Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute.
Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Help with removal of Trojan:Win32/Alureon.gen!I [Solved]


  • This topic is locked This topic is locked

#1
pixxi

pixxi

    New Member

  • Member
  • Pip
  • 8 posts
I am a new OneCare user and having recently turned on my laptop for the first time in a while, I remembered why I had gotten so frustrated with it. Having suspected a trojan behind the problems, I bought and installed numerous AntiSpyware applications, including Trend Micro and Bullguard. When I returned to using my laptop, I decided to try Windows OneCare and at least I got an answer this time. Windows OneCare has identified a trojan Win32/Alureon.gen!I, but cannot seem to be able to remove it. There is literally nothing I could find on the web about this particular strain of Alureon trojan, but from what I've heard they can be very hard to remove.
Symptoms on my laptop include not being able to receive updates for Windows Update, Defender, etc.., redirecting on my firefox browser, and general slow performance of my computer. Also, and I'm not sure if this is connected with the trojan, but most times I try to remove the trojan using OneCare, my laptop blue screens, and I have to start the whole scan again. Seems to me that it's quite the coincidence!

My laptop is a Fujitsu Siemens Esprimo Mobile V5535, and I run Windows Vista Basic.
I honestly couldn't say how long I suspect the trojan has been in my system, though it is safe to say for at least 6 months.

Any help would be greatly appreciated as I really cannot afford to buy a new laptop.
Thanks in advance for any replies.
  • 0

Advertisement


#2
pixxi

pixxi

    New Member

  • Member
  • Pip
  • 8 posts
Also, this is what OneCare said about the trojan, if it helps at all.trojan.jpg
  • 1

#3
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#4
pixxi

pixxi

    New Member

  • Member
  • Pip
  • 8 posts
Well, after following the recommendations in the guide, my laptop began running much faster immediately, and even Windows Updates is working, something that hasn't happened in over half a year. I suppose I should have done all that before bothering anyone. Thanks very much for helping me. What I'm wondering is whether there is a chance that there is still a virus on my computer, and whether I should post the logs anyway? Or is it safe to say I'm okay?
  • 0

#5
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
I think it would be a good idea to post hte logs, just to be on the safe side :)

Thunderbird1988
  • 0

#6
pixxi

pixxi

    New Member

  • Member
  • Pip
  • 8 posts
This is the Malwarebytes log:
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6000

25/07/2009 00:07:32
mbam-log-2009-07-25 (00-07-32).txt

Scan type: Quick Scan
Objects scanned: 89614
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 16
Folders Infected: 8
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GroupManager (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7719f58e-ea60-4448-8d1f-f299c76d0d8f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d4728f26-233b-4f5f-908f-9f3a2d100920}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.102;85.255.112.199 -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\msqpdxicxavrei.dll (Trojan.Agent) -> Delete on reboot.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630134849166.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630145015584.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630151041388.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630204133203.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080630211450792.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080701020903888.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\adsl software ltd\winspywareprotect\LOG\20080701025312945.log (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\extravideo\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\msqpdxriicgqjm.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Elizabeth Find MD Diagnosis Mystery\groupmanager.exe (Backdoor.Bot) -> Delete on reboot.

Rootrepeal:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/26 19:30
Program Version: Version 1.3.2.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8C07F000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8C074000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAB592000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1268 Status: Locked to the Windows API!

SSDT
-------------------
#: 064 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xab07ef20

#: 072 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0xab07e160

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0xab07e420

#: 075 Function Name: NtCreateSection
Status: Hooked by "<unknown>" at address 0xab07fbe0

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xab080260

#: 123 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xab07f4a0

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xab07f760

#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0xab0805a0

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0xab07ff20

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xab07e9a0

#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0xab07fd80

#: 324 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xab07f1e0

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xab07ec60

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xab0800c0

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0xab080400

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "<unknown>" at address 0xab07e6e0

Hidden Services
-------------------
Service Name: msqpdxserv.sys
Image PathC:\Windows\system32\drivers\msqpdxriicgqjm.sys

==EOF==

OTL:

OTL logfile created on: 26/07/2009 19:35:33 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Shiv\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

764.46 Mb Total Physical Memory | 196.11 Mb Available Physical Memory | 25.65% Memory free
1.75 Gb Paging File | 0.87 Gb Available in Paging File | 49.74% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.86 Gb Total Space | 1.42 Gb Free Space | 5.10% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 16.66 Gb Free Space | 55.53% Space Free | Partition Type: NTFS
Drive E: | 2.00 Gb Total Space | 1.59 Gb Free Space | 79.47% Space Free | Partition Type: NTFS
Drive F: | 14.65 Gb Total Space | 6.66 Gb Free Space | 45.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIV-PC
Current User Name: Shiv
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2005/01/14 10:32:38 | 00,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
PRC - [2007/11/27 22:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/03/22 10:59:56 | 00,063,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2006/11/02 13:34:44 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2007/10/29 07:02:38 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/12/06 09:12:44 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/03 12:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7311\Monitor.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/01/09 17:32:50 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/12/06 09:12:58 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/07/23 05:12:52 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/26 19:31:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Shiv\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/27 19:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 08:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/11/05 22:31:54 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/20 02:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/27 05:00:41 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/20 02:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/12/14 03:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2007/11/27 22:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc [Auto | Running])
SRV - [2008/06/20 02:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/22 10:59:34 | 00,024,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP [Auto | Running])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 02:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - File not found -- -- (SfCtlCom [Auto | Stopped])
SRV - [2006/12/14 03:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2005/01/14 10:32:38 | 00,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - File not found -- -- (TMBMServer [Auto | Stopped])
SRV - File not found -- -- (tmproxy [Disabled | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2009/03/22 11:00:16 | 01,131,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss [Auto | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - URLSearchHook: {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2276417
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "4chan Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...rchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "4chan Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.12
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.3.3
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/26 03:02:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/23 05:12:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/23 05:12:54 | 00,000,000 | ---D | M]

