Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How to remove packed.win32.tdss!IK and trojan.win.32.piverb!IK

Started by soulguru , Jul 11 2009 03:27 AM

  • This topic is locked This topic is locked

#1
soulguru
Posted 11 July 2009 - 03:27 AM

soulguru

    Member

  • Member
  • PipPip
  • 17 posts
I was infected by Security System earlier today and now mu pc is not running correctly.

I have rn the following anti-spyware a-squared free-version 4.5

a-squared Free - Version 4.5
Last update: 11/07/2009 03:41:25
Scan settings:
Scan type: Quick Scan
Objects: Memory, Traces, Cookies
Scan archives: On
Heuristics: Off
ADS Scan: On
Scan start: 11/07/2009 10:03:57
[920] \\?\globalroot\systemroot\system32\UACqqxfcduunfddvmtis.dll detected: Packed.Win32.Tdss!IK
[1424] \\?\globalroot\systemroot\system32\UACqqxfcduunfddvmtis.dll detected: Packed.Win32.Tdss!IK
[1636] \\?\globalroot\systemroot\system32\UACqqxfcduunfddvmtis.dll detected: Packed.Win32.Tdss!IK
[1672] \\?\globalroot\systemroot\system32\UACqqxfcduunfddvmtis.dll detected: Packed.Win32.Tdss!IK
[1856] \\?\globalroot\systemroot\system32\UACqqxfcduunfddvmtis.dll detected: Packed.Win32.Tdss!IK
[260] \\?\globalroot\systemroot\system32\UACqqxfcduunfddvmtis.dll detected: Packed.Win32.Tdss!IK
[260] C:\DOCUME~1\Paul\LOCALS~1\Temp\tmp1BC.tmp detected: Trojan.Win32.Piverb!IK
[1320] \\?\globalroot\systemroot\system32\UACqqxfcduunfddvmtis.dll detected: Packed.Win32.Tdss!IK
[2356] \\?\globalroot\systemroot\system32\UACqqxfcduunfddvmtis.dll detected: Packed.Win32.Tdss!IK
[4008] \\?\globalroot\systemroot\system32\UACqqxfcduunfddvmtis.dll detected: Packed.Win32.Tdss!IK
[3920] C:\DOCUME~1\Paul\LOCALS~1\Temp\tmp1BC.tmp detected: Trojan.Win32.Piverb!IK
c:\program files\amazon detected: Trace.Directory.Berm.Amazon Toolbar!A2
c:\program files\aws\weatherbug detected: Trace.Directory.WeatherBug!A2
Scanned
Files: 2527
Traces: 37101
Cookies: 0
Processes: 52
Found
Files: 0
Traces: 2
Cookies: 0
Processes: 11
Registry keys: 0
Scan end: 11/07/2009 10:05:55
Scan time: 0:01:58

Please help.

Thanks
  • 0

Advertisements

#2
heir
Posted 11 July 2009 - 03:31 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
soulguru
Posted 11 July 2009 - 03:33 AM

soulguru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello, can u advise me what scan results exactly? I thought that this was the scan result? Please help. Thanks
  • 0

#4
soulguru
Posted 11 July 2009 - 04:31 AM

soulguru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi there.

I have rund the steps as per the malware removal guide

1) Malwarebytes' Anti-Malware will not run on this computer. I have tried to rename it and it still does not load up.

2) I use Macaffee and I have run a scan on the PC. However, please see my log in a previous post from a-squared free version 4.5.

3) I am doing the Windows update to SP3 as we speak

4) Reboot test - does not work because I cannot run Malwarrebytes

5) Rootkit Detection kit.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 3 Stepping 4, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2900.2180
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:146 Go - Free:119 Go )
E:\ [CD_Rom]
F:\ [Fixed-NTFS] .. ( Total:931 Go - Free:303 Go )
G:\ [CD_Rom]
.
Scan : 11:29.47
Path : C:\Documents and Settings\Paul\Desktop\Rooter.exe
User : Paul ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (596)
______ \??\C:\WINDOWS\system32\csrss.exe (636)
______ \??\C:\WINDOWS\system32\winlogon.exe (660)
______ C:\WINDOWS\system32\services.exe (704)
______ C:\WINDOWS\system32\lsass.exe (716)
______ C:\WINDOWS\system32\Ati2evxx.exe (908)
______ C:\WINDOWS\system32\svchost.exe (924)
______ C:\WINDOWS\system32\svchost.exe (1184)
______ C:\WINDOWS\System32\svchost.exe (1432)
______ C:\WINDOWS\system32\svchost.exe (1684)
______ C:\WINDOWS\system32\svchost.exe (1904)
______ C:\WINDOWS\Explorer.EXE (2024)
______ C:\WINDOWS\system32\brsvc01a.exe (216)
______ C:\WINDOWS\system32\spoolsv.exe (236)
______ C:\WINDOWS\system32\brss01a.exe (252)
______ C:\PROGRA~1\Yahoo!\browser\ycommon.exe (1108)
______ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (1272)
______ C:\Program Files\Analog Devices\Core\smax4pnp.exe (1296)
______ C:\WINDOWS\system32\Rundll32.exe (1304)
______ C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (1328)
______ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (1300)
______ C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (1356)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (1368)
______ C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (1376)
______ C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (1412)
______ C:\Program Files\btbb_wcm\McciTrayApp.exe (1420)
______ C:\Program Files\McAfee.com\Agent\mcagent.exe (1472)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1480)
______ C:\Program Files\iTunes\iTunesHelper.exe (1532)
______ C:\WINDOWS\system32\svchost.exe (1548)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1556)
______ C:\Program Files\a-squared Free\a2service.exe (1856)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1956)
______ C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (1968)
______ C:\Program Files\Bonjour\mDNSResponder.exe (148)
______ C:\WINDOWS\system32\CTsvcCDA.EXE (836)
______ C:\Program Files\Java\jre6\bin\jqs.exe (356)
______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (1928)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (1196)
______ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (1344)
______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (1964)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (2132)
______ C:\Program Files\CDBurnerXP\NMSAccessU.exe (2184)
______ C:\WINDOWS\system32\svchost.exe (2292)
______ C:\WINDOWS\system32\MsPMSPSv.exe (2860)
______ C:\Program Files\iPod\bin\iPodService.exe (3184)
______ C:\WINDOWS\System32\svchost.exe (4028)
______ C:\WINDOWS\system32\wuauclt.exe (3052)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (452)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (3852)
______ C:\Program Files\Yahoo!\browser\ybrowser.exe (1912)
______ C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\NGJ3NTEE\SysRestorePoint[1].exe (1500)
______ C:\WINDOWS\system32\wuauclt.exe (1068)
______ C:\Program Files\Internet Explorer\Iexplore.exe (3888)
______ C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\update.exe (1604)
______ C:\Documents and Settings\Paul\Desktop\Rooter.exe (3244)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57576960 | Length:156987694080)
\Device\Harddisk0\Partition3 (Start_Offset:157045271040 | Length:2952875520)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 11:30.38
.
C:\Rooter$\Rooter_1.txt - (11/07/2009 | 11:30.38)


