boot records.Already updated windows critical updates this week, Microsoft will not allow site access due to my infection though. Reboot eliminated the virus scan popups and warnings, it held the system infected display for around 5 minutes then crashed, rebooted and got active desktop recovery screen that will not allow the restore button to work. Rootpeal and OTL all went as expected, hopefully the logs posted are correct
OTL logfile created on: 24/07/2009 21:57:14 - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.36 Mb Total Physical Memory | 173.66 Mb Available Physical Memory | 34.50% Memory free
1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.66% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.16 Gb Total Space | 10.93 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.75 Gb Total Space | 1.76 Gb Free Space | 46.83% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: n
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/04 10:13:14 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2004/01/06 12:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2004/02/13 10:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/24 12:57:30 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2004/05/21 07:54:58 | 00,139,264 | ---- | M] (OTi) -- C:\WINDOWS\System32\UStorSrv.exe
PRC - [2005/03/01 15:00:00 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2005/03/01 15:44:10 | 00,847,983 | ---- | M] (BT Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/10/14 14:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/10/14 14:46:24 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2005/10/14 14:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2008/06/23 18:41:22 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/05 21:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2004/08/19 14:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/04/24 12:57:28 | 00,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/07/24 17:28:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0038801208078005mcinstcleanup [Auto | Stopped])
SRV - File not found -- -- (0089561207507601mcinstcleanup [Auto | Stopped])
SRV - [2008/10/04 10:13:14 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2004/01/06 12:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2008/03/25 19:34:25 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/29 11:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/03/19 19:17:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a8bf97c3648 [Auto | Stopped])
SRV - [2009/03/24 19:11:47 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Stopped])
SRV - [2004/02/13 10:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap [Auto | Running])
SRV - [2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/04/24 12:57:30 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Auto | Running])
SRV - [2004/05/21 07:54:58 | 00,139,264 | ---- | M] (OTi) -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service [Auto | Running])
SRV - [2005/03/01 15:00:00 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2003/05/19 16:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.) -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore = http://www.iesearch.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ask.co.uk/
IE - URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/23 18:42:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 20:11:23 | 00,000,000 | ---D | M]

[2009/03/30 18:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\mozilla\Extensions
[2008/05/24 13:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\mozilla\Extensions\home2@tomtom.com
[2009/03/30 18:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2007/10/09 18:40:55 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\n\Application Data\Mozilla\FireFox\Profiles\tx9w9yp0.default\searchplugins\siteadvisor.xml

O1 HOSTS File: (230038 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 bis.180solutions.com
O1 - Hosts: 127.0.0.1 config.180solutions.com
O1 - Hosts: 127.0.0.1 cts.180solutions.com
O1 - Hosts: 127.0.0.1 downloads.180solutions.com
O1 - Hosts: 127.0.0.1 installs.180solutions.com
O1 - Hosts: 127.0.0.1 nowhere.180solutions.com
O1 - Hosts: 127.0.0.1 ping.180solutions.com
O1 - Hosts: 127.0.0.1 tv.180solutions.com
O1 - Hosts: 127.0.0.1 uploads.180solutions.com
O1 - Hosts: 127.0.0.1 public.zangocash.com
O1 - Hosts: 127.0.0.1 www.public.zangocash.com
O1 - Hosts: 127.0.0.1 static.zangocash.com
O1 - Hosts: 127.0.0.1 www.static.zangocash.com
O1 - Hosts: 127.0.0.1 www.zangocash.com
O1 - Hosts: 127.0.0.1 zangocash.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 2search.com
O1 - Hosts: 8068 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O2 - BHO: () - {25469879-7856-4D09-83C1-15D563C19D71} - C:\Documents and Settings\n\Local Settings\Temp\~DA.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
O2 - BHO: (no name) - {660F1E01-997E-4CF8-AFD7-422E0665E9F3} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: SecretService - {5199201E-60B4-11DE-85CF-260556D89593} - C:\Program Files\SecretService\protector.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: sentinelha.org.uk ([remote] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 27 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab (HMVDownloader Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1210107089109 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1194472173140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe [FILE handle not seen by OS]
O20 - Winlogon\Notify\hgGxUoLf: DllName - hgGxUoLf.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {08A8068E-53D1-42B2-B197-6D568843721F} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnmMfCV) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/13 15:35:58 | 00,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 14 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/07/24 20:22:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 18:07:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mware.lnk
[2009/07/24 18:07:49 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/24 18:07:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/24 18:07:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/24 18:07:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/24 18:05:05 | 00,000,352 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Shortcut to mbam-setup.zip
[2009/07/24 18:00:05 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/24 18:00:04 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/07/24 18:00:03 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/07/24 18:00:02 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/07/24 17:59:56 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/07/24 17:59:51 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/07/24 17:59:51 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/07/24 17:59:51 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/07/24 17:59:51 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/07/24 17:59:25 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/07/24 17:59:25 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/07/24 17:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/24 17:40:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/24 17:39:43 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\n\Desktop\NTREGOPT.lnk
[2009/07/24 17:39:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\n\Desktop\ERUNT.lnk
[2009/07/24 17:39:43 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/24 17:37:31 | 00,000,296 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Shortcut to SysRestorePoint.lnk
[2009/07/24 17:29:17 | 00,000,254 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Shortcut to TFC.lnk
[2009/07/23 16:42:59 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\n\My Documents\HJTInstall.exe
[2009/07/23 15:53:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/07/23 15:48:08 | 52,788,4288 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/23 15:41:29 | 06,568,480 | ---- | C] () -- C:\Documents and Settings\n\Desktop\SUPERAntiSpyware.exe
[2009/07/23 15:38:02 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[2009/07/23 15:38:02 | 00,000,000 | ---D | C] -- C:\Program Files\RogueRemover FREE
[2009/07/23 15:37:23 | 00,690,574 | ---- | C] (Malwarebytes ) -- C:\Documents and Settings\n\Desktop\rr-free-setup.exe
[2009/07/23 12:00:36 | 00,035,840 | ---- | C] () -- C:\WINDOWS\setup.exe
[2009/07/23 11:50:24 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Advanced Virus Remover.lnk
[2009/07/23 11:50:22 | 00,000,000 | ---D | C] -- C:\Program Files\AdvancedVirusRemover
[2009/07/23 11:47:58 | 00,000,831 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/07/17 06:29:49 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Paragon 09.doc