[2008/08/14 01:46:20 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Extensions
[2008/08/14 01:46:20 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/26 18:42:40 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions
[2009/07/26 18:42:40 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/20 19:25:25 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/14 12:34:27 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2009/02/02 12:00:17 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/01/13 09:53:00 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/02/27 09:47:30 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\firebug@software.joehewitt.com
[2009/02/27 09:47:35 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\firebug@software.joehewitt.com-trash
[2009/07/26 18:42:40 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\mozilla\Firefox\Profiles\hf4x7526.default\extensions\staged-xpis
[2008/10/30 14:01:54 | 00,000,872 | ---- | M] () -- C:\Users\Shiv\AppData\Roaming\Mozilla\FireFox\Profiles\hf4x7526.default\searchplugins\conduit.xml
[2008/04/18 00:14:29 | 00,002,386 | ---- | M] () -- C:\Users\Shiv\AppData\Roaming\Mozilla\FireFox\Profiles\hf4x7526.default\searchplugins\siteadvisor.xml
[2009/03/04 01:00:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/23 05:12:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/04 01:00:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/07/23 05:12:52 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/23 05:12:52 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/04 00:59:41 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/23 05:12:53 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/21 11:08:37 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/06/21 11:08:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/21 11:08:38 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/06/21 11:08:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/21 11:08:38 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/06/21 11:08:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/21 11:08:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/21 11:08:38 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (freetrialdownloads-EN Toolbar) - {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (freetrialdownloads-EN Toolbar) - {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (freetrialdownloads-EN Toolbar) - {5B99C55C-AE59-4D93-BC3B-ED0C8DF4DA08} - C:\Program Files\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 13:44:23 | 00,000,255 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 13:44:23 | 00,000,255 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 13:44:23 | 00,000,255 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{18e15a37-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15a37-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{18e15a6d-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15a6d-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{18e15a88-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15a88-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{18e15aa4-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15aa4-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{18e15aa6-a021-11dd-9f81-ea5c95888029}\Shell - "" = AutoRun
O33 - MountPoints2\{18e15aa6-a021-11dd-9f81-ea5c95888029}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{19460748-9b86-11dd-9862-f28532411dcd}\Shell - "" = AutoRun
O33 - MountPoints2\{19460748-9b86-11dd-9862-f28532411dcd}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{595acdfa-be28-11dc-b904-c1033f79efb3}\Shell - "" = AutoRun
O33 - MountPoints2\{595acdfa-be28-11dc-b904-c1033f79efb3}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{7031f4e2-b0d2-11dd-9f5f-d547e3a10098}\Shell - "" = AutoRun
O33 - MountPoints2\{7031f4e2-b0d2-11dd-9f5f-d547e3a10098}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{7031f4e3-b0d2-11dd-9f5f-d547e3a10098}\Shell - "" = AutoRun
O33 - MountPoints2\{7031f4e3-b0d2-11dd-9f5f-d547e3a10098}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{718c8c8a-96de-11dd-b353-99eb14f176af}\Shell - "" = AutoRun
O33 - MountPoints2\{718c8c8a-96de-11dd-b353-99eb14f176af}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{718c8cab-96de-11dd-b353-99eb14f176af}\Shell - "" = AutoRun
O33 - MountPoints2\{718c8cab-96de-11dd-b353-99eb14f176af}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{718c8cec-96de-11dd-b353-940de2dad0a7}\Shell - "" = AutoRun
O33 - MountPoints2\{718c8cec-96de-11dd-b353-940de2dad0a7}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{859e12c3-cfce-11dd-a180-9fbeb43958c1}\Shell - "" = AutoRun
O33 - MountPoints2\{859e12c3-cfce-11dd-a180-9fbeb43958c1}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{98cf4e6e-c5e4-11dc-b8bc-00a0d1c9fe1c}\Shell - "" = AutoRun
O33 - MountPoints2\{98cf4e6e-c5e4-11dc-b8bc-00a0d1c9fe1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{98cf4e86-c5e4-11dc-b8bc-00a0d1c9fe1c}\Shell - "" = AutoRun
O33 - MountPoints2\{98cf4e86-c5e4-11dc-b8bc-00a0d1c9fe1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{eef79024-e3cf-11dc-b430-00a0d1c9fe1c}\Shell - "" = AutoRun
O33 - MountPoints2\{eef79024-e3cf-11dc-b430-00a0d1c9fe1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{eef79025-e3cf-11dc-b430-00a0d1c9fe1c}\Shell - "" = AutoRun
O33 - MountPoints2\{eef79025-e3cf-11dc-b430-00a0d1c9fe1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5f88f85-d198-11dd-9421-b50f87c26f9e}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f88f85-d198-11dd-9421-b50f87c26f9e}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5f88f95-d198-11dd-9421-8e0699b5b4e4}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f88f95-d198-11dd-9421-8e0699b5b4e4}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5f88f98-d198-11dd-9421-91078a6c002f}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f88f98-d198-11dd-9421-91078a6c002f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5f88f9a-d198-11dd-9421-d334515a97f5}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f88f9a-d198-11dd-9421-d334515a97f5}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/07/26 18:47:54 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/07/26 18:46:36 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2009/07/26 06:36:35 | 00,000,000 | ---D | C] -- C:\GameRival
[2009/07/26 06:36:33 | 00,827,392 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\FLASH.OCX
[2009/07/26 06:36:19 | 00,001,695 | ---- | C] () -- C:\Users\Shiv\Desktop\Gold Miner.lnk
[2009/07/26 06:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\Gold Miner
[2009/07/26 03:03:21 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/26 03:03:21 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/26 03:03:11 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/07/26 01:10:25 | 00,009,127 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/07/26 01:10:24 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/07/25 22:00:55 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2009/07/25 04:24:27 | 00,032,768 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/07/25 04:24:27 | 00,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/07/25 04:24:26 | 36,388,864 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/07/25 01:53:06 | 01,675,370 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/07/25 01:53:06 | 00,206,830 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/07/25 01:51:30 | 00,132,148 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/07/25 01:50:52 | 03,662,296 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/07/25 01:48:50 | 00,175,508 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/07/25 01:47:41 | 00,289,467 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/07/25 01:47:34 | 00,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2009/07/25 01:47:14 | 00,261,163 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/07/25 01:45:41 | 00,080,047 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/07/25 01:37:49 | 00,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2009/07/25 01:37:42 | 00,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2009/07/25 01:37:40 | 00,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2009/07/25 01:36:53 | 00,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2009/07/25 01:36:50 | 00,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2009/07/25 00:09:10 | 01,299,252 | -H-- | C] () -- C:\Users\Shiv\AppData\Local\IconCache.db
[2009/07/24 23:57:54 | 00,000,000 | ---D | C] -- C:\Users\Shiv\AppData\Roaming\Malwarebytes
[2009/07/24 23:57:51 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 23:57:47 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/24 23:57:45 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/24 23:57:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/24 23:57:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/24 23:52:32 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/07/24 23:52:30 | 00,000,000 | ---D | C] -- C:\Program Files\freetrialdownloads-EN
[2009/07/24 23:45:37 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/24 23:44:59 | 00,000,733 | ---- | C] () -- C:\Users\Shiv\Desktop\NTREGOPT.lnk
[2009/07/24 23:44:59 | 00,000,714 | ---- | C] () -- C:\Users\Shiv\Desktop\ERUNT.lnk
[2009/07/24 23:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/23 07:47:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/07/23 07:41:48 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/07/23 07:41:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/07/22 19:55:37 | 00,000,000 | ---D | C] -- C:\Users\Shiv\AppData\Roaming\CoSoSys