6) OTLListlt.txt

OTL logfile created on: 11/07/2009 11:21:22 - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.91 Gb Available in Paging File | 97.63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.21 Gb Total Space | 119.90 Gb Free Space | 82.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 303.96 Gb Free Space | 32.63% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D508QK1J
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/08/25 14:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2001/11/23 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe
PRC - [2001/12/13 00:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brss01a.exe
PRC - [2006/03/03 14:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2006/07/21 17:19:46 | 00,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2004/10/14 16:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/05/19 12:21:00 | 00,053,248 | ---- | M] (TODO: <Company name>) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
PRC - [2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2004/10/12 17:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2003/09/17 11:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2006/05/12 01:32:48 | 00,086,016 | ---- | M] (High Criteria inc.) -- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
PRC - [2006/11/30 11:51:07 | 00,935,936 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\btbb_wcm\McciTrayApp.exe
PRC - [2009/03/25 17:25:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/12/15 19:04:50 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/11 03:40:53 | 00,718,880 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/23 10:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/03/25 17:25:20 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2008/10/20 22:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2006/09/19 17:28:52 | 00,668,152 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrowser.exe
PRC - [2009/07/11 11:09:39 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\NGJ3NTEE\SysRestorePoint[1].exe
PRC - [2004/08/04 06:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2007/08/10 20:46:20 | 00,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\update.exe
PRC - [2009/07/11 11:19:21 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\E09M8CI0\Rooter[1].exe
PRC - [2009/07/11 11:21:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/11 03:40:53 | 00,718,880 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/08/25 14:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2001/11/23 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/12/15 19:04:47 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2009/01/23 10:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/03/25 17:25:20 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/04/01 14:21:30 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [On_Demand | Running])
SRV - [2008/10/20 22:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/01/04 22:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2003/12/08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/12/08 12:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2002/07/17 09:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys -- (ASPI [On_Demand | Stopped])
DRV - [2004/08/25 14:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2003/09/26 11:41:10 | 00,044,032 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2003/09/22 09:48:00 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/02/25 10:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\gearaspiwdm.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/03/05 23:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 23:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/15 23:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/03/25 11:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/03/25 11:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 23:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2008/10/23 13:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2005/12/29 11:22:00 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
DRV - [2006/03/24 17:53:07 | 00,018,003 | ---- | M] (Motive, Inc.) -- c:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Running])
DRV - [2009/07/10 18:31:49 | 00,028,256 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2008/09/15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/09/15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/09/22 09:47:00 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/06/09 13:16:00 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2003/03/05 13:19:00 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/02 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2006/09/18 16:58:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped])
DRV - [2006/09/18 16:58:52 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped])
DRV - [2006/09/18 16:58:54 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped])
DRV - [2006/09/18 16:58:58 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped])
DRV - [2006/09/18 16:59:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped])
DRV - [2006/09/18 16:59:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped])
DRV - [2006/09/18 16:59:08 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2004/09/17 11:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/10/29 15:14:44 | 00,260,096 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2008/06/08 17:41:06 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2009/01/20 19:04:48 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/09/15 08:56:24 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/09/15 08:56:34 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.685
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/01/20 09:23:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/25 00:34:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/20 09:25:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/24 18:21:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/24 18:23:33 | 00,000,000 | ---D | M]

[2008/09/01 22:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Extensions
[2008/09/01 22:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/10 18:39:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\qspxyi1m.default\extensions
[2008/09/25 10:31:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\qspxyi1m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/02/19 09:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\qspxyi1m.default\extensions\[email protected]
[2008/03/30 22:23:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\qspxyi1m.default\extensions\[email protected]
[2009/07/10 18:39:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/13 19:56:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/16 13:14:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/21 18:46:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/20 09:25:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/06/04 18:49:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/04 09:38:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/06/13 19:56:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 19:56:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/03/20 18:21:26 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/13 19:56:03 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/07/05 04:22:11 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/24 18:23:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/24 18:23:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/24 18:23:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/24 18:23:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/24 18:23:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/24 18:23:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/24 18:23:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/07/05 04:22:21 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/07/05 04:22:03 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2007/04/16 18:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/09/25 10:30:29 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/09/25 10:30:29 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/25 10:30:29 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/25 10:30:29 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 02:27:02 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/09/25 10:30:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/25 10:30:29 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/25 10:30:29 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (21 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll (BitComet)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net (Company)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Search - File not found
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo!)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.truprint....rintActivia.cab (Snapfish Activia)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://virtualoffic...rg.uk/XTSAC.cab (XTSAC Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://virtualoffic...acheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} http://support.euro....er/PROFILER.CAB (DmiReader Class)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (Yahoo! MailTo)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yaho...alls/yab_af.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {3229DFCD-3EAF-4712-ED45-4876FEDC170C} - COM+ Service - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b8012786-be00-11dd-8aa6-0011432a9be8}\Shell\AutoRun\command - "" = D:\wd_windows_tools\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/11 11:22:43 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Paul\Desktop\Rooter.exe
[2009/07/11 11:21:11 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2009/07/11 11:17:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/07/11 11:14:27 | 00,000,000 | ---D | C] -- C:\Program Files\Soulgurucleaner
[2009/07/11 11:12:21 | 00,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 11:12:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/11 11:12:17 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/11 11:11:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/11 11:10:50 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\NTREGOPT.lnk
[2009/07/11 11:10:50 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\ERUNT.lnk
[2009/07/11 11:10:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/11 10:42:15 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul\Desktop\soulgurucleaner.exe
[2009/07/11 03:38:36 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/07/11 03:38:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\a-squared Free
[2009/07/11 03:36:33 | 49,811,272 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Paul\Desktop\a2FreeSetup.exe
[2009/07/11 03:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/07/11 02:39:36 | 00,002,256 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\STOPzilla Black List Contents.htm
[2009/07/11 02:27:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/07/11 02:26:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/07/11 02:26:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/07/11 01:10:02 | 00,000,093 | ---- | C] () -- C:\WINDOWS\System32\hjgruiqxrrocox.dat
[2009/07/11 01:09:00 | 00,001,386 | ---- | C] () -- C:\WINDOWS\System32\hjgruixqknxllc.dat
[2009/07/11 01:04:19 | 00,134,144 | ---- | C] (England Ltd) -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/07/11 01:03:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\10795784
[2009/07/11 01:03:16 | 00,110,592 | ---- | C] (Company) -- C:\WINDOWS\System32\net.net
[2009/07/11 00:55:25 | 00,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/07/02 20:11:52 | 00,000,767 | ---- | C] () -- C:\WINDOWS\System32\fdeploy.ocx
[2009/06/24 18:25:47 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/22 19:13:31 | 00,000,000 | ---D | C] -- C:\Program Files\SFX
[2009/02/09 14:15:21 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/12/07 02:42:37 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/06/30 18:19:53 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/03/13 21:21:34 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/07/30 02:02:54 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/07/26 23:40:47 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\mcrtl32.dll
[2005/06/03 00:34:45 | 00,000,827 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2005/05/29 22:55:02 | 00,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/05/29 22:55:00 | 00,000,213 | ---- | C] () -- C:\WINDOWS\brqikmon.ini
[2005/05/29 22:55:00 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/05/29 22:19:32 | 00,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2005/05/29 22:19:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI
[2005/05/26 22:31:49 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2005/04/26 15:53:36 | 00,343,282 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/26 15:12:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/26 14:42:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/04/26 14:37:04 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2005/04/26 14:32:12 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/04/26 14:18:04 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/03/25 12:52:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/25 12:51:13 | 00,000,410 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/25 12:45:12 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/03/25 12:45:02 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/03/25 12:45:02 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/03/25 12:44:56 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/03/25 12:18:16 | 00,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/15 19:56:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,939 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,253 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1980/01/01 01:00:00 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 01:00:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 01:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980/01/01 01:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Files - Modified Within 30 Days ==========