========== Files - Modified Within 14 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/07/24 21:48:39 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/24 21:46:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/24 21:46:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/24 21:46:01 | 52,788,4288 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/24 21:45:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/24 21:06:16 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/24 21:06:12 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/07/24 20:22:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 20:16:22 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\n\Desktop\NTREGOPT.lnk
[2009/07/24 20:16:22 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\n\Desktop\ERUNT.lnk
[2009/07/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/07/24 18:18:46 | 00,000,831 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/07/24 18:07:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mware.lnk
[2009/07/24 18:05:05 | 00,000,352 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Shortcut to mbam-setup.zip
[2009/07/24 18:00:05 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/24 18:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/07/24 17:59:51 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/24 17:37:31 | 00,000,296 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Shortcut to SysRestorePoint.lnk
[2009/07/24 17:29:17 | 00,000,254 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Shortcut to TFC.lnk
[2009/07/23 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/07/23 16:43:02 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\n\My Documents\HJTInstall.exe
[2009/07/23 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/07/23 15:41:29 | 06,568,480 | ---- | M] () -- C:\Documents and Settings\n\Desktop\SUPERAntiSpyware.exe
[2009/07/23 15:38:02 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[2009/07/23 15:37:27 | 00,690,574 | ---- | M] (Malwarebytes ) -- C:\Documents and Settings\n\Desktop\rr-free-setup.exe
[2009/07/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/07/23 12:00:36 | 00,035,840 | ---- | M] () -- C:\WINDOWS\setup.exe
[2009/07/23 12:00:09 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/07/23 11:50:24 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Advanced Virus Remover.lnk
[2009/07/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/07/23 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/07/22 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/07/22 20:33:23 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009/07/22 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/07/22 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/07/21 08:00:18 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/07/19 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/07/19 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/07/17 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/07/17 06:29:50 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Paragon 09.doc
[2009/07/17 06:23:33 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Microsoft Office Word 2003 (2).lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/07/24 18:07:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/13 12:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/01/10 11:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2006/11/09 20:48:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/12/01 12:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/03/25 20:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/04/05 16:55:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/07/30 07:36:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HMV
[2008/08/30 12:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/08/30 12:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2007/03/11 17:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA19.tmp
[2007/03/11 17:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA1B.tmp
[2007/03/11 17:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA22.tmp
[2006/07/29 19:19:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/03/15 14:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/04/11 12:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2008/04/15 21:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/10/29 18:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/01/04 18:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/10/09 21:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/07/23 13:30:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/06 19:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/03/10 15:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/12/30 14:15:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2006/08/27 11:12:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/01/10 11:41:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\n\Application Data
[2008/12/13 15:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Autodesk
[2009/01/10 11:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\AVS4YOU
[2007/01/01 19:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\BitTorrent
[2008/11/01 20:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2005/10/29 14:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\CyberLink
[2007/12/01 12:34:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\eBay
[2008/04/11 12:40:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\GetRightToGo
[2007/12/08 20:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\HMV
[2007/11/11 19:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\ICAClient
[2005/10/29 14:55:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Leadertech
[2009/07/11 14:59:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\LimeWire
[2007/04/25 19:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Motive
[2009/01/10 11:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Moyea
[2008/04/11 12:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\NCH Swift Sound
[2008/03/15 14:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Roxio
[2007/10/09 21:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\SecureMaker
[2006/03/27 11:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Share-to-Web Upload Folder
[2007/12/21 21:21:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\TomTom
[2009/07/08 22:20:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2009/07/22 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2009/07/23 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2009/07/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2009/07/23 12:00:09 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2009/07/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2009/07/19 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2009/07/19 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2009/07/23 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2009/07/23 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2009/07/24 18:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2009/07/22 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2009/07/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2009/07/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2009/07/22 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2009/06/20 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2009/07/17 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2009/07/21 08:00:18 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/24 21:46:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/07/24 21:06:12 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/24 21:06:16 | 00,000,884 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/07/24 21:45:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\n\My Documents\aaw2007.exe:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


OTL Extras logfile created on: 24/07/2009 21:57:14 - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.36 Mb Total Physical Memory | 173.66 Mb Available Physical Memory | 34.50% Memory free
1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.66% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.16 Gb Total Space | 10.93 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.75 Gb Total Space | 1.76 Gb Free Space | 46.83% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: n
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\RR-0922-014.exe" = C:\Documents and Settings\n\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\RR-0922-014.exe:*:enabled:B -- File not found
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"D:\Utils\UpgradeWizard\UpgradeBT\upgradeBThub.exe" = D:\Utils\UpgradeWizard\UpgradeBT\upgradeBThub.exe:*:Enabled:BT Home Hub Upgrade Wizard -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- File not found
"C:\Program Files\Windows Defender\MSASCui.exe" = C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:Windows Defender -- File not found
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\CyberEd\Trig\Trig.exe" = C:\Program Files\CyberEd\Trig\Trig.exe:*:Enabled:Trigonometry Problem Solver -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19ABFD8F-CB86-4965-9282-047FC27084F1}" = SQLXML 3.0 SP3
"{1AA811BB-8C74-4FAF-9BC3-33EE448DAB2A}" = USB Storage Driver
"{1AFAE2EB-BC93-4B28-9C7C-004BBF974E3C}" = BT Voyager 1065 Wireless Utility
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D8552A-4909-459E-B676-9FC4FBCD6237}" = UFD Utility
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5AA18C57-381C-4C99-8FE6-5EB1CB0A5BC0}" = ImageMixer
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities V1.28
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68CD2C2F-1271-11D7-9D8C-00E018AAC9EC}" = USB MP3 Driver v1.17r014
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{945B6035-54B5-4B9E-B23B-686A7DC8BDFB}" = USB Flash Disk
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA67205C-3E80-4062-9198-253A059DEE38}" = Diskeeper Professional Edition
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B535B621-5559-11DE-A7A1-005056806466}" = Google Earth Plugin
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Autodesk Student Community Download Tool_is1" = Autodesk Student Community Download Tool
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail Xe
"InstallShield_{36D8552A-4909-459E-B676-9FC4FBCD6237}" = UFD Utility
"InstallShield_{945B6035-54B5-4B9E-B23B-686A7DC8BDFB}" = USB Flash Disk
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"SerifDrawPlus40" = Serif DrawPlus 4.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"TomTom HOME" = TomTom HOME 2.6.3.1609
"UDisk_1.0" = UDisk 1.0
"WavePad" = WavePad Uninstall
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMP3Converter_is1" = WinMP3Converter 1.50
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zen Micro Media Explorer (for PlaysForSure devices)" = Zen Micro Media Explorer (for PlaysForSure devices)
"ZENcast Organizer" = ZENcast Organizer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 24/07/2009 15:24:17 | Computer Name = HOME | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

[ Application Events ]
Error - 24/07/2009 12:50:41 | Computer Name = HOME | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 mscorlib, P5 2.0.0.0, P6 471ebc5b, P7 182b, P8 68, P9 system.argumentoutofrange,
P10 NIL.

Error - 24/07/2009 13:01:06 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 24/07/2009 13:03:09 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 24/07/2009 13:04:26 | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 24/07/2009 13:17:33 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 24/07/2009 14:04:08 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 24/07/2009 15:01:07 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 24/07/2009 15:12:17 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 24/07/2009 16:01:07 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 24/07/2009 16:01:15 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

[ System Events ]
Error - 23/07/2009 12:00:00 | Computer Name = HOME | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 24/07/2009 12:22:29 | Computer Name = HOME | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer KODAK G600 printer dock share
name KODAK G600 printer dock.

Error - 24/07/2009 12:35:50 | Computer Name = HOME | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer KODAK G600 printer dock share
name KODAK G600 printer dock.

Error - 24/07/2009 12:36:54 | Computer Name = HOME | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 81dd6da0, parameter3
81dd6f14, parameter4 805c8c88.

Error - 24/07/2009 13:00:01 | Computer Name = HOME | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 24/07/2009 13:07:28 | Computer Name = HOME | Source = Pcmcia | ID = 393226
Description =

Error - 24/07/2009 14:06:27 | Computer Name = HOME | Source = System Error | ID = 1003
Description = Error code 000000d1, parameter1 e1ad1000, parameter2 00000002, parameter3
00000000, parameter4 aa69f0a5.

Error - 24/07/2009 15:00:00 | Computer Name = HOME | Source = Schedule | ID = 7901
Description = The At21.job command failed to start due to the following error: %%2147942402

Error - 24/07/2009 15:14:23 | Computer Name = HOME | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 822cf6e8, parameter3
822cf85c, parameter4 805c8c88.

Error - 24/07/2009 16:00:01 | Computer Name = HOME | Source = Schedule | ID = 7901
Description = The At22.job command failed to start due to the following error: %%2147942402


< End of report >


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/24 21:53
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA405000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF89DA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hjgruilrxoboxe.sys
Image Path: C:\WINDOWS\system32\drivers\hjgruilrxoboxe.sys
Address: 0xAA6B0000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9862000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: hjgruiyxympulk
Image PathC:\WINDOWS\system32\drivers\hjgruilrxoboxe.sys

Service Name: UACd.sys
Image PathC:\WINDOWS\system32\drivers\UACtlrrniqjpvdhbgodj.sys

==EOF==


there is no MBAM log as it won't run, I really hope this is enough information if not please let me know what else I need to do. I really, really appreciate the time and help with this, thanks in advance.

Sorry about the delay.

Step 1.
ComboFix:

Download ComboFix from one of these locations:

Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

1. The content of C:\ComboFix.txt from step 1.
2. The content of C:\lopR.txt from step 2.

Hi, again I really appreciate your time and help. My system will not allow ComboFix to run, it starts, gets as far as the small line of green tabs and then closes, flashes every icon on the desktop afterwards, after 3 attempts the programme was wiped from the system. LopSD ran fine and I have included that log.


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.60GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06
USER : n ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090726-1] 4.8.1335 (Not Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:10 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:3839 Mo (Free:1 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 27/07/2009|19:34 )

--------------------\\ Listing folders in APPLIC~1

[11/08/2004|17:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[11/08/2004|17:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[27/06/2005|22:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[01/11/2008|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun

[29/06/2009|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[30/10/2008|16:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[13/12/2008|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[10/01/2009|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[09/11/2006|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[03/04/2008|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\comodo
[17/02/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[01/12/2007|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eBay
[25/03/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[22/03/2009|18:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[22/07/2009|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[05/04/2008|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[30/07/2006|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HMV
[30/08/2008|12:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[30/08/2008|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[30/10/2008|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[02/09/2008|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
[04/10/2008|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[24/07/2009|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/03/2007|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MCA19.tmp
[11/03/2007|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MCA1B.tmp
[11/03/2007|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MCA22.tmp
[23/07/2009|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[02/11/2008|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29/07/2006|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[07/10/2007|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[15/03/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
[11/04/2008|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[15/04/2008|21:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[01/11/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[29/10/2005|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OLYMPUS
[04/01/2009|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
[29/10/2005|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[11/08/2004|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[03/12/2008|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[10/11/2007|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[31/10/2008|19:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[09/10/2007|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
[11/03/2007|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[27/07/2009|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[06/02/2008|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[10/03/2006|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[30/12/2008|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[22/01/2006|15:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/08/2006|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[10/03/2007|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[30/12/2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[11/03/2007|17:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion(2)

[11/08/2004|17:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[19/05/2009|21:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[11/08/2004|17:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/06/2005|22:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[01/11/2008|18:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[03/12/2008|19:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[12/03/2008|14:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\eBay
[12/03/2008|14:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[19/11/2007|18:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Identities
[01/08/2006|19:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[04/05/2008|20:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[20/05/2009|21:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore
[28/11/2006|18:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!

[01/11/2008|20:12] C:\DOCUME~1\n\APPLIC~1\Adobe
[22/08/2006|19:42] C:\DOCUME~1\n\APPLIC~1\AdobeUM
[11/04/2008|09:52] C:\DOCUME~1\n\APPLIC~1\Apple Computer
[13/12/2008|15:18] C:\DOCUME~1\n\APPLIC~1\Autodesk
[10/01/2009|11:18] C:\DOCUME~1\n\APPLIC~1\AVS4YOU
[01/01/2007|19:16] C:\DOCUME~1\n\APPLIC~1\BitTorrent
[01/11/2008|20:12] C:\DOCUME~1\n\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[18/02/2008|12:17] C:\DOCUME~1\n\APPLIC~1\Creative
[29/10/2005|14:22] C:\DOCUME~1\n\APPLIC~1\CyberLink
[01/12/2007|12:34] C:\DOCUME~1\n\APPLIC~1\eBay
[11/04/2008|12:40] C:\DOCUME~1\n\APPLIC~1\GetRightToGo
[22/03/2009|18:37] C:\DOCUME~1\n\APPLIC~1\Google
[13/03/2007|19:25] C:\DOCUME~1\n\APPLIC~1\Help
[27/03/2006|12:18] C:\DOCUME~1\n\APPLIC~1\Hewlett-Packard
[08/12/2007|20:11] C:\DOCUME~1\n\APPLIC~1\HMV
[11/11/2007|19:46] C:\DOCUME~1\n\APPLIC~1\ICAClient
[11/08/2004|17:20] C:\DOCUME~1\n\APPLIC~1\Identities
[06/02/2008|19:23] C:\DOCUME~1\n\APPLIC~1\InstallShield
[05/04/2008|20:40] C:\DOCUME~1\n\APPLIC~1\Lavasoft
[29/10/2005|14:55] C:\DOCUME~1\n\APPLIC~1\Leadertech
[11/07/2009|14:59] C:\DOCUME~1\n\APPLIC~1\LimeWire
[09/03/2008|00:45] C:\DOCUME~1\n\APPLIC~1\Macromedia
[14/11/2008|22:15] C:\DOCUME~1\n\APPLIC~1\Microsoft
[25/04/2007|19:15] C:\DOCUME~1\n\APPLIC~1\Motive
[10/01/2009|11:41] C:\DOCUME~1\n\APPLIC~1\Moyea
[24/05/2008|13:32] C:\DOCUME~1\n\APPLIC~1\Mozilla
[11/04/2008|12:41] C:\DOCUME~1\n\APPLIC~1\NCH Swift Sound
[19/03/2009|22:44] C:\DOCUME~1\n\APPLIC~1\Real
[15/03/2008|14:42] C:\DOCUME~1\n\APPLIC~1\Roxio
[09/10/2007|21:15] C:\DOCUME~1\n\APPLIC~1\SecureMaker
[27/03/2006|11:10] C:\DOCUME~1\n\APPLIC~1\Share-to-Web Upload Folder
[29/10/2005|14:55] C:\DOCUME~1\n\APPLIC~1\Sonic
[07/11/2008|22:35] C:\DOCUME~1\n\APPLIC~1\Sun
[07/10/2007|10:22] C:\DOCUME~1\n\APPLIC~1\Talkback
[21/12/2007|21:21] C:\DOCUME~1\n\APPLIC~1\TomTom
[30/12/2008|11:17] C:\DOCUME~1\n\APPLIC~1\Yahoo!

[11/08/2004|17:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[27/07/2009 19:01][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[27/07/2009 18:53][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[27/07/2009 18:54][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[20/06/2009 23:00][--a------] C:\WINDOWS\tasks\At24.job
[22/07/2009 22:00][--a------] C:\WINDOWS\tasks\At23.job
[24/07/2009 21:00][--a------] C:\WINDOWS\tasks\At22.job
[24/07/2009 20:00][--a------] C:\WINDOWS\tasks\At21.job
[24/07/2009 18:00][--a------] C:\WINDOWS\tasks\At19.job
[27/07/2009 19:00][--a------] C:\WINDOWS\tasks\At20.job
[23/07/2009 16:00][--a------] C:\WINDOWS\tasks\At17.job
[23/07/2009 17:00][--a------] C:\WINDOWS\tasks\At18.job
[19/07/2009 15:00][--a------] C:\WINDOWS\tasks\At16.job
[19/07/2009 14:00][--a------] C:\WINDOWS\tasks\At15.job
[23/07/2009 13:00][--a------] C:\WINDOWS\tasks\At14.job
[23/07/2009 12:00][--a------] C:\WINDOWS\tasks\At13.job
[23/07/2009 11:00][--a------] C:\WINDOWS\tasks\At12.job
[23/07/2009 10:00][--a------] C:\WINDOWS\tasks\At11.job
[22/07/2009 09:00][--a------] C:\WINDOWS\tasks\At10.job
[21/07/2009 08:00][--a------] C:\WINDOWS\tasks\At9.job
[17/07/2009 07:00][--a------] C:\WINDOWS\tasks\At8.job
[29/10/2008 21:16][--a------] C:\WINDOWS\tasks\At7.job
[29/10/2008 21:16][--a------] C:\WINDOWS\tasks\At6.job
[29/10/2008 21:16][--a------] C:\WINDOWS\tasks\At5.job
[29/10/2008 21:16][--a------] C:\WINDOWS\tasks\At4.job
[29/10/2008 21:16][--a------] C:\WINDOWS\tasks\At3.job
[29/10/2008 21:16][--a------] C:\WINDOWS\tasks\At2.job
[29/10/2008 21:16][--a------] C:\WINDOWS\tasks\At1.job
[08/07/2009 22:20][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[27/07/2009 18:52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[29/06/2009|09:18] C:\Program Files\Adobe
[24/07/2009|18:26] C:\Program Files\AdvancedVirusRemover
[24/07/2009|17:59] C:\Program Files\Alwil Software
[27/06/2005|22:08] C:\Program Files\Apoint
[30/10/2008|16:24] C:\Program Files\Apple Software Update
[13/03/2007|19:45] C:\Program Files\Application Compatibility Toolkit
[09/10/2007|21:15] C:\Program Files\AskSBar
[13/12/2008|15:13] C:\Program Files\Autodesk Student Community Download Tool
[09/11/2006|20:36] C:\Program Files\Avanquest update
[10/01/2009|11:24] C:\Program Files\AVS4YOU
[07/09/2008|09:24] C:\Program Files\Bonjour
[16/10/2007|16:35] C:\Program Files\BT Voyager
[29/07/2006|19:19] C:\Program Files\btbb_wcm
[06/04/2008|10:53] C:\Program Files\Canon
[30/12/2008|11:16] C:\Program Files\CCleaner
[23/02/2009|19:26] C:\Program Files\Citrix
[23/07/2009|13:39] C:\Program Files\Common Files
[11/08/2004|17:12] C:\Program Files\ComPlus Applications
[21/12/2005|18:10] C:\Program Files\CONEXANT
[07/09/2008|12:15] C:\Program Files\Creative
[17/02/2008|21:23] C:\Program Files\Creative Installation Information
[10/01/2009|11:29] C:\Program Files\Cucusoft
[07/03/2009|15:22] C:\Program Files\CyberEd
[29/10/2005|14:33] C:\Program Files\CyberLink
[27/06/2005|22:22] C:\Program Files\Dell
[29/03/2008|15:21] C:\Program Files\DIFX
[27/06/2005|22:21] C:\Program Files\Digital Line Detect
[01/12/2007|12:30] C:\Program Files\eBay
[24/07/2009|20:16] C:\Program Files\ERUNT
[22/02/2006|20:55] C:\Program Files\Executive Software
[29/06/2009|16:31] C:\Program Files\Google
[15/03/2007|20:59] C:\Program Files\Hewlett-Packard
[05/11/2005|15:31] C:\Program Files\iFormat_v411
[09/03/2008|22:03] C:\Program Files\ImTOO
[23/09/2008|18:58] C:\Program Files\IncrediMail
[04/01/2009|19:22] C:\Program Files\InstallShield Installation Information
[04/01/2009|18:57] C:\Program Files\Intel
[11/06/2009|22:38] C:\Program Files\Internet Explorer
[11/04/2009|11:37] C:\Program Files\Java
[14/04/2007|17:17] C:\Program Files\jv16 PowerTools 2006
[02/09/2008|20:44] C:\Program Files\Kodak
[04/10/2008|10:11] C:\Program Files\Lavasoft
[30/03/2009|18:51] C:\Program Files\LimeWire
[24/07/2009|20:22] C:\Program Files\Malwarebytes' Anti-Malware
[24/08/2008|21:45] C:\Program Files\Messenger
[29/10/2005|15:26] C:\Program Files\Microsoft ActiveSync
[11/08/2004|17:15] C:\Program Files\microsoft frontpage
[12/12/2008|23:23] C:\Program Files\Microsoft Office
[23/07/2009|09:39] C:\Program Files\Microsoft Silverlight
[29/10/2005|15:25] C:\Program Files\Microsoft.NET
[22/02/2006|20:58] C:\Program Files\Modem Helper
[05/11/2005|15:31] C:\Program Files\MosArt
[29/07/2006|19:19] C:\Program Files\Motive
[09/11/2006|20:36] C:\Program Files\Motorola Phone Tools
[06/05/2008|22:47] C:\Program Files\Movie Maker
[09/10/2007|21:15] C:\Program Files\Mozilla Firefox
[05/11/2005|15:28] C:\Program Files\MP3 Player Utilities V1.28
[12/12/2008|23:22] C:\Program Files\MSBuild
[23/09/2007|21:22] C:\Program Files\MSECache
[11/08/2004|17:11] C:\Program Files\MSN
[11/08/2004|17:11] C:\Program Files\MSN Gaming Zone
[25/06/2008|18:59] C:\Program Files\MSXML 4.0
[09/01/2009|19:23] C:\Program Files\MyWebSearch
[08/09/2008|19:16] C:\Program Files\NCH Swift Sound
[06/05/2008|22:42] C:\Program Files\NetMeeting
[03/12/2005|13:26] C:\Program Files\NetWaiting
[01/11/2008|19:55] C:\Program Files\NOS
[06/05/2008|21:34] C:\Program Files\Online Services
[06/05/2008|22:42] C:\Program Files\Outlook Express
[04/01/2009|18:07] C:\Program Files\PC Drivers HeadQuarters
[17/11/2005|12:17] C:\Program Files\PIXELA
[01/11/2008|18:24] C:\Program Files\QuickTime
[27/08/2006|18:33] C:\Program Files\Real
[12/12/2008|23:19] C:\Program Files\Reference Assemblies
[23/07/2009|15:38] C:\Program Files\RogueRemover FREE
[05/11/2008|19:18] C:\Program Files\Serif
[05/11/2005|15:33] C:\Program Files\Sigmatel
[03/12/2008|19:07] C:\Program Files\SiteAdvisor
[15/10/2007|19:05] C:\Program Files\Sky Broadband
[04/01/2009|19:22] C:\Program Files\Sonic
[31/10/2008|19:10] C:\Program Files\Spybot - Search & Destroy
[17/05/2009|17:54] C:\Program Files\SpywareBlaster
[28/05/2008|14:57] C:\Program Files\SQLXML 3.0
[07/11/2008|22:41] C:\Program Files\Sun
[29/10/2007|16:05] C:\Program Files\Support Tools
[08/04/2009|10:28] C:\Program Files\TomTom HOME 2
[08/04/2009|10:29] C:\Program Files\TomTom International B.V
[29/05/2008|10:43] C:\Program Files\Trend Micro
[05/11/2005|15:32] C:\Program Files\UDisk
[05/11/2005|15:31] C:\Program Files\UFDisk
[11/08/2004|17:20] C:\Program Files\Uninstall Information
[05/11/2005|15:30] C:\Program Files\USB Flash Disk Utility
[05/11/2005|15:30] C:\Program Files\USB FlashDisk
[31/10/2008|18:47] C:\Program Files\Windows Live Safety Center
[16/03/2008|16:58] C:\Program Files\Windows Live Toolbar
[13/09/2008|14:01] C:\Program Files\Windows Media Connect 2
[01/11/2008|18:33] C:\Program Files\Windows Media Player
[07/09/2008|09:38] C:\Program Files\Windows NT
[11/08/2004|17:13] C:\Program Files\WindowsUpdate
[26/11/2006|12:07] C:\Program Files\WinMP3Converter
[04/10/2008|11:59] C:\Program Files\Wyzo
[11/08/2004|17:15] C:\Program Files\xerox
[30/12/2008|11:17] C:\Program Files\Yahoo!
[03/12/2005|13:13] C:\Program Files\Zoom(2)

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/11/2008|20:05] C:\Program Files\Common Files\Adobe
[29/06/2009|09:17] C:\Program Files\Common Files\Adobe AIR
[10/01/2009|11:24] C:\Program Files\Common Files\AVSMedia
[17/02/2008|12:00] C:\Program Files\Common Files\Creative
[12/12/2008|23:23] C:\Program Files\Common Files\DESIGNER
[27/03/2006|11:09] C:\Program Files\Common Files\Hewlett-Packard
[27/06/2005|22:21] C:\Program Files\Common Files\InstallShield
[25/03/2008|19:34] C:\Program Files\Common Files\Macrovision Shared
[12/12/2008|23:15] C:\Program Files\Common Files\Microsoft Shared
[15/10/2007|18:43] C:\Program Files\Common Files\Motive
[11/08/2004|17:12] C:\Program Files\Common Files\MSSoap
[11/08/2004|17:07] C:\Program Files\Common Files\ODBC
[23/06/2008|18:42] C:\Program Files\Common Files\Real
[11/08/2004|17:12] C:\Program Files\Common Files\Services
[27/06/2005|22:23] C:\Program Files\Common Files\Sonic
[11/08/2004|17:07] C:\Program Files\Common Files\SpeechEngines
[27/06/2005|22:23] C:\Program Files\Common Files\SureThing Shared
[06/05/2008|22:42] C:\Program Files\Common Files\System
[04/10/2008|10:09] C:\Program Files\Common Files\Wise Installation Wizard
[23/06/2008|18:42] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 54 Processes )

Iexplore.exe ~ [PID:3128]
Iexplore.exe ~ [PID:2552]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme


--------------------\\ Searching for other infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\system32\VCfMmnpo.ini
C:\WINDOWS\system32\VCfMmnpo.ini2
==> VUNDO <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Photoshop CS3 Read Me.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\_crack_
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\Deployment.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\redist
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\Setup.exe
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\VersionInfo.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\WinBootstrapper.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\WinBootstrapper1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeALMAnchorServiceAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAssetServices3All
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAUM5.1All
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeBridge2All
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCameraRaw4.0All
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCMapsAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorCommonSetAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorNA_RecommendedAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorPhotoshopAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeFontsAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeHelpViewerAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeLinguisticsAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFL8All
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFSettingsNAEU
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePhotoshop10en_US_volume
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeStockPhotos1.5All
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeTypeSupportAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeVersionCueClient3All
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeWinSoftLinguisticsPluginAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeXMPPanelsAll
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\BridgeStartMeeting
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\setup.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAssetServices3All\AdobeAssetServices3All.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAssetServices3All\AdobeAssetServices3All.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAssetServices3All\AdobeAssetServices3All.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAssetServices3All\AdobeAssetServices3All1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAUM5.1All\AdobeAUM5.1All.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAUM5.1All\AdobeAUM5.1All.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAUM5.1All\AdobeAUM5.1All.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAUM5.1All\AdobeAUM5.1All1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeBridge2All\AdobeBridge2All.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeBridge2All\AdobeBridge2All.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeBridge2All\AdobeBridge2All.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeBridge2All\AdobeBridge2All1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCMapsAll\AdobeCMapsAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCMapsAll\AdobeCMapsAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCMapsAll\AdobeCMapsAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCMapsAll\AdobeCMapsAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorCommonSetAll\AdobeColorCommonSetAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorCommonSetAll\AdobeColorCommonSetAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorCommonSetAll\AdobeColorCommonSetAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorCommonSetAll\AdobeColorCommonSetAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\AdobeColorEU_ExtraSettingsAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\AdobeColorEU_ExtraSettingsAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\AdobeColorEU_ExtraSettingsAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\AdobeColorEU_ExtraSettingsAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\en_US.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\ja_JP.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\ko_KR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\zh_CN.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll\zh_TW.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\AdobeColorJA_ExtraSettingsAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\AdobeColorJA_ExtraSettingsAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\AdobeColorJA_ExtraSettingsAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\AdobeColorJA_ExtraSettingsAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\ar_AE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\cs_CZ.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\da_DK.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\de_DE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\el_GR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\en_GB.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\en_US.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\es_ES.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\fi_FI.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\fr_FR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\hu_HU.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\it_IT.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\nb_NO.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\nl_NL.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\pl_PL.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\pt_BR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\ru_RU.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\sv_SE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\tr_TR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorNA_RecommendedAll\AdobeColorNA_RecommendedAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorNA_RecommendedAll\AdobeColorNA_RecommendedAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorNA_RecommendedAll\AdobeColorNA_RecommendedAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorNA_RecommendedAll\AdobeColorNA_RecommendedAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorNA_RecommendedAll\en_US.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorPhotoshopAll\AdobeColorPhotoshopAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorPhotoshopAll\AdobeColorPhotoshopAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorPhotoshopAll\AdobeColorPhotoshopAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorPhotoshopAll\AdobeColorPhotoshopAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\ar_AE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\bg_BG.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\ca_ES.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\cs_CZ.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\da_DK.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\de_DE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\el_GR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\en_GB.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\en_US.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\es_ES.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\et_EE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\fi_FI.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\fr_FR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\he_IL.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\hr_HR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\hu_HU.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\it_IT.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\ja_JP.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\ko_KR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\lt_LT.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\lv_LV.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\nb_NO.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\nl_NL.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\pl_PL.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\pt_BR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\ro_RO.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\ru_RU.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\sk_SK.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\sl_SI.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\sv_SE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\tr_TR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\uk_UA.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\zh_CN.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\zh_TW.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Bitte lesen.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Ilgeobogi.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Lees mij.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Leggimi.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Lisez-moi.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 L‚ame.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Oyomikudasai.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Read Me.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Tu Wo Tang An.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Viktigt.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Zishu.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\ar_AE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\be_BY.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\bg_BG.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\ca_ES.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\cs_CZ.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\da_DK.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\de_DE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\el_GR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\en_GB.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\en_US.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\en_XC.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\en_XM.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\es_ES.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\es_QM.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\et_EE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\fi_FI.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\fr_FR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\fr_XM.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\he_IL.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\hi_IN.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\hr_HR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\hu_HU.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\is_IS.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\it_IT.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\ja_JP.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\ko_KR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\lt_LT.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\lv_LV.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\mk_MK.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\nb_NO.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\nl_NL.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\pl_PL.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\pt_BR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\ro_RO.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\ru_RU.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\sh_YU.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\sk_SK.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\sl_SI.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\sq_AL.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\sv_SE.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\th_TH.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\tr_TR.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\uk_UA.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\vi_VN.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\zh_CN.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\zh_TW.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeFontsAll\AdobeFontsAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeFontsAll\AdobeFontsAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeFontsAll\AdobeFontsAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeFontsAll\AdobeFontsAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeLinguisticsAll\AdobeLinguisticsAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeLinguisticsAll\AdobeLinguisticsAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeLinguisticsAll\AdobeLinguisticsAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeLinguisticsAll\AdobeLinguisticsAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFL8All\AdobePDFL8All.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFL8All\AdobePDFL8All.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFL8All\AdobePDFL8All.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFL8All\AdobePDFL8All1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFSettingsNAEU\AdobePDFSettingsAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFSettingsNAEU\AdobePDFSettingsAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFSettingsNAEU\AdobePDFSettingsAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFSettingsNAEU\AdobePDFSettingsAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePhotoshop10en_US_volume\AdobePhotoshop10en_US_volume.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePhotoshop10en_US_volume\AdobePhotoshop10en_US_volume.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePhotoshop10en_US_volume\AdobePhotoshop10en_US_volume.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePhotoshop10en_US_volume\AdobePhotoshop10en_US_volume1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePhotoshop10en_US_volume\en_US.mst
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeStockPhotos1.5All\AdobeStockPhotos1.5All.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeStockPhotos1.5All\AdobeStockPhotos1.5All.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeStockPhotos1.5All\AdobeStockPhotos1.5All.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeStockPhotos1.5All\AdobeStockPhotos1.5All1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\BridgeStartMeeting\BridgeStartMeeting.boot.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\BridgeStartMeeting\BridgeStartMeeting.msi
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\BridgeStartMeeting\BridgeStartMeeting.proxy.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\BridgeStartMeeting\BridgeStartMeeting1.cab
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\redist\WindowsInstaller-KB893803-v2-x86.exe
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\redist\WindowsServer2003-KB898715-ia64-enu.exe
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\redist\WindowsServer2003-KB898715-x64-enu.exe
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\redist\WindowsServer2003-KB898715-x86-enu.exe
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\redist\WindowsXP-KB898715-x64-enu.exe
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\main.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\main.xml
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\alert
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\scripts
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\alert\alert.css
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\alert\alert.html
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\alert\alert_ie.css
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\scripts\ContainerProxy.js
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\scripts\localization.js
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\scripts\silentWorkflow.js
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\scripts\utils.js
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media\css
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media\img
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media\css\styles.css
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media\img\progbarLeft_on.png
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media\img\progbarRight.png
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media\img\progbar_on.png
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media\img\progbox.png
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\_crack_\READ.txt
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\_crack_\ssg.nfo


[F:274][D:27]-> C:\DOCUME~1\n\LOCALS~1\Temp
[F:9][D:0]-> C:\DOCUME~1\n\Cookies
[F:383][D:5]-> C:\DOCUME~1\n\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 27/07/2009|19:56 - Option : [1]

--------------------\\ Scan completed at 19:56:55

Please delete ComboFix.exe from your desktop

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt .

Hi, I think we are getting somewhere !! ComboFix did run eventually and I have pasted the log here. I now have my normal desktop back and no pop ups so far, does this mean we are going in the right direction ? Look forward to hearing from you.

ComboFix 09-07-26.03 - n 27/07/2009 21:43.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.170 [GMT 1:00]
Running from: c:\documents and settings\n\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090727-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_ISDEL.EXE
C:\_SETUP.DLL
c:\documents and settings\n\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\n\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\n\Start Menu\Advanced Virus Remover.lnk
c:\program files\AdvancedVirusRemover
c:\program files\MyWebSearch
C:\SETUP.EXE
c:\windows\BMebd576cf.txt
c:\windows\BMebd576cf.xml
c:\windows\Fonts\a.zip
c:\windows\Installer\360f1.msp
c:\windows\setup.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\aqVreo18
c:\windows\system32\byjcvclm.ini
c:\windows\system32\drivers\hjgruilrxoboxe.sys
c:\windows\system32\drivers\UACtlrrniqjpvdhbgodj.sys
c:\windows\system32\glxwdkbx.ini
c:\windows\system32\hjgruigxlajrub.dll
c:\windows\system32\hjgruihcowjqbl.dat
c:\windows\system32\hjgruiiqltlhif.dat
c:\windows\system32\hjgruippjxvmkn.dll
c:\windows\system32\intr32.dll
c:\windows\system32\kelnuxvs.ini
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mmkrnpln.ini
c:\windows\system32\sdra64.exe
c:\windows\system32\UACewwknqdkqhaqnwdst.dll
c:\windows\system32\UACienesixren.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACoewpnnoenwgfhcyid.dll
c:\windows\system32\UAComdvtaqkrqteaqwyf.dll
c:\windows\system32\UACqqumqbwosrsuvcrov.dat
c:\windows\system32\UACvvnmixmytavjpvrur.dll
c:\windows\system32\VCfMmnpo.ini
c:\windows\system32\VCfMmnpo.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiyxympulk
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-27 20:27 . 2009-07-27 20:27 -------- d-s---w- C:\newvers
2009-07-27 18:33 . 2009-07-27 18:56 -------- d-----w- C:\Lop SD
2009-07-24 20:49 . 2009-07-24 21:05 14 ----a-w- c:\documents and settings\n\settings.dat
2009-07-24 17:07 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 17:07 . 2009-07-24 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 17:07 . 2009-07-24 17:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-24 17:07 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 17:00 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-24 17:00 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-24 17:00 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-24 16:59 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-24 16:59 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-24 16:59 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-24 16:59 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-24 16:59 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-24 16:59 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-24 16:59 . 2009-07-24 16:59 -------- d-----w- c:\program files\Alwil Software
2009-07-24 16:39 . 2009-07-24 19:16 -------- d-----w- c:\program files\ERUNT
2009-07-23 14:53 . 2009-07-23 14:53 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-23 14:38 . 2009-07-23 14:38 -------- d-----w- c:\program files\RogueRemover FREE
2009-07-23 12:28 . 2009-07-23 12:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-29 08:18 . 2009-06-29 08:17 38208 ----a-w- c:\documents and settings\n\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-29 08:17 . 2009-06-29 08:17 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 18:00 . 2008-10-04 10:47 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-27 17:54 . 2009-03-19 18:16 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-23 14:20 . 2008-12-03 17:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-23 08:39 . 2008-02-20 13:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-11 13:59 . 2008-03-09 12:19 -------- d-----w- c:\documents and settings\n\Application Data\LimeWire
2009-06-29 15:31 . 2006-08-05 19:03 -------- d-----w- c:\program files\Google
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 15:42 . 2009-06-03 15:42 390664 ----a-w- c:\documents and settings\n\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 17:38 . 2009-05-10 17:38 3595 -c-ha-w- c:\documents and settings\n\hpothb07.dat
2009-05-10 17:37 . 2009-05-10 17:37 164 -c-ha-w- c:\documents and settings\All Users\hpothb07.dat
2009-05-10 17:37 . 2009-05-10 17:37 168 -c-ha-w- c:\documents and settings\Administrator\hpothb07.dat
2009-05-10 17:37 . 2009-05-10 17:37 13655 -c-ha-w- c:\windows\hpothb07.dat
2009-05-10 17:36 . 2009-05-10 17:36 3725 ---ha-w- C:\hpothb07.dat
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-24 251240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-23 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MtdAcq"=c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
"IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell QuickSet"=c:\program files\Dell\QuickSet\Quickset.exe
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"UFD Utility9382"=c:\program files\USB FlashDisk\UFD Utility 2003\UFDTool.exe
"UFD Utility"=c:\program files\USB Flash Disk Utility\UFD Utility\USBTD.exe
"UFD Monitor"=c:\program files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
"e8e64553"=rundll32.exe "c:\windows\system32\nlpnrkmm.dll",b
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/07/2009 17:59 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/07/2009 17:59 20560]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/04/2009 12:57 92008]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [27/06/2005 22:04 80384]
S2 0038801208078005mcinstcleanup;0038801208078005mcinstcleanup; [x]
S2 0089561207507601mcinstcleanup;0089561207507601mcinstcleanup; [x]
S2 DISCDHQW;DISCDHQW;\??\c:\windows\system32\discdhqw.gmy --> c:\windows\system32\discdhqw.gmy [?]
S2 gupdate1c9a8bf97c3648;Google Update Service (gupdate1c9a8bf97c3648);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 19:17 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [10/01/2009 11:06 16512]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [01/11/2008 19:55 33752]
S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [03/12/2005 13:24 201728]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [09/03/2008 20:09 513152]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [09/03/2008 20:09 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

Notify-hgGxUoLf - hgGxUoLf.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
Trusted Zone: sentinelha.org.uk\remote
DPF: Microsoft XML Parser for Java
DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} - hxxps://www.hmvdigital.com/HMV.Digital.WebStore.Portal/Pages/System/Secure/HMV.Digital.Downloader.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
.

**************************************************************************

creating catchme.sys error: The process cannot access the file because it is being used by another process.
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 21:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DISCDHQW]
"ImagePath"="\??\c:\windows\system32\discdhqw.gmy"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\UStorSrv.exe
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-27 22:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-27 21:05

Pre-Run: 11,620,454,400 bytes free
Post-Run: 11,570,630,656 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

237 --- E O F --- 2009-07-22 21:09

Let's move on then.

The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

LimeWire 5.1.2

Optional removals
Limewire and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
OTL-fix:

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  CODE
  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - No CLSID value found.
  O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
  O2 - BHO: (no name) - {660F1E01-997E-4CF8-AFD7-422E0665E9F3} - No CLSID value found.
  [2007/01/01 19:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\BitTorrent
  :Services
  DISCDHQW
  :Reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  "C:\Program Files\BitTorrent\bittorrent.exe"=-
  "C:\Program Files\LimeWire\LimeWire.exe"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "e8e64553"=-
  :Files
  C:\WINDOWS\tasks\At*.job
  C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)
  c:\windows\system32\nlpnrkmm.dll
  c:\windows\system32\discdhqw.gmy
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL fixlog

Step 3.
Things I would like to see in your reply:

1. Which P2P softwares were uninstalled in step 1.
2. The content of the fixlog from OTL in step 2.
3. Information on how your computer is running now.

Hi, I have removed Limewire and also Photoshop as per your reccomendation.

Does this mean I am clean now ? I am seriously wanting to keep this way and will be steering clear of P2P programmes from now, I had no idea I had a number of cracks and keygens on my system. I have all the programmes you suggested still on my desktop and some others can I get rid of these? What do I need to keep ? I have had a look at the section here on keeping clean, do you have any personal recommendations for anti virus, firewall, anti malware etc. Are the all in ones any good ? Kaspersky, Norton etc I had been using Macafee when this incident happened. Thanks

Here is the OTL log you requested,

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08A8068E-53D1-42B2-B197-6D568843721F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08A8068E-53D1-42B2-B197-6D568843721F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{660F1E01-997E-4CF8-AFD7-422E0665E9F3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{660F1E01-997E-4CF8-AFD7-422E0665E9F3}\ not found.
C:\Documents and Settings\n\Application Data\BitTorrent moved successfully.
========== SERVICES/DRIVERS ==========

Service\Driver DISCDHQW deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\e8e64553 deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\_crack_ moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media\img moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media\css moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\media moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\scripts moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common\alert moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources\common moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\resources moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\redist moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\BridgeStartMeeting moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeXMPPanelsAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeWinSoftLinguisticsPluginAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeVersionCueClient3All moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeTypeSupportAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeStockPhotos1.5All moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePhotoshop10en_US_volume moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFSettingsNAEU moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobePDFL8All moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeLinguisticsAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeHelpViewerAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeFontsAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeExtendScriptToolKitAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3 moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll\oem moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDeviceCentralAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeDefaultLanguageCS3All moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorPhotoshopAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorNA_RecommendedAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorEU_ExtraSettingsAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeColorCommonSetAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCMapsAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeCameraRaw4.0All moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeBridge2All moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAUM5.1All moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeAssetServices3All moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads\AdobeALMAnchorServiceAll moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3\payloads moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1)\Adobe CS3 moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved\Adobe Photoshop CS3 v10 with Crack full version(1) moved successfully.
File\Folder c:\windows\system32\nlpnrkmm.dll not found.
File\Folder c:\windows\system32\discdhqw.gmy not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 472274 bytes

User: n
->Temp folder emptied: 114267 bytes
->Temporary Internet Files folder emptied: 1741550 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 1216592 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: zen contents

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 3496713 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_700.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16867 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.84 mb


OTL by OldTimer - Version 3.0.10.2 log created on 07282009_175728

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_700.dat moved successfully.

Registry entries deleted on Reboot...

Sorry, forgot to add, system appears to running fine at the moment, certainly as good as it was before this incident. The only real difference I can see is at startup, I now get the choice of normal or recovery mode and once past this and Windos has started my wallpaper loads with icons, I then lose the wallpaper, get a blue background with icons, this is then replaced by a completely black screen without icons, the blue screen and icons then returns and finally the wallpaper and icons are present when loading finishes. Is this ok ?

No worries, let's do some more scans in case something is lurking in there. Finishing up later with some housekeeping and prevention recommendations.

I'm gonna be here until your computer is as clean as we can get it.

FYI Kaspersky scan will take quite a while (hours) - let it run over night.

Step 1.
OTL-fix:

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  CODE
  :Files
  C:\DOCUME~1\n\APPLIC~1\LimeWire
  C:\Program Files\LimeWire
  C:\DOCUME~1\n\My Documents\LimeWire
  :Commands
  [emptytemp]
  [Reboot]
  
  
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL fixlog

Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure the following is checked.
   
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

Upgrading Java:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 14.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u14-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586-p.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

1. The content of the fixlog from OTL from Step 1.
2. The content of the report from MBAM from Step 2.
3. The content of the report from Kaspersky Online Scanner from Step 3.

I'll get back to you about this later.

We were cross-posting.



This post has been edited by heir: Jul 28 2009, 01:19 PM

Hi Heir, I have pasted the logs you requested here, everything still appears to be ok wth the system, still getting the startup procedure I described. Look forward to your reply.

OTL logfile created on: 24/07/2009 21:57:14 - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.36 Mb Total Physical Memory | 173.66 Mb Available Physical Memory | 34.50% Memory free
1.20 Gb Paging File | 0.74 Gb Available in Paging File | 61.66% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.16 Gb Total Space | 10.93 Gb Free Space | 29.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.75 Gb Total Space | 1.76 Gb Free Space | 46.83% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: n
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/04 10:13:14 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2004/01/06 12:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2004/02/13 10:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/24 12:57:30 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2004/05/21 07:54:58 | 00,139,264 | ---- | M] (OTi) -- C:\WINDOWS\System32\UStorSrv.exe
PRC - [2005/03/01 15:00:00 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2005/03/01 15:44:10 | 00,847,983 | ---- | M] (BT Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/10/14 14:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/10/14 14:46:24 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2005/10/14 14:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2008/06/23 18:41:22 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/05 21:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2004/08/19 14:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/04/24 12:57:28 | 00,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/07/24 17:28:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0038801208078005mcinstcleanup [Auto | Stopped])
SRV - File not found -- -- (0089561207507601mcinstcleanup [Auto | Stopped])
SRV - [2008/10/04 10:13:14 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2004/01/06 12:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2008/03/25 19:34:25 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/29 11:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/03/19 19:17:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a8bf97c3648 [Auto | Stopped])
SRV - [2009/03/24 19:11:47 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Stopped])
SRV - [2004/02/13 10:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap [Auto | Running])
SRV - [2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/04/24 12:57:30 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Auto | Running])
SRV - [2004/05/21 07:54:58 | 00,139,264 | ---- | M] (OTi) -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service [Auto | Running])
SRV - [2005/03/01 15:00:00 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2003/05/19 16:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.) -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore = http://www.iesearch.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ask.co.uk/
IE - URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/23 18:42:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 20:11:23 | 00,000,000 | ---D | M]

[2009/03/30 18:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\mozilla\Extensions
[2008/05/24 13:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\mozilla\Extensions\home2@tomtom.com
[2009/03/30 18:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2007/10/09 18:40:55 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\n\Application Data\Mozilla\FireFox\Profiles\tx9w9yp0.default\searchplugins\siteadvisor.xml

O1 HOSTS File: (230038 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 bis.180solutions.com
O1 - Hosts: 127.0.0.1 config.180solutions.com
O1 - Hosts: 127.0.0.1 cts.180solutions.com
O1 - Hosts: 127.0.0.1 downloads.180solutions.com
O1 - Hosts: 127.0.0.1 installs.180solutions.com
O1 - Hosts: 127.0.0.1 nowhere.180solutions.com
O1 - Hosts: 127.0.0.1 ping.180solutions.com
O1 - Hosts: 127.0.0.1 tv.180solutions.com
O1 - Hosts: 127.0.0.1 uploads.180solutions.com
O1 - Hosts: 127.0.0.1 public.zangocash.com
O1 - Hosts: 127.0.0.1 www.public.zangocash.com
O1 - Hosts: 127.0.0.1 static.zangocash.com
O1 - Hosts: 127.0.0.1 www.static.zangocash.com
O1 - Hosts: 127.0.0.1 www.zangocash.com
O1 - Hosts: 127.0.0.1 zangocash.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 2search.com
O1 - Hosts: 8068 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O2 - BHO: () - {25469879-7856-4D09-83C1-15D563C19D71} - C:\Documents and Settings\n\Local Settings\Temp\~DA.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
O2 - BHO: (no name) - {660F1E01-997E-4CF8-AFD7-422E0665E9F3} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: SecretService - {5199201E-60B4-11DE-85CF-260556D89593} - C:\Program Files\SecretService\protector.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: sentinelha.org.uk ([remote] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 27 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab (HMVDownloader Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1210107089109 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1194472173140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe [FILE handle not seen by OS]
O20 - Winlogon\Notify\hgGxUoLf: DllName - hgGxUoLf.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {08A8068E-53D1-42B2-B197-6D568843721F} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnmMfCV) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/13 15:35:58 | 00,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 14 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/07/24 20:22:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 18:07:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mware.lnk
[2009/07/24 18:07:49 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/24 18:07:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/24 18:07:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/24 18:07:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/24 18:05:05 | 00,000,352 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Shortcut to mbam-setup.zip
[2009/07/24 18:00:05 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/24 18:00:04 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/07/24 18:00:03 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/07/24 18:00:02 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/07/24 17:59:56 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/07/24 17:59:51 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/07/24 17:59:51 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/07/24 17:59:51 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/07/24 17:59:51 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/07/24 17:59:25 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/07/24 17:59:25 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/07/24 17:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/24 17:40:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/24 17:39:43 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\n\Desktop\NTREGOPT.lnk
[2009/07/24 17:39:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\n\Desktop\ERUNT.lnk
[2009/07/24 17:39:43 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/24 17:37:31 | 00,000,296 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Shortcut to SysRestorePoint.lnk
[2009/07/24 17:29:17 | 00,000,254 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Shortcut to TFC.lnk
[2009/07/23 16:42:59 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\n\My Documents\HJTInstall.exe
[2009/07/23 15:53:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/07/23 15:48:08 | 52,788,4288 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/23 15:41:29 | 06,568,480 | ---- | C] () -- C:\Documents and Settings\n\Desktop\SUPERAntiSpyware.exe
[2009/07/23 15:38:02 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[2009/07/23 15:38:02 | 00,000,000 | ---D | C] -- C:\Program Files\RogueRemover FREE
[2009/07/23 15:37:23 | 00,690,574 | ---- | C] (Malwarebytes ) -- C:\Documents and Settings\n\Desktop\rr-free-setup.exe
[2009/07/23 12:00:36 | 00,035,840 | ---- | C] () -- C:\WINDOWS\setup.exe
[2009/07/23 11:50:24 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Advanced Virus Remover.lnk
[2009/07/23 11:50:22 | 00,000,000 | ---D | C] -- C:\Program Files\AdvancedVirusRemover
[2009/07/23 11:47:58 | 00,000,831 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/07/17 06:29:49 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\n\Desktop\Paragon 09.doc

========== Files - Modified Within 14 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/07/24 21:48:39 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/24 21:46:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/24 21:46:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/24 21:46:01 | 52,788,4288 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/24 21:45:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/24 21:06:16 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/24 21:06:12 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/07/24 20:22:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 20:16:22 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\n\Desktop\NTREGOPT.lnk
[2009/07/24 20:16:22 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\n\Desktop\ERUNT.lnk
[2009/07/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/07/24 18:18:46 | 00,000,831 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2009/07/24 18:07:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mware.lnk
[2009/07/24 18:05:05 | 00,000,352 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Shortcut to mbam-setup.zip
[2009/07/24 18:00:05 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/07/24 18:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/07/24 17:59:51 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/24 17:37:31 | 00,000,296 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Shortcut to SysRestorePoint.lnk
[2009/07/24 17:29:17 | 00,000,254 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Shortcut to TFC.lnk
[2009/07/23 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/07/23 16:43:02 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\n\My Documents\HJTInstall.exe
[2009/07/23 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/07/23 15:41:29 | 06,568,480 | ---- | M] () -- C:\Documents and Settings\n\Desktop\SUPERAntiSpyware.exe
[2009/07/23 15:38:02 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[2009/07/23 15:37:27 | 00,690,574 | ---- | M] (Malwarebytes ) -- C:\Documents and Settings\n\Desktop\rr-free-setup.exe
[2009/07/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/07/23 12:00:36 | 00,035,840 | ---- | M] () -- C:\WINDOWS\setup.exe
[2009/07/23 12:00:09 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/07/23 11:50:24 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Advanced Virus Remover.lnk
[2009/07/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/07/23 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/07/22 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/07/22 20:33:23 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009/07/22 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/07/22 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/07/21 08:00:18 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/07/19 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/07/19 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/07/17 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/07/17 06:29:50 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Paragon 09.doc
[2009/07/17 06:23:33 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\n\Desktop\Microsoft Office Word 2003 (2).lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/07/24 18:07:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/13 12:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/01/10 11:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2006/11/09 20:48:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/12/01 12:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/03/25 20:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/04/05 16:55:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/07/30 07:36:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HMV
[2008/08/30 12:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/08/30 12:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2007/03/11 17:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA19.tmp
[2007/03/11 17:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA1B.tmp
[2007/03/11 17:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA22.tmp
[2006/07/29 19:19:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/03/15 14:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/04/11 12:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2008/04/15 21:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/10/29 18:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/01/04 18:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/10/09 21:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/07/23 13:30:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/06 19:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/03/10 15:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/12/30 14:15:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2006/08/27 11:12:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/01/10 11:41:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\n\Application Data
[2008/12/13 15:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Autodesk
[2009/01/10 11:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\AVS4YOU
[2007/01/01 19:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\BitTorrent
[2008/11/01 20:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2005/10/29 14:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\CyberLink
[2007/12/01 12:34:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\eBay
[2008/04/11 12:40:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\GetRightToGo
[2007/12/08 20:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\HMV
[2007/11/11 19:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\ICAClient
[2005/10/29 14:55:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Leadertech
[2009/07/11 14:59:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\LimeWire
[2007/04/25 19:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Motive
[2009/01/10 11:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Moyea
[2008/04/11 12:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\NCH Swift Sound
[2008/03/15 14:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Roxio
[2007/10/09 21:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\SecureMaker
[2006/03/27 11:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\Share-to-Web Upload Folder
[2007/12/21 21:21:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\n\Application Data\TomTom
[2009/07/08 22:20:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2009/07/22 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2009/07/23 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2009/07/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2009/07/23 12:00:09 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2009/07/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2009/07/19 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2009/07/19 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2009/07/23 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2009/07/23 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2009/07/24 18:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2009/07/22 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2009/07/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2009/07/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2009/07/22 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2009/06/20 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2008/10/29 21:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2009/07/17 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2009/07/21 08:00:18 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/24 21:46:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/07/24 21:06:12 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/24 21:06:16 | 00,000,884 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/07/24 21:45:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\n\My Documents\aaw2007.exe:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


All processes killed
========== FILES ==========
C:\DOCUME~1\n\APPLIC~1\LimeWire\xml\data moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\xml moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\themes\windows_theme moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\themes moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\promotion moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\mozilla-profile\updates\0 moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\mozilla-profile\updates moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\mozilla-profile\extensions moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\mozilla-profile\Cache moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\mozilla-profile moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\certificate moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\res\html moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\res\fonts moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\res\entityTables moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\res\dtd moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\res moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\plugins moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\modules moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\greprefs moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\dictionaries moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\defaults\profile moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\defaults\pref moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\defaults moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\components moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner\chrome moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser\xulrunner moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\browser moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire\.AppSpecialShare moved successfully.
C:\DOCUME~1\n\APPLIC~1\LimeWire moved successfully.
C:\Program Files\LimeWire moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Store Purchased moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Shared moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Saved moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Incomplete\SY3KCNQKIT4BRY73S3TFA64VPREALW5P moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Incomplete\QJJ67IEMTILXOEQ5KG3JWUS2E4SSFNBD moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire\Incomplete moved successfully.
C:\DOCUME~1\n\My Documents\LimeWire moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: n
File delete failed. C:\Documents and Settings\n\Local Settings\Temp\~DFFF15.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 1446267 bytes
->Temporary Internet Files folder emptied: 3202876 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: zen contents

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 33251 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.50 mb


OTL by OldTimer - Version 3.0.10.2 log created on 07282009_202137

Files\Folders moved on Reboot...
C:\Documents and Settings\n\Local Settings\Temp\~DFFF15.tmp moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat moved successfully.

Registry entries deleted on Reboot...


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 29, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 29, 2009 13:37:14
Records in database: 2560988
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 68535
Threat name: 6
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:17:13


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\setup.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.fbz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACtlrrniqjpvdhbgodj.sys.vir Infected: Rootkit.Win32.Agent.moy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruigxlajrub.dll.vir Infected: Trojan.Win32.Agent.crez 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACewwknqdkqhaqnwdst.dll.vir Infected: Trojan.Win32.Agent2.kym 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACoewpnnoenwgfhcyid.dll.vir Infected: Trojan.Win32.Tdss.ajkj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvvnmixmytavjpvrur.dll.vir Infected: Packed.Win32.Tdss.m 1

The selected area was scanned.

Hey there, greengolf24!

Kaspersky only found quarantined objects.

OK! Well done, your log is clean again!

Time for some housekeeping.

Step 1.
Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
  

Second:

Double-click OTL.exe to start it.
Click the CleanUp button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTL CleanUp.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

• Click Start.
• Select Settings and then Control Panel.
• Select Automatic Updates.
• Click Automatic (recommended)
• Choose a day and a time when you know the computer will be on and connected to the internet.
• Click Apply then OK.

Second:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware

• SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
• SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here

.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Third:
Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls

• Comodo is a free fully functional firewall
• Online Armor (Free edition) personal firewall

Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers

• Trillian or,
• Miranda-IM

Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Hi Heir, I have carried out all of the instructions you have given to me, I had a problem with IE SpyAd, when unzipped there was no programme with it, only txt files.
You do not recommend a Anti Virus, I downloaded Avast during the time we have been communicating but this is only limited license for a set amuont of days, do you have any others that you would use ? Is ATF cleaner a download available from the site ? Thanks.