========== Files - Modified Within 14 Days ==========

[3 C:\Windows\System32\*.tmp files]
[2009/07/26 18:47:54 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/07/26 18:42:16 | 00,005,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 18:42:16 | 00,005,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 18:42:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/26 06:36:33 | 00,827,392 | ---- | M] (Macromedia, Inc.) -- C:\Windows\System32\FLASH.OCX
[2009/07/26 06:36:19 | 00,001,695 | ---- | M] () -- C:\Users\Shiv\Desktop\Gold Miner.lnk
[2009/07/26 03:21:32 | 00,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/26 03:21:32 | 00,608,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/26 03:21:32 | 00,109,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/26 03:15:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/26 03:11:21 | 01,299,252 | -H-- | M] () -- C:\Users\Shiv\AppData\Local\IconCache.db
[2009/07/25 22:37:54 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/07/25 22:30:40 | 02,305,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/25 21:22:14 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2009/07/25 21:22:01 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2009/07/25 18:59:43 | 00,100,944 | ---- | M] () -- C:\Users\Shiv\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/25 04:53:43 | 00,000,492 | ---- | M] () -- C:\Windows\win.ini
[2009/07/25 04:27:58 | 36,388,864 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/07/25 04:27:57 | 00,032,768 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/07/25 04:27:57 | 00,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/07/24 23:57:51 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 23:44:59 | 00,000,733 | ---- | M] () -- C:\Users\Shiv\Desktop\NTREGOPT.lnk
[2009/07/24 23:44:59 | 00,000,714 | ---- | M] () -- C:\Users\Shiv\Desktop\ERUNT.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/07/24 23:57:54 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming
[2008/02/12 16:27:00 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\AntsSoft
[2008/01/13 02:39:19 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\ArcSoft
[2008/02/06 05:56:42 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Big Fish Games
[2009/07/22 19:55:37 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\CoSoSys
[2008/11/13 23:05:59 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Flood Light Games
[2008/02/17 19:19:49 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\FrostWire
[2008/02/06 03:48:15 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\iWin
[2007/12/10 11:56:14 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Leadertech
[2008/07/02 17:07:40 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\NCH Software
[2008/07/02 16:54:31 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\NCH Swift Sound
[2008/12/15 00:08:59 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Oxin's Style!
[2008/06/23 02:47:34 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\SecondLife
[2008/01/04 01:33:03 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\SEGA
[2008/08/18 19:02:59 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\TypingMaster7
[2009/01/25 16:19:23 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\U3
[2009/03/17 04:18:57 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\uTorrent
[2008/04/07 17:57:22 | 00,000,000 | ---D | M] -- C:\Users\Shiv\AppData\Roaming\Windows Live Writer
[2008/01/09 03:00:25 | 00,000,252 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2009/06/22 07:07:40 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/07/26 03:15:01 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/26 03:12:10 | 00,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 26/07/2009 19:35:33 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Shiv\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