[2009/07/11 11:22:43 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Paul\Desktop\Rooter.exe
[2009/07/11 11:21:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2009/07/11 11:18:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/07/11 11:14:30 | 00,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 11:10:50 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\NTREGOPT.lnk
[2009/07/11 11:10:50 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ERUNT.lnk
[2009/07/11 11:07:23 | 00,025,803 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/11 11:04:53 | 00,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/07/11 11:04:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/11 11:04:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/07/11 10:41:15 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul\Desktop\soulgurucleaner.exe
[2009/07/11 03:38:36 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/07/11 03:10:19 | 49,811,272 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Paul\Desktop\a2FreeSetup.exe
[2009/07/11 02:39:36 | 00,002,256 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\STOPzilla Black List Contents.htm
[2009/07/11 01:10:02 | 00,001,386 | ---- | M] () -- C:\WINDOWS\System32\hjgruixqknxllc.dat
[2009/07/11 01:10:02 | 00,000,093 | ---- | M] () -- C:\WINDOWS\System32\hjgruiqxrrocox.dat
[2009/07/11 01:03:16 | 00,110,592 | ---- | M] (Company) -- C:\WINDOWS\System32\net.net
[2009/07/10 22:28:03 | 00,134,144 | ---- | M] (England Ltd) -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/07/10 18:31:49 | 00,028,256 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys
[2009/07/10 16:40:58 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/10 14:40:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/09 20:11:38 | 00,002,471 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Microsoft Excel.lnk
[2009/07/08 12:25:52 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Microsoft Word.lnk
[2009/07/05 22:51:24 | 00,001,538 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ClickRepair.lnk
[2009/07/03 18:12:09 | 00,000,767 | ---- | M] () -- C:\WINDOWS\System32\fdeploy.ocx
[2009/07/01 01:00:25 | 00,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/01 01:00:24 | 00,001,503 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Paint.lnk
[2009/06/28 22:29:03 | 00,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VinylStudio.lnk
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/15 01:28:38 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/06/12 03:12:12 | 00,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/12 03:05:27 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >


Extras.txt


OTL Extras logfile created on: 11/07/2009 11:21:22 - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.91 Gb Available in Paging File | 97.63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.21 Gb Total Space | 119.90 Gb Free Space | 82.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 303.96 Gb Free Space | 32.63% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D508QK1J
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"21504:TCP" = 21504:TCP:*:Enabled:BitComet 21504 TCP
"21504:UDP" = 21504:UDP:*:Enabled:BitComet 21504 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
File not found -- C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
[2005/04/17 23:08:10 | 03,112,960 | ---- | M] () -- C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek
File not found -- E:\Programs\mIRC\mirc.exe:*:Enabled:mIRC
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
File not found -- F:\Programs\mIRC\mirc.exe:*:Enabled:mIRC
[2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2002/11/02 02:33:04 | 01,790,464 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2008/07/05 04:22:00 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2006/11/03 08:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\Common Files\AOL\1142281902\ee\aolsoftware.exe:*:Enabled:AOL Services
File not found -- C:\Program Files\Common Files\AOL\1142281902\ee\aim6.exe:*:Enabled:AIM
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/06 18:37:52 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/21 18:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2009/06/05 13:39:18 | 14,073,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5 Trial
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C23ABA0-D2C4-425D-8173-E85817180A22}" = SafeMusic
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F20D6B-F211-486F-93DA-DA68AF7FE55F}" = WWTBAM 2nd Edition
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4367BF53-8748-4122-8516-85E4375925AF}" = MixMeister CD-R Drivers
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6D8C8814-00DF-4F4B-BBC7-E817531416CC}" = Norton Spyware Scan
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{FE5D756F-71E1-47C4-972A-D6775344B40B}" = Nokia Software Updater
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"BitComet" = BitComet 0.85
"BT Yahoo! Applications" = BT Yahoo! Applications
"BT Yahoo! Broadband Help Guides" = BT Yahoo! Broadband Help Guides
"btbb.MCCInstall" = BT Broadband Desktop Help
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CDex" = CDex extraction audio
"ClickRepair_is1" = ClickRepair 3.0.1
"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter 2.4
"DriverAgent.exe" = DriverAgent by eSupport.com
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"MixMeister Studio 7.0.8_is1" = Mixmeister Studio 7
"mmersetup_is1" = MixMeister Express 6.1.10
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MUSTEK 1200 UB v2.1" = MUSTEK 1200 UB v2.1
"MyPublisher" = MyPublisher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"RealPlayer 6.0" = RealPlayer
"SBC Yahoo! DSL Activation" = SBC Yahoo! DSL Activation
"SendSpaceWizard" = SendSpace Wizard
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 12d
"Spotify" = Spotify
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"Tag&Rename_is1" = Tag&Rename 3.3 beta 1
"TotalRecorder" = Total Recorder 6.0
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"ViewpointMediaPlayer" = Viewpoint Media Player
"VinylStudio" = VinylStudio
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WildBit Viewer 5.4_is1" = WildBit Viewer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/07/2009 22:26:57 | Computer Name = D508QK1J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/07/2009 22:26:57 | Computer Name = D508QK1J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/07/2009 22:30:04 | Computer Name = D508QK1J | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/07/2009 22:34:23 | Computer Name = D508QK1J | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 10/07/2009 22:35:43 | Computer Name = D508QK1J | Source = Application Error | ID = 1000
Description = Faulting application a2freesetup.tmp, version 51.49.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x016e110c.

Error - 11/07/2009 05:02:18 | Computer Name = D508QK1J | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 11/07/2009 05:50:31 | Computer Name = D508QK1J | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 11/07/2009 06:05:14 | Computer Name = D508QK1J | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 11/07/2009 06:07:34 | Computer Name = D508QK1J | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3439, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/07/2009 06:22:18 | Computer Name = D508QK1J | Source = Application Hang | ID = 1002
Description = Hanging application Rooter[1].exe, version 0.1.1.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/07/2009 05:07:44 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 11/07/2009 05:51:30 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 11/07/2009 05:51:30 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7000
Description = The CMS PortIO Service service failed to start due to the following
error: %%2

Error - 11/07/2009 05:51:30 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service
service to connect.

Error - 11/07/2009 05:51:30 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%1053

Error - 11/07/2009 06:06:17 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 11/07/2009 06:06:17 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7000
Description = The CMS PortIO Service service failed to start due to the following
error: %%2

Error - 11/07/2009 06:06:17 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service
service to connect.

Error - 11/07/2009 06:06:17 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%1053

Error - 11/07/2009 06:10:40 | Computer Name = D508QK1J | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >


Thanks

SG
  • 0

#5
heir
Posted 11 July 2009 - 05:37 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello soulguru !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


Step 1.
ComboFix:


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


Step 3.
Things I would like to see in your reply:

  • The content of C:\ComboFix.txt from step 1.
  • The content of C:\lopR.txt from step 2.

  • 0

#6
soulguru
Posted 11 July 2009 - 05:50 AM

soulguru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I am not sure how to turn off my Anti-Virus

Macafee Security Centre

Please help

Thanks

SG
  • 0

#7
heir
Posted 11 July 2009 - 05:58 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Have a look here
  • 0

#8
soulguru
Posted 11 July 2009 - 06:12 AM

soulguru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks. I followed these steps and disabled Macafee.

Sadly, COMBOFIX will still not run.

What do u suggest?

Thanks
  • 0

#9
heir
Posted 11 July 2009 - 06:19 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Delete combofix.exe from your desktop.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the comntent of C:\ComboFix.txt


Then proceed with step 2.(Lop S&D)from my earlier post and post the logs

Edited by heir, 11 July 2009 - 06:27 AM.
textformat error

  • 0

#10
soulguru
Posted 11 July 2009 - 06:48 AM

soulguru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi there.

This did seem to work - however the computer hung/crashed during and since then it will not reboot or restart....

Not sure what to do now.

Furthermore, the computer has 2 issues on start up.

1) run dll file cannot be found

2) view mgr fails

I do have screenshots, but cannot send u them until the pc restarts.

Thanks

Paul
  • 0

Advertisements

#11
heir
Posted 11 July 2009 - 07:07 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
What happens when you start the computer now?
Can you get to the desktop?
  • 0

#12
soulguru
Posted 11 July 2009 - 07:09 AM

soulguru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
No I cannot get to the desktop - just get a black screen.

I am successfully in 'Safe Mode' and following your directions in Safe Mode.


Is that ok?

Thanks
  • 0

#13
soulguru
Posted 11 July 2009 - 07:17 AM

soulguru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Says that it has detected ROOTKIT ACTIVITY and needs to restart ...
  • 0

#14
soulguru
Posted 11 July 2009 - 10:35 AM

soulguru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello heir.

I have the information that you need.

1) Combofix

ComboFix 09-07-09.08 - Paul 11/07/2009 14:19.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2865 [GMT 1:00]
Running from: c:\documents and settings\Paul\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\10795784
c:\documents and settings\All Users\Application Data\10795784\10795784
c:\documents and settings\All Users\Application Data\10795784\10795784.exe
c:\documents and settings\Paul\Application Data\Microsoft\SystemBackup\mt_32.dll
c:\documents and settings\Paul\Application Data\Microsoft\SystemBackup\winload.dll
c:\windows\Install.txt
c:\windows\Installer\38a26.msi
c:\windows\MailSwitch.ocx
c:\windows\system32\certstore.dat
c:\windows\system32\Data
c:\windows\system32\drivers\UACpairndwrxsucbwtpw.sys
c:\windows\system32\hjgruiqxrrocox.dat
c:\windows\system32\hjgruixqknxllc.dat
c:\windows\system32\Install.txt
c:\windows\system32\net.net
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\UACapyojhwoecuwemaqo.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjjdpjyixhyqoedcia.dll
c:\windows\system32\UAClkawywkvvyqepshmh.dll
c:\windows\system32\UACoyrordstqmsmnpssj.dll
c:\windows\system32\UACqqxfcduunfddvmtis.dll
c:\windows\system32\UACtawgdhuidraxnxltx.dat
c:\windows\system32\uactmp.db
c:\windows\system32\UACxjbithrkexdwguunb.db
c:\windows\system32\wiawow32.sys
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MSNCACHE
-------\Legacy_PCMSTUB
-------\Legacy_SOPIDKC
-------\Legacy_XPROTECTOR
-------\Service_hjgruicyhixqrh


((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 11:57 . 2009-07-11 12:20 -------- d-----w- C:\Lop SD
2009-07-11 11:03 . 2009-07-11 11:03 -------- d-----w- c:\windows\system32\en
2009-07-11 11:03 . 2009-07-11 11:03 -------- d-----w- c:\windows\system32\bits
2009-07-11 10:55 . 2009-07-11 10:55 -------- d-----w- c:\windows\EHome
2009-07-11 10:30 . 2008-04-14 00:11 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-07-11 10:30 . 2008-04-14 00:11 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2009-07-11 10:30 . 2008-04-14 00:11 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2009-07-11 10:30 . 2008-04-14 00:11 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2009-07-11 10:30 . 2008-04-14 00:11 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2009-07-11 10:30 . 2008-04-14 00:11 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2009-07-11 10:30 . 2008-04-14 00:11 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2009-07-11 10:30 . 2009-07-11 10:30 -------- d-----w- C:\Rooter$
2009-07-11 10:14 . 2009-07-11 10:15 -------- d-----w- c:\program files\Soulgurucleaner
2009-07-11 10:12 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 10:12 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 10:10 . 2009-07-11 10:10 -------- d-----w- c:\program files\ERUNT
2009-07-11 02:10 . 2009-07-11 02:41 -------- d-----w- c:\program files\a-squared Free
2009-07-11 01:27 . 2009-07-11 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-11 01:26 . 2009-07-11 01:26 -------- d-----w- c:\program files\Common Files\iS3
2009-07-11 01:26 . 2009-07-11 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-22 18:13 . 2009-06-22 18:13 370070 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{0C23ABA0-D2C4-425D-8173-E85817180A22}\_E870D4E8EC3BD2944E0822.exe
2009-06-22 18:13 . 2009-06-22 18:13 -------- d-----w- c:\program files\SFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 10:40 . 2009-07-11 10:40 0 ----atw- c:\windows\005863_.tmp
2009-07-11 10:12 . 2009-05-01 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 00:25 . 2008-07-06 09:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-07-10 17:31 . 2006-01-07 14:59 28256 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2009-07-10 12:12 . 2009-05-10 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 12:06 . 2005-07-26 18:12 -------- d-----w- c:\program files\McAfee
2009-07-10 12:04 . 2008-04-17 17:21 -------- d-----w- c:\documents and settings\Paul\Application Data\Audacity
2009-07-05 21:51 . 2008-06-09 20:04 -------- d-----w- c:\program files\ClickRepair
2009-06-30 16:10 . 2009-05-30 23:51 -------- d-----w- c:\documents and settings\Paul\Application Data\GoodSync
2009-06-29 22:47 . 2005-04-26 14:41 -------- d-----w- c:\program files\Soulseek
2009-06-24 17:25 . 2009-03-20 00:02 -------- d-----w- c:\program files\iTunes
2009-06-24 17:25 . 2005-06-04 12:59 -------- d-----w- c:\program files\iPod
2009-06-24 17:25 . 2007-07-08 19:29 -------- d-----w- c:\program files\Common Files\Apple
2009-06-24 17:23 . 2009-03-20 00:00 -------- d-----w- c:\program files\QuickTime
2009-06-18 22:28 . 2007-03-28 23:56 -------- d-----w- c:\program files\BitComet
2009-06-08 19:00 . 2009-04-19 22:08 -------- d-----w- c:\documents and settings\Paul\Application Data\WildBit Viewer
2009-06-05 16:20 . 2005-05-10 23:14 -------- d-----w- c:\documents and settings\Paul\Application Data\Apple Computer
2009-06-05 12:57 . 2009-06-05 12:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 10:42 . 2009-03-19 23:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 10:42 . 2007-09-08 09:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 18:33 . 2009-06-04 18:33 -------- d-----w- c:\documents and settings\Paul\Application Data\Canneverbe_Limited
2009-06-04 18:33 . 2009-06-04 13:24 -------- d-----w- c:\program files\CDBurnerXP
2009-06-04 17:56 . 2009-06-04 17:32 -------- d-----w- c:\documents and settings\Paul\Application Data\MixMeister Technology
2009-06-04 17:51 . 2009-06-04 17:51 766 ----a-r- c:\documents and settings\Paul\Application Data\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe
2009-06-04 17:51 . 2009-06-04 17:51 -------- d-----w- c:\program files\MixMeister Express 6
2009-06-04 17:48 . 2005-03-25 11:42 -------- d-----w- c:\program files\Java
2009-06-04 17:44 . 2009-06-04 17:44 152576 ----a-w- c:\documents and settings\Paul\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-04 17:38 . 2005-05-15 13:11 67584 -c--a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 17:32 . 2007-09-08 14:10 -------- d-----w- c:\program files\MixMeister Studio 7
2009-06-04 17:32 . 2009-06-04 17:32 -------- d-----w- c:\program files\SendSpace
2009-06-04 17:32 . 2009-05-31 16:05 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-06-04 17:31 . 2009-05-31 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{B912DA22-7AAD-474B-8C8F-D82FF0C33BF5}
2009-06-04 17:30 . 2009-06-04 14:11 -------- d-----w- c:\program files\MixMeister Express 6(2)
2009-06-04 15:01 . 2004-08-10 13:13 78519 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-05-31 16:13 . 2009-05-31 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-31 16:04 . 2009-05-31 16:04 -------- d-----w- c:\program files\MSECACHE
2009-05-30 23:51 . 2009-05-30 23:51 -------- d-----w- c:\program files\Siber Systems
2009-05-30 23:06 . 2009-05-30 23:06 -------- d-----w- c:\documents and settings\Paul\Application Data\MixMeister Technology(2)
2009-05-21 21:00 . 2009-03-25 14:31 -------- d-----w- c:\program files\Spotify
2009-05-07 15:32 . 2004-08-04 05:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-08-04 05:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 05:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 05:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2002-04-17 04:55 . 2008-02-04 21:08 105296 ----a-r- c:\program files\BradhITC.TTF
2006-05-03 09:06 . 2008-12-07 01:42 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2008-12-07 01:42 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 . 2008-12-07 01:42 216064 --sh--r- c:\windows\SYSTEM32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-05-19 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-11-30 935936]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21504:TCP"= 21504:TCP:BitComet 21504 TCP
"21504:UDP"= 21504:UDP:BitComet 21504 UDP

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/10/2009 8:40 PM 203280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/1/2009 11:08 PM 24652]
R3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [5/26/2005 10:31 PM 15104]
S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\SYSTEM32\DRIVERS\ASPI32.SYS [3/10/2008 6:32 PM 16512]
.
Contents of the 'Scheduled Tasks' folder

2009-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:42]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-10 09:53]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-10 09:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-net - c:\windows\system32\net.net
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.bt.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = hxxp://bt.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search - ?p=ZUxdm079YYGB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://virtualoffice.ghg.org.uk/MLWebCacheCleaner.cab
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\qspxyi1m.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_13.dll
FF - plugin: c:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 17:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1939169150-462070110-1618972725-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1939169150-462070110-1618972725-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C193C120-DF62-FD6C-0B75-9031C795639F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaikofhmkdoejhjobadkcbchkffidg"=hex:64,61,69,69,6f,70,69,6f,00,80
"oamlohgonafgglglmbochmjmboihan"=hex:6a,61,68,69,6c,70,6b,6a,67,70,6a,63,66,66,
67,6c,69,6d,6e,70,00,fd
"nagiefihfcokiehocbgejnkaennk"=hex:6a,61,68,69,62,70,65,69,6f,6b,70,62,62,68,
70,69,68,6c,6e,6a,00,fd

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\SrchAstt\\1.bin\\MWSSRCAS.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\SrchAstt\\1.bin\\MWSSRCAS.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3124)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\brss01a.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\rundll32.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-11 17:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 16:24

Pre-Run: 127,750,164,480 bytes free
Post-Run: 127,631,392,768 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
329 --- E O F --- 2009-07-11 12:01


2) Logr


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A07
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:146 Go (Free:118 Go)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:931 Go (Free:300 Go)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 11/07/2009|13:09 )

--------------------\\ Listing folders in APPLIC~1

[25/03/2005|12:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative
[25/03/2005|12:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[25/03/2005|12:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
[25/03/2005|12:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[25/03/2005|12:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[25/03/2005|12:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[25/03/2005|12:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

[20/03/2009|01:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[31/05/2009|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[04/06/2009|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B912DA22-7AAD-474B-8C8F-D82FF0C33BF5}
[11/07/2009|01:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\10795784
[03/04/2009|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\acccore
[25/03/2005|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[01/04/2009|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[13/03/2006|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[01/04/2009|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[08/07/2007|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[01/10/2006|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[04/05/2006|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BT Yahoo!
[03/03/2008|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Citrix
[03/02/2008|13:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
[03/04/2007|23:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[15/12/2008|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[25/03/2005|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
[20/01/2009|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[29/11/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[01/05/2009|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[10/07/2009|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[07/05/2006|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[26/05/2005|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com Personal Firewall
[29/11/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[03/08/2007|18:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/10/2007|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[12/02/2009|01:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[12/12/2007|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[17/09/2008|21:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[03/08/2007|18:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[26/05/2005|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[25/03/2005|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[10/05/2009|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[11/07/2009|02:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SITEguard
[13/04/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[11/07/2009|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Soulseek
[01/04/2009|23:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[11/07/2009|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
[01/04/2009|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[03/02/2008|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[10/05/2009|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[03/06/2005|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[03/04/2009|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[19/04/2009|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildBit Viewer
[04/05/2006|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/10/2007|14:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[12/05/2007|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[25/03/2005|12:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Creative
[25/03/2005|12:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[25/03/2005|12:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[25/03/2005|12:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/03/2005|12:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[25/03/2005|12:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[25/03/2005|12:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[19/05/2005|21:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\GTek
[02/06/2005|18:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[26/04/2005|14:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
[02/06/2007|19:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/06/2009|18:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore
[28/10/2005|18:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!

[12/07/2007|03:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


[08/06/2005|00:39] C:\DOCUME~1\Paul\APPLIC~1\1ClickDVDCopy
[13/03/2006|21:32] C:\DOCUME~1\Paul\APPLIC~1\acccore
[26/12/2007|22:33] C:\DOCUME~1\Paul\APPLIC~1\Adobe
[12/04/2008|11:07] C:\DOCUME~1\Paul\APPLIC~1\AdobeUM
[26/04/2005|16:32] C:\DOCUME~1\Paul\APPLIC~1\Aim
[22/12/2008|19:49] C:\DOCUME~1\Paul\APPLIC~1\Amazon
[05/06/2009|17:20] C:\DOCUME~1\Paul\APPLIC~1\Apple Computer
[10/07/2009|13:04] C:\DOCUME~1\Paul\APPLIC~1\Audacity
[01/05/2005|00:44] C:\DOCUME~1\Paul\APPLIC~1\BT Yahoo! Messenger
[04/06/2009|19:33] C:\DOCUME~1\Paul\APPLIC~1\Canneverbe_Limited
[08/06/2005|00:16] C:\DOCUME~1\Paul\APPLIC~1\CopyToDvd
[25/07/2005|22:00] C:\DOCUME~1\Paul\APPLIC~1\Creative
[05/06/2005|22:38] C:\DOCUME~1\Paul\APPLIC~1\CyberLink
[14/03/2007|23:38] C:\DOCUME~1\Paul\APPLIC~1\Datalayer
[30/06/2009|17:10] C:\DOCUME~1\Paul\APPLIC~1\GoodSync
[26/12/2005|19:06] C:\DOCUME~1\Paul\APPLIC~1\Google
[13/04/2007|21:52] C:\DOCUME~1\Paul\APPLIC~1\Gtek
[16/01/2006|00:24] C:\DOCUME~1\Paul\APPLIC~1\Help
[25/03/2005|12:17] C:\DOCUME~1\Paul\APPLIC~1\Identities
[25/03/2005|12:46] C:\DOCUME~1\Paul\APPLIC~1\Jasc Software Inc
[30/07/2005|03:55] C:\DOCUME~1\Paul\APPLIC~1\Lavasoft
[08/05/2005|00:21] C:\DOCUME~1\Paul\APPLIC~1\Leadertech
[26/04/2005|14:55] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[01/05/2009|16:40] C:\DOCUME~1\Paul\APPLIC~1\Malwarebytes
[26/04/2005|14:13] C:\DOCUME~1\Paul\APPLIC~1\McAfee.com Personal Firewall
[06/07/2009|02:07] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[26/04/2005|15:09] C:\DOCUME~1\Paul\APPLIC~1\Microsoft Web Folders
[04/06/2009|18:56] C:\DOCUME~1\Paul\APPLIC~1\MixMeister Technology
[31/05/2009|00:06] C:\DOCUME~1\Paul\APPLIC~1\MixMeister Technology(2)
[10/05/2006|00:15] C:\DOCUME~1\Paul\APPLIC~1\Motive
[29/03/2009|01:26] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[09/01/2006|20:46] C:\DOCUME~1\Paul\APPLIC~1\MSNInstaller
[20/09/2008|13:10] C:\DOCUME~1\Paul\APPLIC~1\MyPublisher
[24/09/2006|17:14] C:\DOCUME~1\Paul\APPLIC~1\MySpace
[01/04/2009|22:26] C:\DOCUME~1\Paul\APPLIC~1\NCH Swift Sound
[10/01/2008|01:14] C:\DOCUME~1\Paul\APPLIC~1\Nokia
[06/10/2007|10:16] C:\DOCUME~1\Paul\APPLIC~1\Panasonic
[31/03/2009|15:34] C:\DOCUME~1\Paul\APPLIC~1\PC Suite
[21/02/2008|18:18] C:\DOCUME~1\Paul\APPLIC~1\Real
[27/02/2009|01:11] C:\DOCUME~1\Paul\APPLIC~1\SendSpace Wizard
[13/04/2008|19:51] C:\DOCUME~1\Paul\APPLIC~1\Skype
[13/04/2008|19:38] C:\DOCUME~1\Paul\APPLIC~1\skypePM
[14/02/2006|02:00] C:\DOCUME~1\Paul\APPLIC~1\Snapfish
[25/03/2005|12:52] C:\DOCUME~1\Paul\APPLIC~1\Sonic
[15/03/2007|00:57] C:\DOCUME~1\Paul\APPLIC~1\Sony Ericsson
[25/03/2009|18:43] C:\DOCUME~1\Paul\APPLIC~1\Spotify
[25/03/2005|12:42] C:\DOCUME~1\Paul\APPLIC~1\Sun
[03/06/2005|01:21] C:\DOCUME~1\Paul\APPLIC~1\Syntrillium
[15/03/2007|00:59] C:\DOCUME~1\Paul\APPLIC~1\Teleca
[01/07/2007|19:04] C:\DOCUME~1\Paul\APPLIC~1\Template
[29/05/2005|22:17] C:\DOCUME~1\Paul\APPLIC~1\Ulead Systems
[08/06/2009|20:00] C:\DOCUME~1\Paul\APPLIC~1\WildBit Viewer
[17/10/2008|18:57] C:\DOCUME~1\Paul\APPLIC~1\Yahoo!
[28/03/2009|11:37] C:\DOCUME~1\Paul\APPLIC~1\YouSendIt
[25/03/2005|12:47] C:\DOCUME~1\Paul\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/07/2009 13:03][--ah-----] C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[10/07/2009 14:40][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15/06/2009 01:28][--a------] C:\WINDOWS\tasks\McDefragTask.job
[01/07/2009 01:00][--a------] C:\WINDOWS\tasks\McQcTask.job
[11/07/2009 13:03][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 06:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Program Files

[25/03/2005|12:48] C:\Program Files\Adobe
[04/05/2005|00:18] C:\Program Files\Ahead
[03/04/2009|08:02] C:\Program Files\AIM6
[09/05/2006|15:50] C:\Program Files\Alcatel
[22/12/2008|19:49] C:\Program Files\Amazon
[25/03/2005|12:32] C:\Program Files\Analog Devices
[21/03/2006|00:23] C:\Program Files\AOL
[24/09/2007|23:05] C:\Program Files\Apple Software Update
[11/07/2009|03:41] C:\Program Files\a-squared Free
[25/03/2005|12:43] C:\Program Files\ATI Technologies
[01/01/2007|23:45] C:\Program Files\Audacity
[09/02/2009|15:06] C:\Program Files\Audacity 1.3 Beta (Unicode)
[07/12/2008|02:42] C:\Program Files\AviSynth 2.5
[01/04/2009|23:22] C:\Program Files\AWS
[31/10/2007|10:24] C:\Program Files\BearShare Applications
[18/06/2009|23:28] C:\Program Files\BitComet
[20/03/2009|01:01] C:\Program Files\Bonjour
[25/03/2005|12:43] C:\Program Files\Broadcom
[09/05/2006|15:28] C:\Program Files\BT Broadband 2091
[15/06/2008|22:22] C:\Program Files\BT Broadband Desktop Help
[26/11/2006|14:26] C:\Program Files\BT Home Hub
[26/04/2005|14:36] C:\Program Files\BT Yahoo! Broadband
[26/11/2006|14:27] C:\Program Files\btbb_wcm
[04/06/2009|19:33] C:\Program Files\CDBurnerXP
[31/03/2009|11:05] C:\Program Files\CDex_150
[05/07/2009|22:51] C:\Program Files\ClickRepair
[10/02/2008|19:11] C:\Program Files\CMS Peripherals
[11/07/2009|02:26] C:\Program Files\Common Files
[25/03/2005|12:45] C:\Program Files\Creative
[25/03/2005|12:45] C:\Program Files\CyberLink
[28/01/2008|20:37] C:\Program Files\Dell
[25/03/2005|12:46] C:\Program Files\Dell Computer
[12/04/2007|18:47] C:\Program Files\DellSupport
[12/12/2007|19:25] C:\Program Files\DIFX
[17/05/2005|00:46] C:\Program Files\DiMAGE Viewer
[02/06/2007|13:25] C:\Program Files\eBay
[01/01/2006|21:22] C:\Program Files\Eidos Interactive
[07/12/2008|02:41] C:\Program Files\eRightSoft
[11/07/2009|11:10] C:\Program Files\ERUNT
[15/12/2008|19:04] C:\Program Files\Google
[08/06/2006|20:08] C:\Program Files\HighCriteria
[14/05/2007|20:44] C:\Program Files\Hijack This
[20/04/2009|16:54] C:\Program Files\ImageConverter Plus
[01/05/2009|16:18] C:\Program Files\InstallShield Installation Information
[25/03/2005|12:43] C:\Program Files\Intel
[11/07/2009|12:38] C:\Program Files\Internet Explorer
[24/06/2009|18:25] C:\Program Files\iPod
[11/03/2006|01:34] C:\Program Files\IrfanView
[24/06/2009|18:25] C:\Program Files\iTunes
[25/03/2005|12:46] C:\Program Files\Jasc Software Inc
[04/06/2009|18:48] C:\Program Files\Java
[31/03/2009|11:03] C:\Program Files\Lame for Audacity
[30/07/2005|03:55] C:\Program Files\Lavasoft
[05/01/2006|19:43] C:\Program Files\LG Software Innovations
[11/07/2009|11:12] C:\Program Files\Malwarebytes' Anti-Malware
[10/07/2009|13:06] C:\Program Files\McAfee
[10/05/2009|20:37] C:\Program Files\McAfee.com
[14/02/2009|04:04] C:\Program Files\Medieval Software
[11/07/2009|12:06] C:\Program Files\Messenger
[26/04/2005|15:09] C:\Program Files\microsoft frontpage
[26/04/2005|15:09] C:\Program Files\Microsoft Office
[25/03/2005|12:45] C:\Program Files\Microsoft Works
[01/08/2008|20:09] C:\Program Files\mIRC
[04/06/2009|18:51] C:\Program Files\MixMeister Express 6
[04/06/2009|18:30] C:\Program Files\MixMeister Express 6(2)
[04/06/2009|18:32] C:\Program Files\MixMeister Studio 7
[26/04/2005|14:45] C:\Program Files\Modem Helper
[25/03/2005|12:43] C:\Program Files\Modem On Hold
[25/02/2007|17:33] C:\Program Files\Motive
[11/07/2009|12:03] C:\Program Files\Movie Maker
[11/07/2009|12:52] C:\Program Files\Mozilla Firefox
[31/05/2009|17:04] C:\Program Files\MSECACHE
[09/01/2006|20:45] C:\Program Files\MSN
[25/03/2005|12:17] C:\Program Files\MSN Gaming Zone
[16/11/2006|04:01] C:\Program Files\MSXML 4.0
[07/01/2006|15:59] C:\Program Files\MUSICMATCH
[20/09/2008|13:10] C:\Program Files\MyPublisher
[29/11/2006|00:16] C:\Program Files\MySpace
[11/07/2009|12:02] C:\Program Files\NetMeeting
[20/01/2009|09:23] C:\Program Files\Nokia
[25/03/2005|12:17] C:\Program Files\Online Services
[11/07/2009|12:02] C:\Program Files\Outlook Express
[06/10/2007|10:16] C:\Program Files\Panasonic
[20/01/2009|09:20] C:\Program Files\PC Connectivity Solution
[24/06/2009|18:23] C:\Program Files\QuickTime
[25/03/2005|12:47] C:\Program Files\Real
[04/06/2009|18:32] C:\Program Files\SendSpace
[22/06/2009|19:13] C:\Program Files\SFX
[31/05/2009|00:51] C:\Program Files\Siber Systems
[13/04/2008|19:32] C:\Program Files\Skype
[06/04/2009|19:42] C:\Program Files\Skyshare Manager v1.4.2
[25/03/2005|12:51] C:\Program Files\Sonic
[11/07/2009|11:15] C:\Program Files\Soulgurucleaner
[29/06/2009|23:47] C:\Program Files\Soulseek
[06/07/2008|10:30] C:\Program Files\SoulseekNS
[13/08/2005|00:55] C:\Program Files\Soulseek-Test
[21/05/2009|22:00] C:\Program Files\Spotify
[01/04/2009|23:47] C:\Program Files\Spybot - Search & Destroy
[10/05/2009|20:30] C:\Program Files\Symantec
[25/11/2006|18:35] C:\Program Files\TagRename
[26/05/2005|22:37] C:\Program Files\Temp
[01/04/2009|22:35] C:\Program Files\Trend Micro
[01/04/2006|17:11] C:\Program Files\TrueSwitch
[30/03/2009|00:40] C:\Program Files\TuneUpMedia
[03/06/2005|00:34] C:\Program Files\Ulead Systems
[05/12/2006|14:20] C:\Program Files\Uninstall Information
[01/04/2009|23:08] C:\Program Files\Viewpoint
[08/03/2009|18:32] C:\Program Files\VinylStudio
[05/01/2006|19:44] C:\Program Files\vso
[14/07/2007|16:48] C:\Program Files\Wedding Assistant
[29/11/2008|11:37] C:\Program Files\Western Digital
[29/11/2008|11:30] C:\Program Files\Western Digital Technologies
[19/04/2009|23:08] C:\Program Files\WildBit Viewer
[04/06/2009|18:32] C:\Program Files\Windows Installer Clean Up
[02/06/2007|19:18] C:\Program Files\Windows Media Connect 2
[11/07/2009|12:02] C:\Program Files\Windows Media Player
[11/07/2009|12:02] C:\Program Files\Windows NT
[22/06/2005|19:12] C:\Program Files\WindowsUpdate
[25/03/2007|14:24] C:\Program Files\WinMX
[09/11/2008|00:04] C:\Program Files\WinRAR
[16/01/2006|00:24] C:\Program Files\WinZip
[25/03/2005|12:17] C:\Program Files\XEROX
[10/05/2009|20:30] C:\Program Files\Yahoo!
[28/03/2009|11:35] C:\Program Files\YouSendIt

--------------------\\ Listing Folders in C:\Program Files\Common Files

[12/05/2005|22:25] C:\Program Files\Common Files\Adobe
[03/04/2009|07:58] C:\Program Files\Common Files\AOL
[24/06/2009|18:25] C:\Program Files\Common Files\Apple
[26/04/2005|15:11] C:\Program Files\Common Files\Designer
[29/11/2008|11:37] C:\Program Files\Common Files\InstallShield
[11/07/2009|02:26] C:\Program Files\Common Files\iS3
[25/03/2005|12:42] C:\Program Files\Common Files\Java
[10/05/2009|20:38] C:\Program Files\Common Files\McAfee
[15/06/2008|11:43] C:\Program Files\Common Files\Microsoft Shared
[25/02/2007|17:34] C:\Program Files\Common Files\Motive
[25/03/2005|12:17] C:\Program Files\Common Files\MSSoap
[20/01/2009|09:22] C:\Program Files\Common Files\Nokia
[25/03/2005|12:47] C:\Program Files\Common Files\Nullsoft
[12/05/2005|22:29] C:\Program Files\Common Files\ODBC
[20/01/2009|09:23] C:\Program Files\Common Files\PCSuite
[05/07/2008|04:22] C:\Program Files\Common Files\Real
[07/10/2007|14:02] C:\Program Files\Common Files\Scanner
[25/03/2005|12:17] C:\Program Files\Common Files\Services
[13/04/2008|19:32] C:\Program Files\Common Files\Skype
[25/03/2005|12:50] C:\Program Files\Common Files\Sonic
[25/03/2005|12:50] C:\Program Files\Common Files\Sonic Shared
[25/03/2005|12:17] C:\Program Files\Common Files\SpeechEngines
[29/05/2005|21:22] C:\Program Files\Common Files\SWF Studio
[10/05/2009|20:32] C:\Program Files\Common Files\Symantec Shared
[11/07/2009|12:02] C:\Program Files\Common Files\System
[05/07/2008|04:22] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 56 Processes )

Iexplore.exe ~ [PID:400]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Paul\Cookies\paul@advertising[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme


--------------------\\ Searching for other infections


No other infections found !

[F:48][D:5]-> C:\DOCUME~1\Paul\LOCALS~1\Temp
[F:94][D:0]-> C:\DOCUME~1\Paul\Cookies
[F:1793][D:4]-> C:\DOCUME~1\Paul\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 11/07/2009|13:20 - Option : [1]

--------------------\\ Scan completed at 13:20:20


3) I have included screen shots of the 2 failures on startup.

Attached Thumbnails

  • tmp1bc.tmp.JPG
  • Viewmgr.JPG

Attached Files


  • 0

#15
heir
Posted 11 July 2009 - 11:20 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Are you able to boot into normal mode now?
Do you also have access to Internet from the infected computer?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP