[crosby44]

Hi there, You previously helped when my computer was infected and I'm hoping you can do the same for my sister.

Her desktop is throwing up virus warning messages stating it is infected with both BankerFox A and Win32/Nuqel.E.

Unfortunately it is not allowing her to access the internet which is why I am posting for her. Anything she trys to access on the computer just states it is an infected file.

Any help you can give is greatly appreciated.

Brian

[Advertisements]

Hello User, Welcome to Geeks To Go , I'm ali.B & I will be assisting you

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

• Be advised that I am still in training, so there may be a delay between replies. Each reply must be approved by a resident expert before posting them to you.
• Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
• Please do not do anything or perform other steps unless I have asked you to do so.
• Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
• If you are unsure of how to reply, or need help with anything regarding the website, please look Here

I also recommend that you print these instructions as you may be required to boot in safe mode.

As you can't access the internet you will need to do the downloads on your computer and move them using a USB.

First Let's secure your USB.

• 1 - Flash Drive Disinfector
  Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Now Download OTL.com and save it to your USB.

Plug the USB into the infected machine and move OTL.com to the desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan bot paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Make sure you move BOTH logs to your USB and post back the results.

[ali.B]

Hello User, Welcome to Geeks To Go , I'm ali.B & I will be assisting you

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

• Be advised that I am still in training, so there may be a delay between replies. Each reply must be approved by a resident expert before posting them to you.
• Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
• Please do not do anything or perform other steps unless I have asked you to do so.
• Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
• If you are unsure of how to reply, or need help with anything regarding the website, please look Here

I also recommend that you print these instructions as you may be required to boot in safe mode.

As you can't access the internet you will need to do the downloads on your computer and move them using a USB.

First Let's secure your USB.

• 1 - Flash Drive Disinfector
  Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Now Download OTL.com and save it to your USB.

Plug the USB into the infected machine and move OTL.com to the desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan bot paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Make sure you move BOTH logs to your USB and post back the results.

[crosby44]

Thanks ali.B. I'll download this today and get it over to my sister tonight. I hope to post back tomorrow or Friday at the latest.

[crosby44]

Hi, here are the log files.

OTL Log

OTL logfile created on: 20/05/2010 10:57:47 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 183.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 21.36 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.96 Gb Total Space | 1.96 Gb Free Space | 99.97% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-94B5274B58
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/19 21:39:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.com
PRC - [2010/05/12 21:29:47 | 000,182,784 | ---- | M] () -- C:\WINDOWS\Ohuxyb.exe
PRC - [2010/05/12 21:27:27 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Temp\Opv.exe
PRC - [2010/03/18 11:57:48 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
PRC - [2009/12/04 21:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
PRC - [2009/11/25 12:46:50 | 000,056,544 | ---- | M] (AG Interactive) -- C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
PRC - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
PRC - [2009/05/19 13:04:29 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/15 09:57:18 | 000,067,456 | ---- | M] () -- C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
PRC - [2009/05/04 16:08:28 | 000,194,432 | ---- | M] () -- C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/09/11 07:55:40 | 001,517,056 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2008/08/28 20:33:03 | 001,516,032 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/06/14 11:41:54 | 000,781,288 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2008/03/20 22:08:42 | 000,028,672 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2008/03/20 22:08:41 | 000,024,677 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2008/03/20 22:08:41 | 000,016,384 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
PRC - [2008/02/22 05:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/03 23:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/25 02:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/06/18 15:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Documents and Settings\owner\My Documents\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2005/03/07 20:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2002/04/26 18:53:36 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


========== Modules (SafeList) ==========

MOD - [2010/05/19 21:39:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.com
MOD - [2008/08/29 00:53:18 | 000,457,728 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2008/03/20 22:08:42 | 000,040,960 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/08/04 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vdmdbg.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 11:57:48 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2009/12/04 21:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/06 19:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/25 03:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/25 02:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2009/02/06 19:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/07/26 16:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 16:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 16:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 16:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/17 02:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/11/17 02:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/07/24 13:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 08:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 10:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 10:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 10:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 10:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2004/08/04 00:07:44 | 000,044,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\uagp35.sys -- (uagp35)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/04/19 16:01:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)
DRV - [2001/08/15 16:20:44 | 000,057,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\UnifiedToolbar\3.2\Firefox [2010/05/10 11:37:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ã¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
O4 - HKLM..\Run: [KiweeHook] C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe (AG Interactive)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\owner\My Documents\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKLM..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
O4 - HKLM..\Run: [ylvulxed] C:\Documents and Settings\owner\Local Settings\Application Data\dhtglsjai\bcxpbdbtssd.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Documents and Settings\owner\Local Settings\Temp\Opv.exe ()
O4 - HKCU..\Run: [My Web Search Community Tools] C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe (MyWebSearch.com)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [ylvulxed] C:\Documents and Settings\owner\Local Settings\Application Data\dhtglsjai\bcxpbdbtssd.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://powersoccer.a...PowerLoader.cab (PowerLoader Class)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://webgames.d.tm...h2.1.0.0.48.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game06.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://webgames.d.tm...sh.1.0.0.58.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.49,93.188.161.197
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 16:52:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/19 21:38:34 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/12/28 16:51:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (13242934656761856)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 10:54:46 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.com
[2010/05/18 21:32:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/18 19:15:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/18 19:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/18 19:15:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/18 19:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/14 14:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\dhtglsjai
[2010/05/11 09:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0
[2010/05/11 09:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2010/05/11 08:53:15 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/05/10 11:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\UnifiedToolbar
[2010/05/10 11:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/09 21:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\GT-B7300 My Documents
[2010/05/03 16:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\ABBIES
[2010/05/01 13:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Tific
[2010/05/01 13:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Tific
[2010/05/01 13:44:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup
[2010/05/01 13:44:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200020.1FA
[2010/05/01 13:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/01 13:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/01 13:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/20 22:51:34 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/20 22:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Mobile Device Handbook
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 10:52:55 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\owner\NTUSER.DAT
[2010/05/20 10:51:34 | 000,031,678 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/20 10:50:56 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/20 10:49:25 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/20 10:48:59 | 000,012,288 | ---- | M] () -- C:\mtwb.dat
[2010/05/20 10:48:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/20 10:48:39 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/20 10:48:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 10:48:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/19 21:39:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.com
[2010/05/18 21:42:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010/05/18 19:43:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/14 19:11:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/12 21:29:47 | 000,182,784 | ---- | M] () -- C:\WINDOWS\Ohuxyb.exe
[2010/05/12 21:27:21 | 000,182,784 | ---- | M] () -- C:\WINDOWS\Ohuxya.exe
[2010/05/12 17:13:25 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Microsoft Office Word.lnk
[2010/05/11 08:59:34 | 000,000,101 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010/05/10 14:34:30 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/10 14:34:30 | 000,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/10 14:34:30 | 000,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/09 21:46:41 | 000,001,429 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\GT-B7300 My Documents.LNK
[2010/05/08 22:31:40 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/05/01 13:45:46 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 17:25:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/20 22:55:47 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\$_hpcst$.hpc
[2010/04/20 22:53:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/20 22:50:58 | 000,001,197 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Windows Mobile® Device Handbook.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 19:15:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/14 12:01:00 | 000,182,784 | ---- | C] () -- C:\WINDOWS\Ohuxyb.exe
[2010/05/12 21:28:01 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/12 21:27:55 | 000,182,784 | ---- | C] () -- C:\WINDOWS\Ohuxya.exe
[2010/05/12 21:27:38 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/11 08:59:34 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/05/09 21:46:40 | 000,001,429 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\GT-B7300 My Documents.LNK
[2010/05/01 13:44:50 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200020.1FA\isolate.ini
[2010/04/20 22:55:47 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\$_hpcst$.hpc
[2010/04/20 22:50:58 | 000,001,197 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Windows Mobile® Device Handbook.lnk
[2009/05/22 21:24:41 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/05/22 21:24:41 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/05/19 13:09:20 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/26 14:33:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/08/24 16:17:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2008/08/24 16:12:59 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/08/23 13:12:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Emirates Stadium.ini
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/01/10 18:17:41 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/01/10 17:57:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/07 20:40:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/30 14:27:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2006/12/30 14:26:54 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/12/30 14:26:53 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/12/30 14:26:13 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2006/12/30 14:25:04 | 000,003,450 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/12/30 14:17:08 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/12/28 10:38:44 | 000,044,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\UAGP35.SYS
[2004/04/19 16:01:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2003/08/18 15:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 16:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 16:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/03/22 02:49:00 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/03/22 02:49:00 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/12/28 10:33:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/12/28 10:33:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/12/28 10:33:34 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >



Extras Log

OTL Extras logfile created on: 20/05/2010 10:57:47 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 183.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 21.36 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.96 Gb Total Space | 1.96 Gb Free Space | 99.97% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-94B5274B58
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- (IncrediMail, Ltd.)
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- ()
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- ()
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{10deb052-db5d-32a6-9ff2-200e810d1a7b}" = Kiwee Toolbar for Firefox
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43}" = Kiwee Chatbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8aade841-03c5-486a-b048-bb112cc0cac5}" = Kiwee Toolbar for Internet Explorer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Alice Greenfingers" = Alice Greenfingers
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Badge 1600x1200" = Badge 1600x1200
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"BTHomeHub" = BTHomeHub
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DVD Shrink_is1" = DVD Shrink 3.2
"Emirates Stadium_is1" = Emirates Stadium
"Fairly OddParents Information Stupor Highway" = Fairly OddParents Information Stupor Highway
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IncrediMail" = IncrediMail Xe
"Lexmark X1100 Series" = Lexmark X1100 Series
"LimeWire" = LimeWire PRO 4.12.3
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly Junior" = Monopoly Junior
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWebSearch bar Uninstall" = My Web Search (Cursor Mania)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NortonPCCheckup" = Norton PC Checkup
"Puppy Luv: A New Breed" = Puppy Luv: A New Breed
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"SpongeBob SquarePants Diner Dash 2" = SpongeBob SquarePants Diner Dash 2
"SpongeBob SquarePants Obstacle Odyssey 2" = SpongeBob SquarePants Obstacle Odyssey 2
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"VLC media player" = VideoLAN VLC media player 0.8.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Companion" = Yahoo! ¤u¨ã¦C
"Yahoo! Internet Mail" = Yahoo! Mail

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/05/2010 05:55:34 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 20/05/2010 05:55:34 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 20/05/2010 05:55:35 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 20/05/2010 05:55:35 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 20/05/2010 05:55:42 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 20/05/2010 05:55:48 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 20/05/2010 05:55:53 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 20/05/2010 05:55:53 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 20/05/2010 05:55:53 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 20/05/2010 05:55:53 | Computer Name = HOME-94B5274B58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 18/05/2010 16:40:01 | Computer Name = HOME-94B5274B58 | Source = DCOM | ID = 10010
Description = The server {B1DBD568-80B2-43FA-AE07-76FB23AA4650} did not register
with DCOM within the required timeout.

Error - 18/05/2010 16:40:38 | Computer Name = HOME-94B5274B58 | Source = DCOM | ID = 10010
Description = The server {B1DBD568-80B2-43FA-AE07-76FB23AA4650} did not register
with DCOM within the required timeout.

Error - 18/05/2010 16:41:08 | Computer Name = HOME-94B5274B58 | Source = DCOM | ID = 10010
Description = The server {B1DBD568-80B2-43FA-AE07-76FB23AA4650} did not register
with DCOM within the required timeout.

Error - 18/05/2010 16:42:34 | Computer Name = HOME-94B5274B58 | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 20/05/2010 05:48:42 | Computer Name = HOME-94B5274B58 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 20/05/2010 05:48:42 | Computer Name = HOME-94B5274B58 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 20/05/2010 05:48:42 | Computer Name = HOME-94B5274B58 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Kiwee Toolbar\3.2\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 20/05/2010 05:48:43 | Computer Name = HOME-94B5274B58 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 20/05/2010 05:48:43 | Computer Name = HOME-94B5274B58 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 20/05/2010 05:48:43 | Computer Name = HOME-94B5274B58 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Kiwee Toolbar\3.2\MFC80U.DLL.
Reference
error message: The operation completed successfully. .


< End of report >

[ali.B]

hi

Click Start > Control Panel > Add/Remove Programs and uninstall the following:

Fast Browser Search
Search Guard Plus
Search Guard Plus Updater
My Web Search


Step 1

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
  O4 - HKLM..\Run: [Cmaudio] File not found
  O4 - HKLM..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
  O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
  O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
  O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
  O4 - HKLM..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe File not found
  O4 - HKLM..\Run: [ylvulxed] C:\Documents and Settings\owner\Local Settings\Application Data\dhtglsjai\bcxpbdbtssd.exe ()
  O4 - HKCU..\Run: [M5T8QL3YW3] C:\Documents and Settings\owner\Local Settings\Temp\Opv.exe ()
  O4 - HKCU..\Run: [My Web Search Community Tools] C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe (MyWebSearch.com)
  O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
  O4 - HKCU..\Run: [ylvulxed] C:\Documents and Settings\owner\Local Settings\Application Data\dhtglsjai\bcxpbdbtssd.exe ()
  O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.49,93.188.161.197
  [2010/05/12 21:29:47 | 000,182,784 | ---- | M] () -- C:\WINDOWS\Ohuxyb.exe
  [2010/05/12 21:27:21 | 000,182,784 | ---- | M] () -- C:\WINDOWS\Ohuxya.exe
  [2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
  [2006/12/30 14:17:08 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
  [2010/05/20 10:49:25 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
  [2010/05/20 10:48:39 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
  
  :Files
  C:\Program Files\MyWebSearch
  C:\Program Files\Search Guard Plus
  C:\Documents and Settings\owner\Local Settings\Application Data\dhtglsjai
  C:\Program Files\AdvancedCleaner Free
  C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys /replace
  
  
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 3

Things I would like to see in your reply:

• OTL log
• MBAM log

[crosby44]

Hi, please see the logs below.

Just one point, the program "Fast Browser Search" was not listed in the list of programs. The other three were removed okay.

OTL Log


OTL logfile created on: 21/05/2010 10:22:25 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

447.00 Mb Total Physical Memory | 190.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 22.01 Gb Free Space | 28.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.96 Gb Total Space | 1.95 Gb Free Space | 99.66% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-94B5274B58
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/19 21:39:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.com
PRC - [2010/03/18 11:57:48 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
PRC - [2009/12/04 21:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
PRC - [2009/11/25 12:46:50 | 000,056,544 | ---- | M] (AG Interactive) -- C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe
PRC - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
PRC - [2009/05/19 13:04:29 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/09/11 07:55:40 | 001,517,056 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2008/08/28 20:33:03 | 001,516,032 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/02/22 05:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee\msc\mcuimgr.exe
PRC - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
PRC - [2007/08/03 23:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
PRC - [2007/07/25 02:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
PRC - [2007/07/24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
PRC - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/06/18 15:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Documents and Settings\owner\My Documents\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~1\MI3AA1~1\rapimgr.exe
PRC - [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2005/03/07 20:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\VTTimer.exe
PRC - [2002/04/26 18:53:36 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\Winampa.exe


========== Modules (SafeList) ==========

MOD - [2010/05/19 21:39:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.com
MOD - [2008/08/29 00:53:18 | 000,457,728 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/08/04 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vdmdbg.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 11:57:48 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2009/12/04 21:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/06 19:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)
SRV - [2007/07/25 03:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -- (McODS)
SRV - [2007/07/25 02:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
SRV - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/12/28 16:47:49 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)


========== Driver Services (SafeList) ==========

DRV - [2009/02/06 19:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/07/26 16:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 16:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS)
DRV - [2008/07/26 16:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 16:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/17 02:34:22 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - [2007/11/17 02:34:22 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - [2007/07/24 13:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 08:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 10:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 10:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 10:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 10:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2004/08/04 00:07:44 | 000,044,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\uagp35.sys -- (uagp35)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/04/19 16:01:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\gflmouhid.sys -- (genmcmnUSB)
DRV - [2001/08/15 16:20:44 | 000,057,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\UnifiedToolbar\3.2\Firefox [2010/05/10 11:37:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ã¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [KiweeHook] C:\Program Files\Kiwee Toolbar\3.2\kwtbaim.exe (AG Interactive)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\owner\My Documents\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://powersoccer.a...PowerLoader.cab (PowerLoader Class)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://webgames.d.tm...h2.1.0.0.48.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game06.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://webgames.d.tm...sh.1.0.0.58.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/28 16:52:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/19 21:38:34 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/21 10:04:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/20 10:54:46 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.com
[2010/05/18 21:32:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/18 19:15:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/18 19:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/18 19:15:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/18 19:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/11 09:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0
[2010/05/11 09:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2010/05/10 11:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\UnifiedToolbar
[2010/05/10 11:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/09 21:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\GT-B7300 My Documents
[2010/05/03 16:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\ABBIES
[2010/05/01 13:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Tific
[2010/05/01 13:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Tific
[2010/05/01 13:44:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup
[2010/05/01 13:44:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200020.1FA
[2010/05/01 13:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/01 13:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/01 13:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/20 22:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Mobile Device Handbook

========== Files - Modified Within 90 Days ==========

[2010/05/21 10:16:47 | 000,032,026 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/21 10:16:45 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/21 10:16:32 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/21 10:15:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/21 10:15:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/21 10:14:43 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\owner\NTUSER.DAT
[2010/05/21 10:14:30 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010/05/19 21:39:48 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.com
[2010/05/18 19:43:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/14 19:11:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/12 17:13:25 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Microsoft Office Word.lnk
[2010/05/11 08:59:34 | 000,000,101 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010/05/10 14:34:30 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/10 14:34:30 | 000,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/10 14:34:30 | 000,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/09 21:46:41 | 000,001,429 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\GT-B7300 My Documents.LNK
[2010/05/08 22:31:40 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/05/01 13:45:46 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 17:25:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/20 22:55:47 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\$_hpcst$.hpc
[2010/04/20 22:53:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/20 22:50:58 | 000,001,197 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Windows Mobile® Device Handbook.lnk
[2010/04/19 14:17:34 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 14:13:25 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/04/15 18:39:22 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/14 20:44:07 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

========== Files Created - No Company Name ==========

[2010/05/18 19:15:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/11 08:59:34 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/05/09 21:46:40 | 000,001,429 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\GT-B7300 My Documents.LNK
[2010/05/01 13:44:50 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200020.1FA\isolate.ini
[2010/04/20 22:55:47 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\$_hpcst$.hpc
[2010/04/20 22:50:58 | 000,001,197 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Windows Mobile® Device Handbook.lnk
[2010/04/17 14:13:24 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2009/05/22 21:24:41 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/05/22 21:24:41 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/05/19 13:09:20 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/26 14:33:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/08/24 16:17:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2008/08/24 16:12:59 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/08/23 13:12:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Emirates Stadium.ini
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/01/10 18:17:41 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/01/10 17:57:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/07 20:40:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/30 14:27:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2006/12/30 14:26:54 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/12/30 14:26:53 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/12/30 14:26:13 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2006/12/30 14:25:04 | 000,003,450 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/12/28 10:38:44 | 000,044,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\UAGP35.SYS
[2004/04/19 16:01:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2003/08/18 15:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 16:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

========== LOP Check ==========

[2010/05/10 11:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2008/03/19 17:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/03/19 17:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/09/14 14:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/22 21:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
[2008/09/14 14:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/09/30 14:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/05/27 15:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/02/20 18:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/05/10 17:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\agi
[2008/06/14 15:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\FunWebProducts
[2009/05/19 13:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Leadertech
[2008/04/14 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\LimeWire
[2009/08/12 15:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Nokia
[2010/01/16 00:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Nokia Multimedia Player
[2008/09/14 14:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PC Suite
[2007/09/30 14:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PlayFirst
[2009/08/18 14:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PowerChallenge
[2007/09/30 14:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\SBTT
[2010/05/01 13:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Tific
[2008/03/15 02:36:30 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2008/01/01 02:00:18 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========


< End of report >





MBAM Log


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4122

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

21/05/2010 10:49:55
mbam-log-2010-05-21 (10-49-55).txt

Scan type: Quick scan
Objects scanned: 121623
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 7
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a1091f23-8ff1-408e-9192-abb3ab2aebb1}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.49,93.188.161.197 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\owner\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\FunWebProducts\Data\owner (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Downloads\CakeManiaSetup-dm[1].exe (Adware.TryMedia) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\b000058b8.dll (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\b000064be.dll (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\FunWebProducts\Data\owner\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\FunWebProducts\Data\owner\register.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\FunWebProducts\Data\owner\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\024A531F.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[ali.B]

hi

Update me on the computer status, how it running & what are the current problems.

[crosby44]

There are no error messages coming up and it appears to be running fine.

[ali.B]

hi

Please download JavaRa to your desktop and unzip it to it's own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Next

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

[crosby44]

hi i have downloaded the javara.exe then follwed your instructions went to kaspersky online scanner downloaded it but it went through all the process and at the very end a message came up and said download failed plaese close and try again which i did and it happened again,, any suggestions on what else to do

[ali.B]

try this one instead

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

[crosby44]

hi

here is the eset log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e941c4a20c780646878319c2cd89a458
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-26 05:53:05
# local_time=2010-05-26 06:53:06 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776537 100 96 71356465 89606646 0 0
# compatibility_mode=8192 67108863 100 0 249 249 0 0
# scanned=64074
# found=8
# cleaned=8
# scan_time=11246
C:\Documents and Settings\owner\Local Settings\Temp\jar_cache45614.tmp Java/TrojanDownloader.Agent.NAX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\JSJJIT3W\eurostargroup_ws[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\UAGP35.SYS Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05212010_100452\C_Documents and Settings\owner\Local Settings\Application Data\dhtglsjai\bcxpbdbtssd.exe a variant of Win32/Kryptik.EJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05212010_100452\C_Documents and Settings\owner\Local Settings\Temp\Opv.exe a variant of Win32/Kryptik.EIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05212010_100452\C_WINDOWS\Ohuxya.exe a variant of Win32/Kryptik.EIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05212010_100452\C_WINDOWS\Ohuxyb.exe a variant of Win32/Kryptik.EIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[crosby44]

hi

here is the eset log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e941c4a20c780646878319c2cd89a458
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-26 05:53:05
# local_time=2010-05-26 06:53:06 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776537 100 96 71356465 89606646 0 0
# compatibility_mode=8192 67108863 100 0 249 249 0 0
# scanned=64074
# found=8
# cleaned=8
# scan_time=11246
C:\Documents and Settings\owner\Local Settings\Temp\jar_cache45614.tmp Java/TrojanDownloader.Agent.NAX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\JSJJIT3W\eurostargroup_ws[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\UAGP35.SYS Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05212010_100452\C_Documents and Settings\owner\Local Settings\Application Data\dhtglsjai\bcxpbdbtssd.exe a variant of Win32/Kryptik.EJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05212010_100452\C_Documents and Settings\owner\Local Settings\Temp\Opv.exe a variant of Win32/Kryptik.EIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05212010_100452\C_WINDOWS\Ohuxya.exe a variant of Win32/Kryptik.EIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05212010_100452\C_WINDOWS\Ohuxyb.exe a variant of Win32/Kryptik.EIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[ali.B]

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[crosby44]

hi

ok will do otl scan, also i wasnt sure what to do when eset scan finished it asked if i wanted to uninstall application and delete quarantine files what should i do with that