764.46 Mb Total Physical Memory | 196.11 Mb Available Physical Memory | 25.65% Memory free
1.75 Gb Paging File | 0.87 Gb Available in Paging File | 49.74% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.86 Gb Total Space | 1.42 Gb Free Space | 5.10% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 16.66 Gb Free Space | 55.53% Space Free | Partition Type: NTFS
Drive E: | 2.00 Gb Total Space | 1.59 Gb Free Space | 79.47% Space Free | Partition Type: NTFS
Drive F: | 14.65 Gb Total Space | 6.66 Gb Free Space | 45.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIV-PC
Current User Name: Shiv
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C03F399-892F-4C21-ADDA-34FE79F33899}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1DC6736A-F679-44F5-A9C3-F4680C140085}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3BB46A5D-8F86-4344-9335-3D6C9496404F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{435D629E-08A9-4DA7-A44D-24AA2064F960}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{436D5A04-E6A0-43A9-82FF-49411D289956}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{529A9BFE-BAD1-4D05-AC0B-8F6991784427}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{540A478F-E17F-4C8F-A377-E654D3886535}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{56A9865F-EFE0-4322-9E1A-572299BB62E2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{696A3246-45FE-43A7-89CA-9B32B7D99244}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{8009637B-8F9A-445E-A732-3640AD22FA70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{80CEB081-09EB-4AD2-9862-9AE57BAEE7AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8F4B66AF-DB6E-4EBE-8280-9DDF490A0919}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8F7326C4-2E33-4162-A993-6A06FBA92DF3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDCD7586-B852-48A5-A9F7-46F1F234A235}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D247F092-E119-4865-8E15-CF3B50296BD2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D3C67A32-AC63-4CA2-A9A5-CBE1507E18EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DF960908-6FF2-40B2-916B-E9EB76927EC1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E402F880-A14D-4653-BC11-00C558EE8A27}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E4D9E5A8-65B3-4B8D-AAB9-2CAB8E283A62}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{F10E6C5F-3C19-4AE0-A487-0D2C55D4372C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FCBEDF-1A38-466A-B222-4D4B3FCE0CF5}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{05163122-441A-4B44-9BC3-EF00E989AE40}" = protocol=6 | dir=in | app=c:\windows\system32\windowsanytimeupgrade.exe |
"{18825E0F-8182-483D-9166-6E32B892E55F}" = protocol=17 | dir=in | app=c:\windows\system32\windowsanytimeupgrade.exe |
"{1C3A9DF5-7084-4502-92A6-4A6BF3E60062}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{211977E2-F767-48F8-9C84-6DFF03EE0674}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{29269F6C-1324-4E35-9ED9-7DAFD92D53C3}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{37715387-1185-40A6-AAEA-F73E88E7E9D6}" = protocol=17 | dir=in | app=c:\program files\trend micro\internet security\ufnavi.exe |
"{3A9DC517-C69E-4BF3-B137-A8FC09D830F8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5722E1C4-D0A8-48CA-A853-E2AC986D4C51}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{59F08CF4-6949-461E-A592-FC24FE0E5764}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5AD8A47A-74CE-44E6-826C-37B404A794EB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5FC9DF49-ECD5-448E-8E1F-5DBA7BD5EB2D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{6E825433-4B01-4809-ABB5-653248CA48AC}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{74298BED-DA72-4316-A266-486CD6458E28}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5CF6A1-59D8-4080-9B64-77DD6045BEC2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{83A5B75A-1D3A-4605-9BCA-DCF18208AC2C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{923A100D-CA2F-4F93-9748-C728287E7C1F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{94AD99FA-D209-4321-8FED-CEA9A3BDC055}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{9A68039B-AF57-499C-AE24-70BD8991566A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{9AD9F18D-31BF-427A-9B84-AD82034921A1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ABB5E2DD-43B1-42E3-884E-E07AA4864A53}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B79803C9-6B71-4DEA-9CDA-2599EE8AEB11}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{C648BDED-2285-4786-9B6B-23180CECA562}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{DD248588-5B4B-49AF-9E39-102CADFCF0E4}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{E1E1912B-EC85-4C86-84FE-79930CA60BEA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E28FF039-FCB0-4081-A721-D2D36AF7E9A7}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{E4356F88-CB42-439B-99D4-40459322C911}" = protocol=6 | dir=out | app=system |
"{EC58B3B8-7189-40FE-BB5A-DF832176B08E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{ED98AFA6-FACB-414A-AB6B-0FFA297B4CD0}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{EEEFAD5F-938D-4D52-AEF9-492A5FDDF409}" = protocol=6 | dir=in | app=c:\program files\trend micro\internet security\ufnavi.exe |
"{EF0D3671-D73C-4BD2-9BFC-0619F7AF11AF}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{F2F4AE29-A24F-4A36-9E89-2E9C6CA84F86}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{F349E5FE-FFB3-44A3-B6F1-4B702D3222E2}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{F6BA88C2-154B-4B55-932C-A095ED39FA5C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F86D534B-F3E6-4FE9-859B-E468BE24C4AB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FF7E6F9F-93C7-4920-9742-17F13C33FCAD}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"TCP Query User{29027E1D-55D7-49B3-BBA3-5D7AD8972D3E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{662F29E6-09D8-4481-97A3-8E363D32CAA0}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{698D48DD-72B3-43B1-8F3F-380772280148}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{A58B5E76-9E67-4AC5-AE0A-34077DB6F3D1}C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe |
"UDP Query User{355350B0-88DC-4325-A4B3-D75095694BE2}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{38B225CB-792C-40AF-84DD-0861E05D622A}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{ECEEBB31-3A74-4D76-98DE-2E2F2CE8D785}C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe |
"UDP Query User{F5DB0EE8-D2ED-4881-9FA8-15566F78DD88}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05CF1C54-CD51-432E-B496-96DF672B9872}" = WEA500
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11C51F70-3825-448F-BC36-C653C4A42623}" = MyBot
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = O2 Broadband USB Modem
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.24
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.24
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"freetrialdownloads-EN Toolbar" = freetrialdownloads-EN Toolbar
"Gold Miner" = Gold Miner (remove only)
"Google Updater" = Google Updater
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SiS VGA Utilities" = SiS VGA Utilities
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"WinSS" = Windows Live OneCare

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/07/2009 00:31:01 | Computer Name = Shiv-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 25/07/2009 14:00:06 | Computer Name = Shiv-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 25/07/2009 14:28:00 | Computer Name = Shiv-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 25/07/2009 14:28:05 | Computer Name = Shiv-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 25/07/2009 15:05:42 | Computer Name = Shiv-PC | Source = VSS | ID = 8194
Description =

Error - 25/07/2009 15:17:06 | Computer Name = Shiv-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7f8 Start Time: 01ca0d57423c8905 Termination Time: 640

Error - 25/07/2009 15:59:06 | Computer Name = Shiv-PC | Source = VSS | ID = 8194
Description =

Error - 25/07/2009 17:07:13 | Computer Name = Shiv-PC | Source = WerSvc | ID = 5007
Description =

Error - 25/07/2009 17:40:41 | Computer Name = Shiv-PC | Source = ESENT | ID = 215
Description = WinMail (3856) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 26/07/2009 00:00:02 | Computer Name = Shiv-PC | Source = Customer Experience Improvement Program | ID = 1006
Description =

[ OSession Events ]
Error - 07/02/2009 19:11:10 | Computer Name = Shiv-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 144
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25/07/2009 22:15:44 | Computer Name = Shiv-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/07/2009 02:28:24 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 26/07/2009 02:28:25 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 26/07/2009 02:28:26 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 26/07/2009 02:28:27 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 26/07/2009 02:28:28 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 26/07/2009 02:28:29 | Computer Name = Shiv-PC | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7540A ATA Device' (IDE\CdRomOptiarc_DVD_RW_AD-7540A_________________1.42____\5&8358820&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 26/07/2009 02:28:29 | Computer Name = Shiv-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 26/07/2009 02:28:29 | Computer Name = Shiv-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 26/07/2009 14:11:39 | Computer Name = Shiv-PC | Source = BROWSER | ID = 8032
Description =

[ Windows OneCare Events ]
Error - 01/02/2008 15:49:06 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 01/02/2008 15:49:07 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 07/02/2008 01:01:15 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 07/02/2008 01:01:15 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 07/04/2008 12:06:57 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 08/04/2008 17:01:22 | Computer Name = Shiv-PC | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 23/07/2009 03:02:52 | Computer Name = Shiv-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a180109.

Error - 24/07/2009 18:36:04 | Computer Name = Shiv-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80070004.


< End of report >

None of this makes sense to me, but hopes it helps! :)
  • 0

#7
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello pixxie,

Your computer is still infected.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the [B]C:\ComboFix.txt so we can continue cleaning the system.

Thunderbird1988
  • 0

#8
pixxi

pixxi

    New Member

  • Member
  • Pip
  • 8 posts
Here is the Combofix log

ComboFix 09-07-28.01 - Shiv 28/07/2009 23:50.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.764.216 [GMT 1:00]
Running from: c:\users\Shiv\Desktop\Combo-Fix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Trend Micro AntiVirus *disabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *disabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-3231582470-1713535078-685336403-1003
D:\autorun.inf
D:\resycled
d:\resycled\boot.com
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
F:\autorun.inf
F:\resycled
f:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSQPDXSERV.SYS
-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-28 22:59 . 2009-07-28 23:07 -------- d-----w- c:\users\Shiv\AppData\Local\temp
2009-07-28 22:59 . 2009-07-28 22:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-07-28 22:43 . 2009-07-28 22:48 -------- dcs---w- C:\ComboFix
2009-07-26 05:36 . 2009-07-26 05:36 -------- dc----w- C:\GameRival
2009-07-26 00:10 . 2008-05-10 03:35 885248 ----a-w- c:\windows\system32\RacEngn.dll
2009-07-26 00:10 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-26 00:10 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-07-26 00:10 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-07-26 00:10 . 2008-09-03 03:59 468992 ----a-w- c:\windows\system32\newdev.dll
2009-07-26 00:10 . 2008-09-03 03:58 74752 ----a-w- c:\windows\system32\newdev.exe
2009-07-26 00:10 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2009-07-26 00:10 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-07-26 00:09 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-07-26 00:09 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2009-07-26 00:09 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2009-07-26 00:09 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2009-07-26 00:09 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-07-26 00:09 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-07-26 00:09 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-07-26 00:09 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-07-26 00:09 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-07-26 00:09 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-07-26 00:09 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-07-25 21:00 . 2009-07-25 21:00 -------- dc----w- C:\PerfLogs
2009-07-25 03:28 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-25 03:28 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-25 03:28 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-25 03:28 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-25 03:28 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-25 03:28 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-25 03:28 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-25 00:54 . 2008-01-19 07:36 1541120 ----a-w- c:\windows\system32\onex.dll
2009-07-25 00:54 . 2008-01-19 07:33 2623488 ----a-w- c:\windows\system32\SLsvc.exe
2009-07-25 00:54 . 2008-01-19 07:42 51768 ----a-w- c:\windows\system32\PSHED.DLL
2009-07-25 00:54 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll
2009-07-25 00:54 . 2008-01-19 04:10 681984 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-07-25 00:54 . 2008-01-19 07:33 2091520 ----a-w- c:\windows\system32\dfsr.exe
2009-07-25 00:54 . 2008-01-19 07:36 1107968 ----a-w- c:\windows\system32\pidgenx.dll
2009-07-25 00:54 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2009-07-25 00:54 . 2008-01-19 07:35 2061824 ----a-w- c:\windows\system32\mstscax.dll
2009-07-25 00:52 . 2008-01-19 07:36 612864 ----a-w- c:\windows\system32\rdpencom.dll
2009-07-25 00:51 . 2008-01-19 07:33 178176 ----a-w- c:\windows\system32\clusapi.dll
2009-07-25 00:50 . 2008-01-19 07:36 126976 ----a-w- c:\windows\system32\vdsutil.dll
2009-07-25 00:49 . 2008-01-19 07:34 104960 ----a-w- c:\windows\system32\mprddm.dll
2009-07-25 00:48 . 2008-01-19 07:36 758784 ----a-w- c:\windows\system32\WMADMOD.DLL
2009-07-25 00:47 . 2008-01-19 07:36 300032 ----a-w- c:\windows\system32\puiobj.dll
2009-07-25 00:46 . 2008-01-19 07:36 168448 ----a-w- c:\windows\system32\wdigest.dll
2009-07-25 00:45 . 2008-01-19 07:37 181248 ----a-w- c:\windows\system32\WUDFPlatform.dll
2009-07-25 00:44 . 2008-01-19 07:35 160256 ----a-w- c:\windows\system32\msrdc.dll
2009-07-25 00:43 . 2008-01-19 07:37 87552 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2009-07-25 00:42 . 2008-01-19 07:34 35328 ----a-w- c:\windows\system32\dimsjob.dll
2009-07-25 00:41 . 2008-01-19 07:34 64000 ----a-w- c:\windows\system32\iscsiwmi.dll
2009-07-25 00:40 . 2008-01-19 07:36 77824 ----a-w- c:\windows\system32\odbccr32.dll
2009-07-25 00:39 . 2008-01-19 07:33 26624 ----a-w- c:\windows\system32\cofiredm.dll
2009-07-25 00:38 . 2008-01-19 07:36 8704 ----a-w- c:\windows\system32\rdpcfgex.dll
2009-07-25 00:37 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-25 00:37 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-25 00:37 . 2008-01-05 11:21 12198 ----a-w- c:\windows\system32\gatherWiredInfo.vbs
2009-07-25 00:37 . 2008-01-05 11:34 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-07-25 00:36 . 2008-01-19 07:33 599552 ----a-w- c:\windows\system32\vsp1cln.exe
2009-07-25 00:36 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-25 00:36 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-25 00:34 . 2008-01-19 07:34 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2009-07-25 00:34 . 2008-01-19 07:36 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-25 00:34 . 2008-01-19 07:36 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-25 00:34 . 2008-01-19 07:34 191488 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-25 00:34 . 2008-01-19 07:34 263168 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-25 00:34 . 2008-01-19 07:36 742912 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-25 00:34 . 2008-01-19 07:36 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2009-07-25 00:34 . 2008-01-19 07:36 264704 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-25 00:33 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll
2009-07-25 00:33 . 2008-01-19 07:36 704512 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-25 00:33 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2009-07-25 00:33 . 2008-01-19 07:36 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-25 00:33 . 2008-01-19 07:33 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-25 00:32 . 2008-01-19 07:34 246784 ----a-w- c:\windows\system32\drvstore.dll
2009-07-25 00:32 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2009-07-25 00:32 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll
2009-07-25 00:32 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll
2009-07-25 00:16 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-07-25 00:16 . 2008-01-19 07:36 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-07-25 00:16 . 2008-01-19 07:36 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-07-25 00:16 . 2008-08-28 03:40 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-07-25 00:16 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-07-25 00:16 . 2008-08-28 03:40 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-07-25 00:16 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-25 00:16 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-25 00:16 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 00:16 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-25 00:16 . 2008-01-19 07:34 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-25 00:16 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-07-25 00:11 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2009-07-25 00:11 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-07-25 00:11 . 2008-01-19 07:43 441400 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-07-25 00:11 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-07-25 00:11 . 2008-01-19 07:33 9728 ----a-w- c:\windows\system32\lsass.exe
2009-07-25 00:11 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-07-25 00:11 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-07-25 00:11 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-07-25 00:11 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-07-25 00:11 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-07-25 00:10 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-07-25 00:10 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-07-24 23:35 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-24 23:34 . 2008-11-27 04:43 268288 ----a-w- c:\windows\system32\schannel.dll
2009-07-24 22:57 . 2009-07-24 22:57 -------- d-----w- c:\users\Shiv\AppData\Roaming\Malwarebytes
2009-07-24 22:57 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 22:57 . 2009-07-24 22:57 -------- d-----w- c:\programdata\Malwarebytes
2009-07-24 22:57 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 22:57 . 2009-07-24 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 22:52 . 2009-07-24 22:52 -------- d-----w- c:\program files\Conduit
2009-07-24 22:52 . 2009-07-24 22:52 -------- d-----w- c:\program files\freetrialdownloads-EN
2009-07-24 22:44 . 2009-07-24 22:45 -------- d-----w- c:\program files\ERUNT
2009-07-23 07:59 . 2009-07-23 07:59 29352 ----a-w- c:\programdata\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\HASFix058456.dll
2009-07-23 07:59 . 2009-07-23 07:59 23720 ----a-w- c:\programdata\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\HelpAndSupport_TestContent.dll
2009-07-23 07:59 . 2009-07-23 07:59 23056 ----a-w- c:\programdata\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\HASFix101001.dll
2009-07-23 07:59 . 2009-07-23 07:59 221208 ----a-w- c:\programdata\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\HelpAndSupportCommon.dll
2009-07-23 07:59 . 2009-07-23 07:59 21160 ----a-w- c:\programdata\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\HASFix056479.dll
2009-07-23 07:59 . 2009-07-23 07:59 110248 ----a-w- c:\programdata\Microsoft\OC\Channels\ch5\HTML\item_templ\common\fixes\HelpAndSupportInterface.dll
2009-07-23 07:05 . 2009-07-23 07:05 209960 ----a-w- c:\programdata\Microsoft\OC\Channels\ch1\dplugins\2.0.1.600\OneCareDiagPlugin.dll
2009-07-23 06:49 . 2007-11-27 21:44 37440 ----a-w- c:\windows\system32\drivers\msfwhlpr.sys
2009-07-23 06:49 . 2007-11-27 21:45 91200 ----a-w- c:\windows\system32\drivers\msfwdrv.sys
2009-07-23 06:47 . 2009-07-23 06:47 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-23 06:47 . 2008-05-15 15:15 53168 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 23:02 . 2008-02-26 02:40 -------- d-----w- c:\users\Shiv\AppData\Roaming\uTorrent
2009-07-28 21:54 . 2008-01-09 16:32 -------- d-----w- c:\programdata\Google Updater
2009-07-26 17:47 . 2009-07-26 17:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-07-26 02:05 . 2008-11-14 21:29 -------- d-----w- c:\programdata\Microsoft Help
2009-07-25 21:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-25 21:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-25 21:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-25 21:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-25 21:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-25 21:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-25 21:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-25 20:22 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-25 20:22 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-25 19:23 . 2007-12-10 10:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-25 18:57 . 2008-01-08 21:48 -------- d-----w- c:\program files\Windows Live
2009-07-25 17:59 . 2007-12-04 17:20 100944 ----a-w- c:\users\Shiv\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-25 05:51 . 2008-06-23 14:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 03:59 . 2008-11-14 21:38 -------- d-----w- c:\program files\Microsoft Works
2009-07-23 07:32 . 2009-07-23 07:32 100944 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-23 07:05 . 2009-07-23 07:04 2923248 ----a-w- c:\programdata\Microsoft\OC\Channels\ch1\HTML\item_templ\common\MSHotFix\WindowsXP-KB914882-x86.exe
2009-06-20 22:47 . 2009-03-15 02:20 230432 -c--a-w- C:\PA7311.DAT
2008-06-30 13:37 . 2008-06-30 13:37 0 ----a-w- c:\program files\uninstall.dat
2009-07-23 04:12 . 2008-12-15 22:45 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-08-23 12:41 . 2007-08-23 12:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5b99c55c-ae59-4d93-bc3b-ed0c8df4da08}"= "c:\program files\freetrialdownloads-EN\tbfree.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{5b99c55c-ae59-4d93-bc3b-ed0c8df4da08}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b99c55c-ae59-4d93-bc3b-ed0c8df4da08}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\freetrialdownloads-EN\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5b99c55c-ae59-4d93-bc3b-ed0c8df4da08}"= "c:\program files\freetrialdownloads-EN\tbfree.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{5b99c55c-ae59-4d93-bc3b-ed0c8df4da08}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5B99C55C-AE59-4D93-BC3B-ED0C8DF4DA08}"= "c:\program files\freetrialdownloads-EN\tbfree.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{5b99c55c-ae59-4d93-bc3b-ed0c8df4da08}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-09 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{A58B5E76-9E67-4AC5-AE0A-34077DB6F3D1}c:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:c:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"UDP Query User{ECEEBB31-3A74-4D76-98DE-2E2F2CE8D785}c:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:c:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"{EC58B3B8-7189-40FE-BB5A-DF832176B08E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{59F08CF4-6949-461E-A592-FC24FE0E5764}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F86D534B-F3E6-4FE9-859B-E468BE24C4AB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F2F4AE29-A24F-4A36-9E89-2E9C6CA84F86}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{529A9BFE-BAD1-4D05-AC0B-8F6991784427}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{83A5B75A-1D3A-4605-9BCA-DCF18208AC2C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F6BA88C2-154B-4B55-932C-A095ED39FA5C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1C3A9DF5-7084-4502-92A6-4A6BF3E60062}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5AD8A47A-74CE-44E6-826C-37B404A794EB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E1E1912B-EC85-4C86-84FE-79930CA60BEA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{74298BED-DA72-4316-A266-486CD6458E28}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3A9DC517-C69E-4BF3-B137-A8FC09D830F8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5722E1C4-D0A8-48CA-A853-E2AC986D4C51}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{662F29E6-09D8-4481-97A3-8E363D32CAA0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{38B225CB-792C-40AF-84DD-0861E05D622A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{29027E1D-55D7-49B3-BBA3-5D7AD8972D3E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F5DB0EE8-D2ED-4881-9FA8-15566F78DD88}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{EEEFAD5F-938D-4D52-AEF9-492A5FDDF409}"= UDP:c:\program files\Trend Micro\Internet Security\UfNavi.exe:UfNavi
"{37715387-1185-40A6-AAEA-F73E88E7E9D6}"= TCP:c:\program files\Trend Micro\Internet Security\UfNavi.exe:UfNavi
"{05163122-441A-4B44-9BC3-EF00E989AE40}"= UDP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Windows Anytime Upgrade
"{18825E0F-8182-483D-9166-6E32B892E55F}"= TCP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Windows Anytime Upgrade
"{2EFDF1CA-CCF0-4820-944B-F0C70195F4AA}"= Disabled:UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{9B841B3D-C85D-45AC-B2C2-630E293606E3}"= Disabled:TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{1DC6736A-F679-44F5-A9C3-F4680C140085}"= UDP:5353:Adobe CSI CS4
"{5FC9DF49-ECD5-448E-8E1F-5DBA7BD5EB2D}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{7C5CF6A1-59D8-4080-9B64-77DD6045BEC2}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{29269F6C-1324-4E35-9ED9-7DAFD92D53C3}"= UDP:c:\program files\Windows Defender\MSASCui.exe:Windows Defender
"{F349E5FE-FFB3-44A3-B6F1-4B702D3222E2}"= TCP:c:\program files\Windows Defender\MSASCui.exe:Windows Defender

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [22/03/2009 10:59 24936]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [18/02/2008 15:05 52240]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [18/02/2008 15:05 35856]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [15/06/2008 01:06 452968]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [09/09/2008 03:15 48128]
S3 PAC7311;WEA500;c:\windows\System32\drivers\PA707UCM.SYS [13/01/2009 17:17 449024]
S4 tmproxy;Trend Micro Proxy Service;"c:\program files\Trend Micro\Internet Security\TmProxy.exe" --> c:\program files\Trend Micro\Internet Security\TmProxy.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2008-01-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2276417
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Shiv\AppData\Roaming\Mozilla\Firefox\Profiles\hf4x7526.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1458155&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

creating catchme.sys error: The process cannot access the file because it is being used by another process.
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 00:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Shiv\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3231582470-1713535078-685336403-1000\Software\FunWebProducts\Settings\MSNMessenger]
@DACL=(02 0000)
"SessionCount"=dword:00000106
"SessionTimestamp"=dword:00027c8e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
.
**************************************************************************
.
Completion time: 2009-07-28 0:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 23:15

Pre-Run: 677,302,272 bytes free
Post-Run: 443,166,720 bytes free

357 --- E O F --- 2009-07-26 17:48

Thanks again for all the help :)
  • 0

#9
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
- download USBNoRisk to your Desktop and run it by double-clicking the program's icon
- wait a couple of seconds for initial scan to be done
- connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
- if there are more USB storage devices to scan, please take a note about the order in which these were connected
- after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log to forum

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
  • 0

#10
pixxi

pixxi

    New Member

  • Member
  • Pip
  • 8 posts
Here's the UsbNoRisk log:

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 31/07/2009 03:42:20

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
E: {69f59deb-a293-11dc-a926-806e6f6e6963}
D: {69f59dec-a293-11dc-a926-806e6f6e6963}
F: {69f59ded-a293-11dc-a926-806e6f6e6963}
C: {69f59dee-a293-11dc-a926-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 69f59dee-a293-11dc-a926-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 69f59dec-a293-11dc-a926-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 69f59deb-a293-11dc-a926-806e6f6e6963
No Desktop.ini files found on E:
----------------------------------------

No blocked files found on F:
No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 69f59ded-a293-11dc-a926-806e6f6e6963
No Desktop.ini files found on F:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================

========================================
========================================

========================================


New device connected at 31/07/2009 03:44:31

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 31/07/2009 03:44:32

Scanning for connected USB mass storage...
----------------------------------------
H: {82468139-76ef-11de-ba36-9d7fea1e07ef}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for 82468139-76ef-11de-ba36-9d7fea1e07ef
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
========================================

Just to add, even though the log says no desktop.ini files found, there are two on my desktop.
Thanks again :)
  • 0

#11
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Pixxi,

Your logs seem good now, how is your computer running?
  • 0

#12
pixxi

pixxi

    New Member

  • Member
  • Pip
  • 8 posts
Everything's running brilliantly now, no problems. :)
Thank you very much for your help Thunderbird, it is greatly appreciated :)
  • 0

#13
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello pixxi,

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Please follow the link in my signature to read more about how to protect your computer.

Thunderbird1988
  • 0

#14
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: Help with removal of Trojan:Win32/Alureon.gen!I [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured