Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect and other problems

Started by skinnypig , Jul 30 2010 11:43 AM

This topic is locked

#16
skinnypig

Posted 07 August 2010 - 09:32 AM

Member

Topic Starter
Member
44 posts

Hi,
Here's those logs,
I had some problems with the Eset scan; Internet Explorer was very unstable opening and closing windows by itself; so I did the scan in safe mode, Is this ok?

Mbam log:
------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4392

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

01/01/2002 00:28:55
mbam-log-2002-01-01 (00-28-55).txt

Scan type: Quick scan
Objects scanned: 144652
Time elapsed: 49 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 48

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\admin\Start Menu\Programs\Startup\2stez03.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\3ytz86g.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\3yy3alw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\5njefk8.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\5q1ghm8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\60rmns8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\75s0jk6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\91qbcxd.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\9tu0k3w.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\bxnnjzfaa6.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\bxnnjzzfa3w.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\dd66u81gr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\dzppll66.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\fgbhcyyo1kl.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\g81sdzuka.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\gbsdytzk.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\hdd2jkf03w.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\hhdttp2lgg6.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\hid081kv.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\inyjkfvw.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\it1f5wc8.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\izppfq81.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\j0fk86mmdot.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\jepql03sty.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\jpzvqrc81i.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\k1abg81sde.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\kq6g87087.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\lq86c3y0zv.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\mxn60pklq8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\n7ojkfvwrh.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\njj2pfgb.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\oeu15mmc.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\oj081q86.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\rsndezpqlmh.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\s6tupv60.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\sdotk97w5.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\t703a0bxx6.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\tt20kvwmx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\u5b0w6ntez.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\ua6rhmdo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\vgq3cs1oo.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\vwrhidtupfg.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\w0nyjup0.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\wcsty81k.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\xs1j70qqlm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\yze86q81cn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\zkv60ccni8.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Programs\Startup\zz2fgb081.exe (Worm.Autorun) -> Quarantined and deleted successfully.

#17
skinnypig

Posted 07 August 2010 - 09:33 AM

Member

Topic Starter
Member
44 posts

KASPERSKY log:
-----------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 6, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 05, 2010 09:02:18
Records in database: 4146966
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 228379
Threats found: 30
Infected objects found: 141
Suspicious objects found: 0
Scan duration: 09:59:51

File name / Threat / Threats count
C:\WINDOWS\system32\HDAShCut.exe/C:\WINDOWS\system32\HDAShCut.exe Infected: Trojan.Win32.Powp.gen 1
C:\Documents and Settings\All Users\Application Data\8kY6m125.exe Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Documents and Settings\admin\8tw3W.com.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Documents and Settings\admin\Application Data\ogix.exe.vir Infected: Trojan.Win32.Buzus.evrv 1
C:\Qoobox\Quarantine\C\Documents and Settings\admin\ddenwg.exe.vir Infected: Packed.Win32.Katusha.o 1
C:\Qoobox\Quarantine\C\Documents and Settings\admin\Local Settings\Application Data\8tw3W.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Documents and Settings\admin\secupdat.dat.vir Infected: Backdoor.Win32.Cetorp.p 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\8kY6m125.exe.vir Infected: Trojan-Downloader.Win32.Agent.edoe 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\8tw3W.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\8tw3W.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\Common Files\Java\Java Update\jusched.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\CyberLink\PowerStarter\PowerBar.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\McAfee.com\VSO\oasclnt.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\MultiScreen\MultiScreen.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\PROGRA~1\McAfee.com\Agent\mcagent.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\PROGRA~1\McAfee.com\Agent\McUpdate .exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\PROGRA~1\McAfee.com\Agent\McUpdate.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\8tw3W.com.vir Infected: Trojan.Win32.Powp.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\8tw3W.com.vir Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP635\A0184949.exe Infected: Packed.Win32.Krap.hm 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0187234.exe Infected: Trojan-Downloader.Win32.FraudLoad.xepo 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0187274.exe Infected: Trojan.Win32.Jorik.SpyEyes.bb 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192366.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192380.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192381.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192391.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192403.com Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192418.com Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192421.com Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192422.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192430.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192431.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192432.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192433.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192434.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192435.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192462.com Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192463.exe Infected: Trojan.Win32.Buzus.evrv 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192464.exe Infected: Packed.Win32.Katusha.o 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192465.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192466.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192467.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192471.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192472.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192473.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192474.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192475.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192476.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192477.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192478.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192479.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192480.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192481.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192482.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192483.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192484.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192485.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192486.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192487.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192488.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192489.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192490.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192492.com Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192494.com Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192610.exe Infected: Trojan-Downloader.Win32.Agent.edoe 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192997.exe Infected: Trojan-Downloader.Win32.Agent.edoe 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193047.exe Infected: Trojan-Downloader.Win32.Agent.edoe 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193082.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193083.exe Infected: Trojan-Downloader.Win32.Agent.edoe 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193084.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193085.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193086.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193087.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193088.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193089.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193090.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194083.exe Infected: Trojan.Win32.Refroso.bony 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194084.exe Infected: Trojan-Downloader.Win32.Pher.fvf 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194085.exe Infected: Trojan.Win32.Refroso.bpcj 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194086.exe Infected: Trojan-Downloader.Win32.Pher.fvf 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194087.exe Infected: Trojan.Win32.Refroso.bonx 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194088.exe Infected: Trojan.Win32.Refroso.bonw 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194089.exe Infected: Trojan.Win32.Refroso.bony 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194090.exe Infected: Trojan-Downloader.Win32.Pher.fvg 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194091.exe Infected: Trojan.Win32.Refroso.bpbx 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194092.exe Infected: Trojan-Downloader.Win32.Pher.fvl 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194093.exe Infected: Trojan-Downloader.Win32.Pher.fud 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194094.exe Infected: Trojan.Win32.Refroso.booi 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194095.exe Infected: Trojan-Downloader.Win32.Pher.fvi 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194096.exe Infected: Trojan-Downloader.Win32.Pher.fvf 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194097.exe Infected: Trojan-Downloader.Win32.Pher.fvl 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194098.exe Infected: Trojan-Downloader.Win32.Pher.fvi 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194099.exe Infected: Trojan.Win32.Refroso.bpbm 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194100.exe Infected: Trojan-Downloader.Win32.Pher.fvf 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194101.exe Infected: Trojan-Downloader.Win32.Pher.fvl 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194102.exe Infected: Trojan-Downloader.Win32.Pher.fup 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194103.exe Infected: Trojan-Downloader.Win32.Pher.fvh 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194104.exe Infected: Trojan-Downloader.Win32.Pher.fud 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194105.exe Infected: Trojan.Win32.Refroso.bonw 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194106.exe Infected: Trojan-Downloader.Win32.Pher.fvj 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194107.exe Infected: Trojan.Win32.Refroso.bonw 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194108.exe Infected: Trojan.Win32.Refroso.bonx 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194109.exe Infected: Trojan-Downloader.Win32.Pher.fum 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194110.exe Infected: Trojan-Downloader.Win32.Pher.fvk 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194111.exe Infected: Trojan.Win32.Refroso.bonx 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194112.exe Infected: Trojan-Downloader.Win32.Pher.fvl 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194113.exe Infected: Trojan-Downloader.Win32.Pher.fud 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194114.exe Infected: Trojan-Downloader.Win32.Pher.fvk 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194115.exe Infected: Trojan-Downloader.Win32.Pher.fvm 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194116.exe Infected: Trojan-Downloader.Win32.Pher.fvf 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194117.exe Infected: Trojan-Downloader.Win32.Pher.fvl 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194118.exe Infected: Trojan.Win32.Refroso.bpbz 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194119.exe Infected: Trojan.Win32.Refroso.bpcj 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194120.exe Infected: Trojan.Win32.Refroso.bonw 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194121.exe Infected: Trojan.Win32.Refroso.bpbk 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194122.exe Infected: Trojan.Win32.Refroso.bpbj 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194123.exe Infected: Trojan-Downloader.Win32.Pher.fvg 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194124.exe Infected: Trojan-Downloader.Win32.Pher.fvf 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194125.exe Infected: Trojan.Win32.Refroso.bpcj 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194126.exe Infected: Trojan.Win32.Refroso.bpbx 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194127.exe Infected: Trojan.Win32.Refroso.bpbn 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194128.exe Infected: Trojan.Win32.Refroso.bonx 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194129.exe Infected: Trojan-Downloader.Win32.Pher.fvf 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194130.exe Infected: Trojan-Downloader.Win32.Pher.fvj 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194146.exe Infected: Trojan.Win32.Powp.gen 1
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP638\A0194169.exe Infected: Trojan.Win32.Powp.gen 1
C:\WINDOWS\system32\HDAShCut.exe Infected: Trojan.Win32.Powp.gen 1
C:\_OTM\MovedFiles\08032010_151447\c_windows\system32\8tw3W.com Infected: Trojan.Win32.Powp.gen 1

Selected area has been scanned.

#18
skinnypig

Posted 07 August 2010 - 09:34 AM

Member

Topic Starter
Member
44 posts

Eset log:
-----------------------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=de7c336996f8874cb973a5d70f2c1b90
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2002-01-01 02:30:16
# local_time=2002-01-01 02:30:16 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=232605
# found=82
# cleaned=82
# scan_time=11711
C:\Documents and Settings\All Users\Application Data\8kY6m125.exe a variant of Win32/Kryptik.EKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\8kY6m125.exe_ a variant of Win32/Kryptik.EKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP635\A0184949.exe Win32/Inject.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0187234.exe a variant of Win32/Kryptik.FSL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0187274.exe Win32/Spy.SpyEye.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192366.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192380.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192381.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192391.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192403.com a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192418.com a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192421.com a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192422.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192430.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192431.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192432.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192433.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192434.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192435.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192462.com a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192463.exe Win32/Inject.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192464.exe Win32/Tofsee.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192465.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192466.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192467.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192471.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192472.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192473.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192474.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192475.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192476.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192477.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192478.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192479.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192480.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192481.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192482.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192483.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192484.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192485.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192486.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192487.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192488.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192489.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192490.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192492.com a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636\A0192494.com a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193082.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193084.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193085.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193086.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193087.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193088.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193089.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0193090.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194083.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194085.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194087.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194088.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194089.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194091.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194094.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194099.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194105.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194107.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194108.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194111.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194118.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194119.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194120.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194121.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194122.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194125.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194126.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194127.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194128.exe a variant of Win32/Injector.CJQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637\A0194146.exe a variant of Win32/Kryptik.EKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP638\A0194169.exe a variant of Win32/Kryptik.EKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP638\A0194181.exe a variant of Win32/Kryptik.EKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP638\A0194192.exe a variant of Win32/Kryptik.EKI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\HDAShCut.exe a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTM\MovedFiles\08032010_151447\c_windows\system32\8tw3W.com a variant of Win32/Kryptik.FFW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#19
Rorschach112

Posted 07 August 2010 - 03:26 PM

Ralphie

Retired Staff
47,710 posts

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\WINDOWS\system32\HDAShCut.exe
C:\Documents and Settings\All Users\Application Data\*.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

download a new copy of combofix, run that, post its log

#20
skinnypig

Posted 07 August 2010 - 05:38 PM

Member

Topic Starter
Member
44 posts

hi, here's the logs:

OTM log:
-------------------------------
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\admin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\admin\Desktop\cmd.txt deleted successfully.
File/Folder C:\WINDOWS\system32\HDAShCut.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\*.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: admin
->Temp folder emptied: 152214759 bytes
->Temporary Internet Files folder emptied: 192599922 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 91580147 bytes
->Flash cache emptied: 867 bytes

User: All Users

User: Andy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 84731368 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 413328 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 498.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.15.0 log created on 01012002_103134

Files moved on Reboot...

Registry entries deleted on Reboot...

#21
skinnypig

Posted 07 August 2010 - 05:38 PM

Member

Topic Starter
Member
44 posts

and the Combofix log:
-----------------------------------------------
ComboFix 10-08-07.01 - admin 01/01/2002 11:04:43.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1742 [GMT 0:00]
Running from: c:\documents and settings\admin\Desktop\svchost.com.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\USB_driver.exe
c:\windows\system\winspool.drv

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
((((((((((((((((((((((((( Files Created from 2001-12-01 to 2002-01-01 )))))))))))))))))))))))))))))))
.

2010-08-03 17:05 . 2010-08-03 17:21 -------- d-----w- C:\svchost.com6578s
2010-08-03 14:14 . 2010-08-03 14:14 -------- d-----w- C:\_OTM
2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com19763s
2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com
2010-07-30 08:30 . 2010-07-30 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 09:14 . 2010-07-29 09:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-14 16:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 13:16 . 2010-07-08 16:58 -------- d-----w- c:\program files\Multimedia Fusion 2
2010-06-14 20:34 . 2010-06-14 20:34 -------- d-----w- c:\documents and settings\admin\Application Data\Facebook
2010-06-12 15:05 . 2010-06-12 15:07 -------- d-----w- C:\f859e356c3222e907d
2010-05-21 20:15 . 2010-05-21 20:15 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Yahoo!
2010-05-19 20:12 . 2010-05-19 20:12 -------- d-----w- C:\Medion
2010-05-18 06:25 . 2010-05-18 06:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-05-17 21:21 . 2010-05-17 21:21 -------- d-----w- c:\documents and settings\admin\Application Data\Ulead Systems
2010-05-17 21:10 . 2010-05-17 21:10 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-05-17 21:09 . 2010-05-17 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-05-15 21:00 . 2010-05-15 21:00 -------- d-----w- c:\program files\MSECache
2010-04-20 05:30 . 2010-04-20 05:30 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-04-07 14:36 . 2010-04-07 14:36 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 11:50 . 2010-04-07 11:50 -------- d-----w- c:\documents and settings\admin\Application Data\Thinstall
2010-04-07 11:50 . 2010-04-07 11:50 -------- d-----w- c:\documents and settings\admin\Application Data\Syntrillium
2010-04-07 11:09 . 2010-04-07 11:09 -------- d-----w- c:\documents and settings\admin\Application Data\FMZilla
2010-04-07 11:05 . 2010-04-07 11:23 -------- d-----w- c:\program files\Free Music Zilla
2010-03-30 23:16 . 2010-03-30 23:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 23:10 . 2010-03-30 23:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-18 20:41 . 2009-04-06 09:13 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-03-18 20:41 . 2009-04-06 09:13 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-03-18 20:40 . 2010-03-18 20:40 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2010-03-17 07:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-10 18:49 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 13:45 . 2010-03-06 13:50 -------- d-----w- c:\program files\USB Driver Vers. 3.2
2010-03-05 14:37 . 2010-03-05 14:37 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
2010-02-03 21:06 . 2010-08-01 09:17 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2010-02-02 21:49 . 2010-02-03 00:58 -------- d-----w- c:\program files\fragMOTION 1.0.0
2010-01-30 17:31 . 2010-01-30 17:31 -------- d--h--w- c:\windows\PIF
2010-01-30 16:44 . 2010-01-30 16:44 -------- d-----w- c:\documents and settings\admin\Application Data\Ipswitch
2010-01-30 16:44 . 2010-01-30 16:44 -------- d-----w- c:\program files\Ipswitch
2010-01-13 18:31 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 14:01 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2009-12-24 06:59 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2009-12-16 18:43 . 2009-12-16 18:43 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08 . 2009-12-14 07:08 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 09:23 . 2009-12-08 09:23 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-07 16:12 . 2009-12-07 22:23 -------- d-----w- c:\program files\VCG
2009-11-27 16:07 . 2009-11-27 16:07 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-11-26 13:30 . 2010-03-09 03:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-26 13:16 . 2009-11-26 13:17 -------- d-----w- c:\program files\Multimedia Fusion Developer 2
2009-11-13 23:18 . 2009-11-13 23:18 -------- d-----w- c:\program files\Adobe Media Player
2009-11-08 21:09 . 2009-11-08 21:09 -------- d-----w- c:\documents and settings\admin\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-11-08 21:09 . 2009-11-08 21:09 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-11-07 00:07 . 2009-11-07 00:07 49488 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-07 00:07 . 2009-11-07 00:07 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-11-07 00:06 . 2009-11-07 00:06 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-11-04 21:19 . 2009-11-04 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-23 13:58 . 2009-10-23 13:58 -------- d-----w- c:\documents and settings\admin\Application Data\Quark
2009-10-23 13:53 . 2009-11-05 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Quark
2009-10-23 13:53 . 2009-10-23 13:53 -------- d-----w- c:\program files\Quark
2009-10-20 16:20 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-18 15:42 . 2009-10-18 15:47 -------- d-----w- C:\downloads
2009-10-18 15:42 . 2009-10-18 15:42 -------- d-----w- c:\documents and settings\admin\Application Data\GrabPro
2009-10-18 15:41 . 2009-10-18 15:56 -------- d-----w- c:\documents and settings\admin\Application Data\Orbit
2009-10-18 09:50 . 2010-05-13 09:51 -------- d-----w- c:\documents and settings\admin\Application Data\dvdcss
2009-10-18 09:47 . 2009-10-18 09:47 -------- d-----w- c:\program files\VideoLAN
2009-10-17 23:53 . 2010-08-01 16:03 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent
2009-10-13 10:30 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-10-03 14:28 . 2009-10-03 14:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\assembly
2009-09-25 16:41 . 2009-09-25 16:41 856064 -c--a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 -c--a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 -c--a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 -c--a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 -c--a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-04 21:03 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-08-21 09:39 . 2009-08-21 09:40 -------- d-----w- C:\cc65f45b5bc6b3d1745c71eaa1
2009-07-21 00:05 . 2009-07-21 00:05 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-19 17:38 . 2010-03-06 13:47 -------- d-----w- c:\program files\REGSHAVE
2009-07-19 17:29 . 2009-07-19 17:29 -------- d-----w- c:\documents and settings\admin\Application Data\FUJIFILM
2009-07-19 17:24 . 2009-07-19 17:45 -------- d-----w- c:\program files\FinePixViewer
2009-07-19 17:23 . 2001-11-24 21:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2009-07-19 17:23 . 2001-07-25 14:04 73728 -c----w- c:\windows\system32\Fregshave.dll
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:22 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-07-15 17:55 . 2009-07-15 17:55 -------- d-----w- c:\program files\SEC
2009-07-15 17:54 . 2010-08-03 17:18 -------- d-----w- c:\program files\MultiScreen
2009-07-15 17:52 . 2006-08-28 16:12 13312 ----a-w- c:\windows\system32\drivers\MTictwl.sys
2009-07-15 17:52 . 2009-07-15 17:52 -------- d-----w- c:\program files\MagicTune Premium
2009-06-30 22:15 . 2010-07-18 11:36 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Temp
2009-06-29 16:12 . 2010-05-04 17:20 17408 -c----w- c:\windows\system32\dllcache\corpol.dll
2009-06-27 13:24 . 2008-03-21 12:57 14640 -c----w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-27 13:12 . 2008-03-27 15:49 1112288 -c--a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-06-27 13:12 . 2006-11-02 06:07 581192 -c--a-w- c:\windows\system32\WinUSBCoInstaller.dll
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-----w- c:\program files\CASIO
2009-06-25 08:25 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 08:25 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-06-24 20:22 . 2009-06-24 20:22 -------- d-----w- c:\documents and settings\admin\Application Data\Sony Corporation
2009-06-24 20:12 . 2009-06-24 20:12 -------- d-----w- c:\windows\Logs
2009-06-24 20:11 . 2006-06-12 02:30 89264 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2009-06-24 20:11 . 2006-03-17 04:20 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2009-06-24 20:11 . 2006-06-13 04:20 94263 -c--a-w- c:\windows\DLA.EXE
2009-06-24 20:11 . 2006-06-13 04:20 61500 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2009-06-24 20:11 . 2006-03-17 07:35 5660 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2009-06-24 20:11 . 2006-03-17 07:34 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2009-06-24 20:11 . 2009-06-24 20:11 -------- d-----w- c:\windows\system32\DLA
2009-06-24 20:11 . 2009-06-24 20:11 -------- d-----w- c:\program files\Sonic
2009-06-24 20:06 . 2009-06-24 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-06-24 11:18 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 14:36 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-06-10 14:13 . 2009-11-27 16:07 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 06:14 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-06-09 16:57 . 2009-11-08 21:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-07 18:41 . 2009-06-08 21:07 -------- d-----w- c:\documents and settings\admin\Application Data\Nero
2009-06-07 18:21 . 2009-06-07 18:21 -------- d-----w- c:\program files\Windows Sidebar
2009-06-07 18:01 . 2009-06-07 18:01 -------- d-----w- c:\program files\Common Files\Nero
2009-06-05 19:56 . 2009-03-19 15:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-05 19:56 . 2008-04-17 11:12 107368 -c--a-w- c:\windows\system32\GEARAspi.dll
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\program files\iPod
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\program files\iTunes
2009-06-05 19:56 . 2009-06-05 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-05 19:55 . 2009-06-05 19:55 -------- d-----w- c:\program files\Bonjour
2009-06-05 19:54 . 2010-08-01 16:43 -------- d-----w- c:\program files\QuickTime
2009-06-05 19:52 . 2009-05-29 12:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 19:52 . 2009-05-29 12:36 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 22:44 . 2010-08-03 16:41 112 ----a-w- c:\documents and settings\All Users\Application Data\18dydK371.dat
2010-08-06 16:53 . 2010-08-06 16:53 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5884797f-n\decora-sse.dll
2010-08-06 16:53 . 2010-08-06 16:53 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-68f91545-n\msvcp71.dll
2010-08-06 16:53 . 2010-08-06 16:53 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-68f91545-n\jmc.dll
2010-08-06 16:53 . 2010-08-06 16:53 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5884797f-n\decora-d3d.dll
2010-08-06 16:53 . 2010-08-06 16:53 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-68f91545-n\msvcr71.dll
2010-07-31 09:05 . 2004-08-03 22:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-07-30 23:27 . 2005-09-09 22:03 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-06-14 20:34 . 2010-06-14 20:34 50354 ----a-w- c:\documents and settings\admin\Application Data\Facebook\uninstall.exe
2010-06-14 14:31 . 2005-11-25 08:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 15:51 . 2010-06-11 15:51 3055600 ----a-w- c:\documents and settings\admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 15:36 . 2010-06-11 15:36 275952 ----a-w- c:\documents and settings\admin\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\admin\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-03 20:35 . 2010-06-03 20:35 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76ab9d14-n\msvcp71.dll
2010-06-03 20:35 . 2010-06-03 20:35 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76ab9d14-n\jmc.dll
2010-06-03 20:35 . 2010-06-03 20:35 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76ab9d14-n\msvcr71.dll
2010-06-03 20:35 . 2010-06-03 20:35 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-132b1593-n\decora-sse.dll
2010-06-03 20:35 . 2010-06-03 20:35 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-132b1593-n\decora-d3d.dll
2010-05-21 18:25 . 2010-07-29 09:15 212144 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-05-04 17:20 . 2005-09-09 22:03 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2005-09-09 22:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2005-09-09 22:03 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2005-09-09 22:03 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 15:39 . 2001-12-31 23:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 15:39 . 2001-12-31 23:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2005-09-09 22:03 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-07 14:36 . 2010-04-07 14:36 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-42bc0c82-n\msvcp71.dll
2010-04-07 14:36 . 2010-04-07 14:36 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-42bc0c82-n\jmc.dll
2010-04-07 14:36 . 2010-04-07 14:36 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-42bc0c82-n\msvcr71.dll
2010-04-07 14:36 . 2010-04-07 14:36 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6cd0c582-n\decora-sse.dll
2010-04-07 14:36 . 2010-04-07 14:36 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6cd0c582-n\decora-d3d.dll
2010-04-07 11:50 . 2010-04-07 11:50 7680 ----a-w- c:\documents and settings\admin\Application Data\Thinstall\Cool Edit Pro 2.1\4000007300002i\CoolTips.exe
2010-03-18 20:48 . 2010-03-18 20:48 81016 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\59\1\.cp\lib\S1SLEngineWrapper.dll
2010-03-18 20:48 . 2010-03-18 20:48 1772664 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\37\1\.cp\lib\BHQ.dll
2010-03-18 20:48 . 2010-03-18 20:48 105592 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\47\1\.cp\lib\MemStickFlash.dll
2010-03-18 20:48 . 2010-03-18 20:48 105592 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\37\1\.cp\lib\BHQFlash.dll
2010-03-18 20:46 . 2010-03-18 20:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-03-18 20:45 . 2010-03-18 20:45 101496 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\66\1\.cp\lib\USBFlash.dll
2010-03-18 20:43 . 2010-03-18 20:43 105592 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\68\1\.cp\lib\WinMobileWrapper.dll
2010-03-18 20:43 . 2010-03-18 20:43 323648 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\DIFxAPI.dll
2010-03-18 20:43 . 2010-03-18 20:43 154744 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\DriverTools.dll
2010-03-18 20:43 . 2010-03-18 20:43 109688 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\53\1\.cp\lib\osds.dll
2010-03-18 20:42 . 2010-03-18 20:42 93304 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\55\1\.cp\lib\OsTools.dll
2010-03-18 20:42 . 2010-03-18 20:42 216184 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\57\1\.cp\lib\RegistryReader.dll
2010-03-18 20:42 . 2010-03-18 20:42 57344 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\4\1\.cp\lib\serialio.dll
2010-03-09 11:09 . 2005-09-09 22:03 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 14:37 . 2005-09-09 22:03 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-24 13:11 . 2005-09-09 22:03 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-09-09 22:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-09-09 22:03 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 18:27 . 2005-09-09 22:03 1291776 ----a-w- c:\windows\system32\quartz.dll
2010-01-29 15:01 . 2005-11-25 08:59 691712 ----a-w- c:\windows\system32\inetcomm.dll
2010-01-27 21:04 . 2009-01-25 16:11 -------- d-----w- c:\program files\Avanquest update
2010-01-13 14:01 . 2005-09-09 22:03 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-31 16:50 . 2005-09-09 22:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 06:59 . 2005-09-09 22:03 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-16 18:43 . 2005-11-25 08:58 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2005-09-09 22:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2005-09-09 22:03 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2005-09-09 22:03 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2005-09-09 22:03 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-26 13:29 . 2009-11-26 13:29 152576 -c--a-w- c:\documents and settings\admin\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-26 13:27 . 2009-11-26 13:27 79488 -c--a-w- c:\documents and settings\admin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2005-09-09 22:03 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-21 05:38 . 2005-09-09 22:03 75776 -c--a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-09-09 22:03 25088 -c--a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28 . 2005-09-09 22:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-15 16:28 . 2005-09-09 22:03 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:30 . 2005-09-09 22:03 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-09-09 22:03 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-09-09 22:03 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18 . 2005-09-09 22:03 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-09-09 22:03 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2005-09-09 22:03 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:17 . 2005-09-09 22:03 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-06 19:24 . 2005-11-25 08:59 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 19:24 . 2005-11-25 08:59 209632 -c--a-w- c:\windows\system32\wuweb.dll
2009-08-06 19:24 . 2005-11-25 08:59 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 19:24 . 2005-05-26 04:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 19:24 . 2005-11-25 08:59 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 19:24 . 2005-09-09 22:03 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 19:23 . 2005-11-25 08:59 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 19:23 . 2005-11-25 08:59 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-09-09 22:03 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 10:05 . 2008-08-27 09:01 1372672 ------w- c:\windows\system32\msxml6.dll
2009-07-31 04:35 . 2005-09-09 22:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 19:01 . 2005-09-09 22:03 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2005-09-09 22:03 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-13 09:08 . 2005-09-09 22:03 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-27 13:25 . 2009-06-27 13:25 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-06-27 13:24 . 2009-06-27 13:24 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-25 08:25 . 2005-09-09 22:03 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-09-09 22:03 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-09-09 22:03 147456 ----a-w- c:\windows\system32\schannel.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-12-10 17:40 . 2007-12-10 17:40 6275816 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

<pre>
c:\program files\McAfee\SpamKiller\MSKAGE~1 .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\Agent\MCUPDA~1 .exe
c:\program files\McAfee.com\Personal Firewall\MpfTray .exe
c:\program files\McAfee.com\VSO\mcmnhdlr .exe
c:\program files\McAfee.com\VSO\mcvsshld .exe
c:\windows\system32\HDAShCut .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"uTorrent"="c:\program files\uTorrent\uTorrent .exe" [N/A]
"Google Update"="c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-10 133104]
"AdobeBridge"="" [N/A]
"PowerBar"="c:\program files\CyberLink\PowerStarter\PowerBar.exe" [2005-02-17 110592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [N/A]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"MPSExe"="c:\progra~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 296488]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [N/A]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [N/A]
"McafWelcome"="c:\program files\McAfee.com\Agent\mcwelcom.exe" [N/A]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-07 172032]
"adiras"="adiras.exe" [N/A]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-02-22 114688]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-05-24 1226288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 23:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-10 17:31 133104 ----atw- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 08:38 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 11:30 292136 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 17:38 1226288 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 -c--a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2005-02-17 14:18 110592 -c--a-w- c:\program files\CyberLink\PowerStarter\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
2001-05-24 16:00 94208 -c--a-w- c:\quickenw\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 14:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
c:\program files\Windows Media Player\WMPNSCFG.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
2004-06-08 18:33 69721 -c--a-w- c:\program files\CyberLink\PowerBackup\PBKScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\iView Media\\IVIEW_M.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Adobe\\After Effects 6.0\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dllcache\\iexplore.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19820:UDP"= 19820:UDP:azureus
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"14786:TCP"= 14786:TCP:spport
"11054:TCP"= 11054:TCP:spport
"16001:TCP"= 16001:TCP:spport
"21750:TCP"= 21750:TCP:spport
"28045:TCP"= 28045:TCP:spport
"29667:TCP"= 29667:TCP:spport
"21941:TCP"= 21941:TCP:spport
"23302:TCP"= 23302:TCP:spport
"13842:TCP"= 13842:TCP:spport
"20543:TCP"= 20543:TCP:spport

R2 gupdate1c9907df6b45076;Google Update Service (gupdate1c9907df6b45076);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 DTV_Capture_2X0;DVB-T Receiver;c:\windows\system32\Drivers\DTV_Capture_2X0.sys [2004-09-06 18432]
R3 DTV_Loader_2X1;DVB-T Loader;c:\windows\system32\Drivers\DTV_Loader_2X1.sys [2005-06-29 19328]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\DRIVERS\mrv8ka51.sys [2004-05-20 258560]
R4 m5287;m5287;c:\windows\system32\DRIVERS\m5287.sys [2005-02-05 85888]
R4 m5289;m5289;c:\windows\system32\DRIVERS\m5289.sys [2004-12-01 51840]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-07-30 38448]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-02-25 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-02-25 162936]
S2 mrtRate;mrtRate; [x]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 17:31]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mWindow Title = Tiscali Internet Access
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\mclsp.dll
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://authenticate.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\documents and settings\admin\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\Clickteam\Vitalize\v4\npcnc32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-01-01 11:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
c:\windows\system32\mclsphlr\gdlsphlr.dll
c:\windows\system32\McRtl32.dll

- - - - - - - > 'explorer.exe'(3608)
c:\windows\system32\WININET.dll
c:\program files\MultiScreen\ServiceHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ASWLSVC.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\windows\system32\ASWL2K.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\rundll32.exe
c:\program files\MagicTune Premium\MagicTune.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2002-01-01 11:31:09 - machine was rebooted
ComboFix-quarantined-files.txt 2002-01-01 11:31
ComboFix2.txt 2010-08-03 17:21
ComboFix3.txt 2010-08-01 17:01

Pre-Run: 10,758,676,480 bytes free
Post-Run: 10,739,400,704 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3ED41BE57A94E695508A6274393A01D1

#22
Rorschach112

Posted 07 August 2010 - 05:43 PM

Ralphie

Retired Staff
47,710 posts

Please download Dr.Web CureIt . Save it to your desktop:

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select Complete scan.
Click the green arrow at the right, and the scan will start.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your desktop. The report will be called DrWeb.csv
Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
Please post the Dr.Web.txt report in your next reply
Close Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

#23
skinnypig

Posted 09 August 2010 - 04:24 AM

Member

Topic Starter
Member
44 posts

hi, here's the DR WEB log:
---------------------------------------------
sdccinfo.dll;C:\WINDOWS\system32;Trojan.Click.27213;Deleted.;
secupdat.dat.vir;C:\Qoobox\Quarantine\C\Documents and Settings\admin;Trojan.Spambot.9422;Deleted.;
sp.DLL.vir;C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Adobe;BackDoor.ProxyBot.35;Deleted.;
A0192460.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636;Win32.HLLW.Lime.18;Deleted.;
A0192468.DLL;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP636;BackDoor.ProxyBot.35;Deleted.;
A0194084.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194086.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194090.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194092.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194093.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194095.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194096.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194097.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194098.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194100.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194101.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194102.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194103.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194104.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194106.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194109.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194110.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194112.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194113.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194114.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194115.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194116.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194117.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194123.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194124.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194129.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194130.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP637;Trojan.Packed.20639;Deleted.;
A0194193.exe;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP638;Win32.HLLC.Asdas.7;Deleted.;
A0194194.com;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP638;Win32.HLLC.Asdas.7;Deleted.;
A0194404.dll;C:\System Volume Information\_restore{54C7A4C0-672A-400F-89D3-264781F4E928}\RP639;Trojan.Click.27213;Deleted.;

#24
Rorschach112

Posted 09 August 2010 - 04:33 AM

Ralphie

Retired Staff
47,710 posts

download a new copy of combofix, run that, post its log

#25
skinnypig

Posted 09 August 2010 - 09:54 AM

Member

Topic Starter
Member
44 posts

here's the combofix log:
--------------------------------------------------

ComboFix 10-08-08.03 - admin 09/08/2010 16:33:08.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1744 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\svchost.com.exe
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AUTOLNCH.REG

.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-06 16:53 . 2010-08-06 16:53 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5884797f-n\decora-sse.dll
2010-08-06 16:53 . 2010-08-06 16:53 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-68f91545-n\msvcp71.dll
2010-08-06 16:53 . 2010-08-06 16:53 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-68f91545-n\jmc.dll
2010-08-06 16:53 . 2010-08-06 16:53 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5884797f-n\decora-d3d.dll
2010-08-06 16:53 . 2010-08-06 16:53 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-68f91545-n\msvcr71.dll
2010-08-03 17:05 . 2010-08-03 17:21 -------- d-----w- C:\svchost.com6578s
2010-08-03 14:14 . 2010-08-03 14:14 -------- d-----w- C:\_OTM
2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com19763s
2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com
2010-07-30 08:30 . 2010-07-30 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 09:14 . 2010-07-29 09:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-14 16:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 22:44 . 2010-08-03 16:41 112 ----a-w- c:\documents and settings\All Users\Application Data\18dydK371.dat
2010-08-03 17:18 . 2009-07-15 17:54 -------- d-----w- c:\program files\MultiScreen
2010-08-01 16:43 . 2009-06-05 19:54 -------- d-----w- c:\program files\QuickTime
2010-08-01 16:03 . 2009-10-17 23:53 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent
2010-08-01 09:17 . 2010-02-03 21:06 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2010-08-01 04:21 . 2007-03-26 18:44 -------- d-----w- c:\program files\Azureus
2010-07-31 09:05 . 2004-08-03 22:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-07-30 23:35 . 2008-07-25 19:43 32352 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-07-30 23:27 . 2005-09-09 22:03 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-07-30 23:09 . 2006-02-20 20:54 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-30 22:57 . 2008-07-25 19:43 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-07-29 09:14 . 2006-10-02 16:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 21:30 . 2006-02-20 21:52 112520 -c--a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 17:03 . 2008-09-15 14:57 -------- d-----w- c:\program files\truespace6
2010-07-13 13:29 . 2008-12-03 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-08 16:58 . 2010-07-07 13:16 -------- d-----w- c:\program files\Multimedia Fusion 2
2010-07-07 13:18 . 2008-05-15 14:49 -------- d-----w- c:\documents and settings\admin\Application Data\Clickteam
2010-06-14 20:34 . 2010-06-14 20:34 50354 ----a-w- c:\documents and settings\admin\Application Data\Facebook\uninstall.exe
2010-06-14 20:34 . 2010-06-14 20:34 -------- d-----w- c:\documents and settings\admin\Application Data\Facebook
2010-06-14 14:31 . 2005-11-25 08:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 15:51 . 2010-06-11 15:51 3055600 ----a-w- c:\documents and settings\admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 15:36 . 2010-06-11 15:36 275952 ----a-w- c:\documents and settings\admin\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\admin\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-03 20:35 . 2010-06-03 20:35 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76ab9d14-n\msvcp71.dll
2010-06-03 20:35 . 2010-06-03 20:35 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76ab9d14-n\jmc.dll
2010-06-03 20:35 . 2010-06-03 20:35 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76ab9d14-n\msvcr71.dll
2010-06-03 20:35 . 2010-06-03 20:35 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-132b1593-n\decora-sse.dll
2010-06-03 20:35 . 2010-06-03 20:35 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-132b1593-n\decora-d3d.dll
2010-05-21 18:25 . 2010-07-29 09:15 212144 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2005-07-25 07:41 . 2005-05-26 02:17 110657 -c--a-w- c:\program files\Common Files\UninstallDrv.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-12-10 17:40 . 2007-12-10 17:40 6275816 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

<pre>
c:\program files\McAfee\SpamKiller\MSKAGE~1 .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\Agent\MCUPDA~1 .exe
c:\program files\McAfee.com\Personal Firewall\MpfTray .exe
c:\program files\McAfee.com\VSO\mcmnhdlr .exe
c:\program files\McAfee.com\VSO\mcvsshld .exe
c:\windows\system32\HDAShCut .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"uTorrent"="c:\program files\uTorrent\uTorrent .exe" [N/A]
"Google Update"="c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-10 133104]
"AdobeBridge"="" [N/A]
"PowerBar"="c:\program files\CyberLink\PowerStarter\PowerBar.exe" [2005-02-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [N/A]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"MPSExe"="c:\progra~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 296488]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [N/A]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [N/A]
"McafWelcome"="c:\program files\McAfee.com\Agent\mcwelcom.exe" [N/A]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-07 172032]
"adiras"="adiras.exe" [N/A]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-02-22 114688]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-05-24 1226288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-11-8 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 23:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-10 17:31 133104 ----atw- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 08:38 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 11:30 292136 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 17:38 1226288 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 -c--a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2005-02-17 14:18 110592 -c--a-w- c:\program files\CyberLink\PowerStarter\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
2001-05-24 16:00 94208 -c--a-w- c:\quickenw\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 14:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
c:\program files\Windows Media Player\WMPNSCFG.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
2004-06-08 18:33 69721 -c--a-w- c:\program files\CyberLink\PowerBackup\PBKScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\iView Media\\IVIEW_M.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Adobe\\After Effects 6.0\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dllcache\\iexplore.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19820:UDP"= 19820:UDP:azureus
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"14786:TCP"= 14786:TCP:spport
"11054:TCP"= 11054:TCP:spport
"16001:TCP"= 16001:TCP:spport
"21750:TCP"= 21750:TCP:spport
"28045:TCP"= 28045:TCP:spport
"29667:TCP"= 29667:TCP:spport
"21941:TCP"= 21941:TCP:spport
"23302:TCP"= 23302:TCP:spport
"13842:TCP"= 13842:TCP:spport
"20543:TCP"= 20543:TCP:spport

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [25/07/2008 20:43 38448]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [25/02/2010 10:43 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [25/02/2010 10:43 162936]
S2 gupdate1c9907df6b45076;Google Update Service (gupdate1c9907df6b45076);c:\program files\Google\Update\GoogleUpdate.exe [16/02/2009 22:31 133104]
S2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [22/02/2006 18:17 34712]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [27/01/2010 22:05 90112]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [28/02/2009 13:24 16512]
S3 DTV_Capture_2X0;DVB-T Receiver;c:\windows\system32\drivers\DTV_Capture_2X0.sys [21/02/2006 19:01 18432]
S3 DTV_Loader_2X1;DVB-T Loader;c:\windows\system32\drivers\DTV_Loader_2X1.sys [21/02/2006 19:01 19328]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18/03/2010 21:41 13224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [25/01/2009 17:11 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [25/01/2009 17:11 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [25/01/2009 17:11 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [25/01/2009 17:11 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [25/01/2009 17:11 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [25/01/2009 17:11 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [25/01/2009 17:11 110120]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [17/02/2006 11:59 258560]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [25/11/2005 17:44 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [25/11/2005 17:44 51840]
.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 17:31]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mWindow Title = Tiscali Internet Access
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\mclsp.dll
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://authenticate.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\documents and settings\admin\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\Clickteam\Vitalize\v4\npcnc32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 16:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
Completion time: 2010-08-09 16:45:54
ComboFix-quarantined-files.txt 2010-08-09 15:45
ComboFix2.txt 2002-01-01 11:31
ComboFix3.txt 2010-08-03 17:21
ComboFix4.txt 2010-08-01 17:01

Pre-Run: 10,488,008,704 bytes free
Post-Run: 10,468,143,104 bytes free

- - End Of File - - 286746579C4A42E2F379C67567A7AA53

#26
Rorschach112

Posted 09 August 2010 - 10:43 AM

Ralphie

Retired Staff
47,710 posts

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\All Users\Application Data\18dydK371.dat

RenV::
c:\program files\McAfee\SpamKiller\MSKAGE~1 .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\Agent\MCUPDA~1 .exe
c:\program files\McAfee.com\Personal Firewall\MpfTray .exe
c:\program files\McAfee.com\VSO\mcmnhdlr .exe
c:\program files\McAfee.com\VSO\mcvsshld .exe
c:\windows\system32\HDAShCut .exe

KillAll::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14786:TCP"=-
"11054:TCP"=-
"16001:TCP"=-
"21750:TCP"=-
"28045:TCP"=-
"29667:TCP"=-
"21941:TCP"=-
"23302:TCP"=-
"13842:TCP"=-
"20543:TCP"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#27
skinnypig

Posted 09 August 2010 - 11:54 AM

Member

Topic Starter
Member
44 posts

here's the combofix log:
----------------------------------------------
ComboFix 10-08-08.03 - admin 09/08/2010 18:05:48.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1746 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\svchost.com.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Application Data\18dydK371.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\18dydK371.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-03 17:05 . 2010-08-03 17:21 -------- d-----w- C:\svchost.com6578s
2010-08-03 14:14 . 2010-08-03 14:14 -------- d-----w- C:\_OTM
2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com19763s
2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com
2010-07-30 08:30 . 2010-07-30 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 09:14 . 2010-07-29 09:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-14 16:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 17:18 . 2009-07-15 17:54 -------- d-----w- c:\program files\MultiScreen
2010-08-01 16:43 . 2009-06-05 19:54 -------- d-----w- c:\program files\QuickTime
2010-08-01 16:03 . 2009-10-17 23:53 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent
2010-08-01 09:17 . 2010-02-03 21:06 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2010-08-01 04:21 . 2007-03-26 18:44 -------- d-----w- c:\program files\Azureus
2010-07-31 09:05 . 2004-08-03 22:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-07-30 23:35 . 2008-07-25 19:43 32352 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-07-30 23:27 . 2005-09-09 22:03 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-07-30 23:09 . 2006-02-20 20:54 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-30 22:57 . 2008-07-25 19:43 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-07-29 09:14 . 2006-10-02 16:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 21:30 . 2006-02-20 21:52 112520 -c--a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 17:03 . 2008-09-15 14:57 -------- d-----w- c:\program files\truespace6
2010-07-13 13:29 . 2008-12-03 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-08 16:58 . 2010-07-07 13:16 -------- d-----w- c:\program files\Multimedia Fusion 2
2010-07-07 13:18 . 2008-05-15 14:49 -------- d-----w- c:\documents and settings\admin\Application Data\Clickteam
2010-06-14 20:34 . 2010-06-14 20:34 -------- d-----w- c:\documents and settings\admin\Application Data\Facebook
2010-06-14 14:31 . 2005-11-25 08:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-21 18:25 . 2010-07-29 09:15 212144 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2005-07-25 07:41 . 2005-05-26 02:17 110657 -c--a-w- c:\program files\Common Files\UninstallDrv.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-12-10 17:40 . 2007-12-10 17:40 6275816 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"Google Update"="c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-10 133104]
"PowerBar"="c:\program files\CyberLink\PowerStarter\PowerBar.exe" [2005-02-17 110592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MSKAGE~1.EXE" [2005-09-26 110592]
"MPSExe"="c:\progra~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 296488]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-07 172032]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-02-22 114688]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-05-24 1226288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-11-8 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 23:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-10 17:31 133104 ----atw- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 08:38 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 11:30 292136 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 17:38 1226288 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 -c--a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2005-02-17 14:18 110592 -c--a-w- c:\program files\CyberLink\PowerStarter\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
2001-05-24 16:00 94208 -c--a-w- c:\quickenw\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 14:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
2004-06-08 18:33 69721 -c--a-w- c:\program files\CyberLink\PowerBackup\PBKScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\iView Media\\IVIEW_M.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Adobe\\After Effects 6.0\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dllcache\\iexplore.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19820:UDP"= 19820:UDP:azureus
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [25/07/2008 20:43 38448]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [25/02/2010 10:43 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [25/02/2010 10:43 162936]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [22/02/2006 18:17 34712]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [27/01/2010 22:05 90112]
S2 gupdate1c9907df6b45076;Google Update Service (gupdate1c9907df6b45076);c:\program files\Google\Update\GoogleUpdate.exe [16/02/2009 22:31 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [28/02/2009 13:24 16512]
S3 DTV_Capture_2X0;DVB-T Receiver;c:\windows\system32\drivers\DTV_Capture_2X0.sys [21/02/2006 19:01 18432]
S3 DTV_Loader_2X1;DVB-T Loader;c:\windows\system32\drivers\DTV_Loader_2X1.sys [21/02/2006 19:01 19328]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18/03/2010 21:41 13224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [25/01/2009 17:11 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [25/01/2009 17:11 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [25/01/2009 17:11 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [25/01/2009 17:11 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [25/01/2009 17:11 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [25/01/2009 17:11 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [25/01/2009 17:11 110120]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [17/02/2006 11:59 258560]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [25/11/2005 17:44 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [25/11/2005 17:44 51840]
.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 17:31]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mWindow Title = Tiscali Internet Access
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\mclsp.dll
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://authenticate.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\documents and settings\admin\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\Clickteam\Vitalize\v4\npcnc32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent .exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
HKLM-Run-McafWelcome - c:\program files\McAfee.com\Agent\mcwelcom.exe
HKLM-Run-adiras - adiras.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
MSConfigStartUp-WMPNSCFG - c:\program files\Windows Media Player\WMPNSCFG.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 18:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
c:\windows\system32\mclsphlr\gdlsphlr.dll
c:\windows\system32\McRtl32.dll

- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\WININET.dll
c:\program files\MultiScreen\ServiceHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ASWLSVC.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\windows\system32\ASWL2K.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\OasClnt.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\MagicTune Premium\MagicTune.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-08-09 18:30:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 17:30
ComboFix2.txt 2010-08-09 15:45
ComboFix3.txt 2002-01-01 11:31
ComboFix4.txt 2010-08-03 17:21
ComboFix5.txt 2010-08-09 17:05

Pre-Run: 10,480,721,920 bytes free
Post-Run: 10,463,821,824 bytes free

- - End Of File - - DB4A8B51DC9D6C690CEEC7BB54A940E0

#28
Rorschach112

Posted 09 August 2010 - 11:57 AM

Ralphie

Retired Staff
47,710 posts

you need to re-install mcafee

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.exe
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Update\*.*
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
set /c
%PROGRAMFILES%|bak;true;false;false /fp
%systemroot%\system32|bak;true;false;false /fp
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

#29
skinnypig

Posted 09 August 2010 - 02:54 PM

Member

Topic Starter
Member
44 posts

OTL.txt:
----------------------------------------------------------

OTL logfile created on: 09/08/2010 21:20:25 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.91 Gb Total Space | 9.77 Gb Free Space | 5.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STELLASTARH
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/09 21:18:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2010/02/25 10:43:46 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
PRC - [2010/02/25 10:43:46 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/08 22:09:32 | 000,095,232 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/07/18 16:23:10 | 002,449,408 | ---- | M] (SEC) -- C:\Program Files\MagicTune Premium\MagicTune.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 02:54:02 | 000,114,688 | ---- | M] () -- C:\Program Files\MultiScreen\MultiScreen.exe
PRC - [2007/08/23 15:05:00 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/29 20:41:34 | 000,910,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/29 20:41:16 | 000,149,040 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/05/24 18:38:10 | 001,226,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
PRC - [2006/06/13 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/03/30 14:31:24 | 000,296,488 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\MPS\mscifapp.exe
PRC - [2005/11/11 18:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 17:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 17:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 20:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/08/24 17:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/11 23:02:44 | 000,053,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\oasclnt.exe
PRC - [2005/08/10 12:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe
PRC - [2005/07/12 19:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
PRC - [2005/07/08 19:18:22 | 000,151,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
PRC - [2005/07/08 19:16:16 | 000,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
PRC - [2005/02/17 15:18:58 | 000,110,592 | ---- | M] (Cyberlink, Corp.) -- C:\Program Files\CyberLink\PowerStarter\PowerBar.exe
PRC - [2005/01/14 19:22:52 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2004/11/29 18:17:28 | 000,505,856 | ---- | M] () -- C:\WINDOWS\system32\ASWL2K.exe
PRC - [2004/05/06 13:21:04 | 000,496,640 | ---- | M] () -- C:\WINDOWS\system32\ASWLSVC.exe

========== Modules (SafeList) ==========

MOD - [2010/08/09 21:18:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
MOD - [2008/04/14 01:11:56 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008/02/22 02:53:18 | 000,036,864 | ---- | M] () -- C:\Program Files\MultiScreen\ServiceHook.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2005/09/26 19:12:52 | 000,098,304 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSSkt.Dll
MOD - [1999/03/29 02:34:06 | 000,106,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/02/25 10:43:46 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc)
SRV - [2010/02/25 10:43:46 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc)
SRV - [2009/11/14 00:07:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/08/23 15:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/19 13:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005/11/11 17:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 20:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 17:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/10 12:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) [Auto | Running] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
SRV - [2005/07/12 19:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) [Auto | Running] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
SRV - [2005/07/01 20:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004/05/06 13:21:04 | 000,496,640 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ASWLSVC.exe -- (ASWLSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt73.sys -- (RT73)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\svchost.com1669s\catchme.sys -- (catchme)
DRV - [2010/07/31 00:35:33 | 000,032,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/07/30 23:57:33 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009/04/06 10:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 10:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/11/02 21:15:19 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/13 19:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 19:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 19:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 19:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 19:46:07 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/03/30 00:49:38 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/06/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/03/17 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/11/11 17:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/10/10 22:49:00 | 003,530,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/08/10 12:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/07/29 17:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 17:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/29 17:21:24 | 000,019,328 | R--- | M] (WideView Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DTV_Loader_2X1.sys -- (DTV_Loader_2X1)
DRV - [2005/06/08 18:51:56 | 000,311,936 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrv8k51.sys -- (W8100PCI)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/05 08:00:00 | 000,085,888 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5287.sys -- (m5287)
DRV - [2004/12/01 11:49:00 | 000,051,840 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\m5289.sys -- (m5289)
DRV - [2004/10/27 16:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/06 20:40:04 | 000,018,432 | R--- | M] (Computer & Entertainment, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DTV_Capture_2X0.sys -- (DTV_Capture_2X0)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/05/20 20:47:22 | 000,258,560 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrv8ka51.sys -- (W8100XP)
DRV - [2004/04/20 11:13:00 | 000,472,960 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004/03/02 10:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004/03/02 10:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2003/08/06 10:43:00 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/09/09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/05/07 10:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)
DRV - [2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VC4CB104.SYS -- (VC4CB104)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/02/01 03:00:00 | 000,147,872 | R--- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (nuvvid2)
DRV - [2000/05/31 15:20:34 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start.m...en-GB:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 20:58:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 20:58:14 | 000,000,000 | ---D | M]

[2008/09/03 20:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2010/08/05 03:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\extensions
[2010/05/09 22:47:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/02/10 00:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\extensions\[email protected]
[2009/10/03 12:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\extensions\[email protected]
[2009/06/08 18:40:21 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\searchplugins\bing.xml
[2010/08/05 03:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/16 22:54:35 | 000,468,480 | ---- | M] (Clickteam) -- C:\Program Files\Mozilla Firefox\plugins\npcnc32.dll
[2007/12/10 18:40:06 | 006,275,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/03/14 20:15:08 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/14 20:15:08 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/14 20:15:08 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/14 20:15:08 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/09 18:18:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe File not found
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MPSExe] c:\Program Files\McAfee.com\MPS\mscifapp.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAGE~1.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [TkBellExe] File not found
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [PowerBar] C:\Program Files\CyberLink\PowerStarter\PowerBar.exe (Cyberlink, Corp.)
O4 - Startup: C:\Documents and Settings\admin\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
O16 - DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} https://authenticate...olInstaller.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/25 10:00:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PowerBar - hkey= - key= - C:\Program Files\CyberLink\PowerStarter\PowerBar.exe (Cyberlink, Corp.)
MsConfig - StartUpReg: QAGENT - hkey= - key= - C:\QUICKENW\qagent.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
MsConfig - StartUpReg: {1290A33C-85F5-4164-A1BE-7DD299D4986A} - hkey= - key= - C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.dvacm - C:\WINDOWS\System32\DVACM.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\NUVision.ax (Nogatech Ltd.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/09 21:18:56 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/08/09 18:16:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/09 18:04:44 | 000,000,000 | ---D | C] -- C:\svchost.com1669s
[2010/08/03 18:05:15 | 000,000,000 | ---D | C] -- C:\svchost.com6578s
[2010/08/03 15:14:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/08/03 15:10:55 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTM.exe
[2010/08/03 01:13:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/01 17:20:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/01 17:20:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/01 17:20:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/01 17:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/01 17:17:18 | 000,000,000 | ---D | C] -- C:\svchost.com19763s
[2010/08/01 17:17:04 | 000,000,000 | ---D | C] -- C:\svchost.com
[2010/07/31 20:45:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/30 23:52:48 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\TDSSKiller.exe
[2010/07/30 09:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/30 09:20:40 | 009,190,248 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\admin\Desktop\SUPERAntiSpyware.exe
[2010/07/29 10:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/29 10:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/29 10:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/29 10:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/07 14:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Multimedia Fusion 2
[2010/06/14 21:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Facebook
[2010/06/12 16:05:16 | 000,000,000 | ---D | C] -- C:\f859e356c3222e907d
[2010/05/21 21:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Yahoo!
[2010/05/19 21:12:59 | 000,000,000 | ---D | C] -- C:\Medion
[2010/05/18 07:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/17 22:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Ulead Systems
[2010/05/17 22:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2010/05/17 22:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/05/15 22:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/09 21:18:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/08/09 20:58:32 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\admin\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/09 20:58:13 | 000,287,584 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2010/08/09 20:57:48 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/09 20:56:44 | 000,012,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/09 20:55:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 20:55:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 18:57:05 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\admin\ntuser.dat
[2010/08/09 18:52:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/09 18:36:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006UA.job
[2010/08/09 18:19:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/09 18:18:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/09 18:16:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/08/09 16:22:54 | 003,817,853 | R--- | M] () -- C:\Documents and Settings\admin\Desktop\svchost.com.exe
[2010/08/08 21:44:54 | 000,527,522 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/08 21:44:54 | 000,445,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/08 21:44:54 | 000,072,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/08 20:51:23 | 000,004,314 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\DrWeb-log.csv
[2010/08/08 19:52:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/06 23:36:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006Core.job
[2010/07/31 00:35:33 | 000,032,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\UimBus.sys
[2010/07/30 23:57:33 | 000,038,448 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\System32\drivers\hotcore3.sys
[2010/07/30 21:00:48 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\tdsskiller.zip
[2010/07/30 09:23:54 | 009,190,248 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\admin\Desktop\SUPERAntiSpyware.exe
[2010/07/30 08:55:11 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee SpamKiller.lnk
[2010/07/29 10:14:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/28 09:51:08 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/25 21:03:01 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\We fly to Hamburg on LH4791.doc
[2010/07/25 09:22:02 | 000,001,314 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/23 16:30:24 | 000,000,020 | ---- | M] () -- C:\WINDOWS\hppsapp.INI
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\TDSSKiller.exe
[2010/07/21 22:30:45 | 000,112,520 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/21 22:29:30 | 001,621,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/14 18:11:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/14 18:03:27 | 000,000,489 | ---- | M] () -- C:\WINDOWS\Caligari.ini
[2010/07/13 14:25:22 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/07/13 14:25:19 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/07/13 14:21:44 | 000,003,507 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[2010/07/08 17:58:33 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Multimedia Fusion 2 - HWA.lnk
[2010/07/07 14:16:49 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Multimedia Fusion 2.lnk
[2010/05/18 07:52:13 | 000,001,922 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/18 07:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/17 23:34:00 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ulead DVD Workshop.lnk
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/09 16:22:49 | 003,817,853 | R--- | C] () -- C:\Documents and Settings\admin\Desktop\svchost.com.exe
[2010/08/01 17:20:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/01 17:20:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/01 17:20:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/01 17:20:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/01 17:20:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/30 21:00:45 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\tdsskiller.zip
[2010/07/25 21:03:01 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\We fly to Hamburg on LH4791.doc
[2010/07/23 21:49:04 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee SpamKiller.lnk
[2010/07/08 17:58:33 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Multimedia Fusion 2 - HWA.lnk
[2010/07/07 14:16:49 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Multimedia Fusion 2.lnk
[2010/05/18 07:52:13 | 000,001,922 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/17 22:10:58 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ulead DVD Workshop.lnk
[2010/02/16 01:29:07 | 000,000,075 | ---- | C] () -- C:\WINDOWS\tidevctl.ini
[2009/07/15 18:52:57 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2009/06/24 21:11:50 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/08 21:39:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/07 19:25:20 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/05/18 21:19:54 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/05/18 21:16:30 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/05/18 21:16:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/05/18 20:57:22 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/05/18 20:55:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/10/23 19:59:59 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/16 10:59:01 | 000,000,901 | ---- | C] () -- C:\WINDOWS\VIEWS.INI
[2008/08/01 15:43:02 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\DSE2_DFT.dll
[2008/07/25 20:43:26 | 000,032,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimBus.sys
[2008/07/25 20:43:26 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2008/07/25 20:43:25 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2008/07/25 20:43:24 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2008/06/15 20:17:47 | 000,000,020 | ---- | C] () -- C:\WINDOWS\hppsapp.INI
[2008/02/07 14:56:09 | 000,000,290 | ---- | C] () -- C:\WINDOWS\KNP.INI
[2008/01/19 20:21:25 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2007/12/21 23:31:14 | 000,000,489 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2007/09/22 17:44:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2007/09/22 17:42:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Muma60.INI
[2007/08/01 18:31:35 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2007/06/27 16:13:51 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2007/06/21 20:19:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2007/06/18 19:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/06/17 22:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/06/17 22:17:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/06/08 08:10:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\LS3Renderer.dll
[2007/04/13 10:50:23 | 000,471,040 | ---- | C] () -- C:\WINDOWS\dbengine.dll
[2007/04/13 10:50:23 | 000,303,104 | ---- | C] () -- C:\WINDOWS\spy.dll
[2007/04/13 10:50:23 | 000,184,320 | ---- | C] () -- C:\WINDOWS\keyboard.dll
[2007/04/13 10:50:23 | 000,094,208 | ---- | C] () -- C:\WINDOWS\guidll.dll
[2007/04/13 10:50:23 | 000,057,344 | ---- | C] () -- C:\WINDOWS\vxddll.dll
[2007/04/13 10:50:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\commhook.dll
[2007/04/13 10:50:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\commque.dll
[2007/04/13 10:50:20 | 000,245,760 | ---- | C] () -- C:\WINDOWS\dialogs.dll
[2007/02/09 22:38:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\jgcspc2.ini
[2007/01/07 22:37:18 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/10/02 15:18:40 | 000,000,087 | ---- | C] () -- C:\WINDOWS\msdevctl.ini
[2006/10/02 15:17:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/10/02 15:17:03 | 000,000,113 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2006/10/02 15:17:02 | 000,003,507 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/07/09 11:31:45 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Sofplat.INI
[2006/03/31 13:10:14 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2006/03/22 22:08:10 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2006/03/22 22:05:38 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/03/22 22:05:37 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/03/21 19:57:38 | 000,000,043 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2006/03/08 22:51:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/03/01 21:23:36 | 000,000,238 | ---- | C] () -- C:\WINDOWS\QHI.INI
[2006/03/01 21:21:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2006/03/01 21:21:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/03/01 21:21:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2006/02/22 18:29:15 | 000,012,157 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2006/02/22 18:17:44 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/02/22 18:17:15 | 000,001,314 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/21 17:53:24 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2006/02/21 17:53:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2006/02/21 17:53:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2006/02/21 17:53:18 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2006/02/21 17:53:18 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2006/02/17 15:16:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/25 17:40:21 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2005/11/25 10:16:30 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/25 10:14:41 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/25 10:03:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/10/10 22:49:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/10 22:49:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/10 22:49:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/10 22:49:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/10/10 22:49:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/10 22:49:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/10 22:49:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/09/09 23:03:52 | 000,002,679 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/27 23:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 23:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/06 01:25:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

========== LOP Check ==========

[2009/05/13 00:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Azureus
[2009/11/08 22:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/07 14:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Clickteam
[2010/06/14 21:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Facebook
[2010/04/07 12:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\FMZilla
[2009/07/19 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\FUJIFILM
[2009/10/18 16:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\GrabPro
[2009/02/28 13:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\ImTOO Software Studio
[2006/09/24 20:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\iView
[2006/03/19 10:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Leadertech
[2007/04/05 20:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\MobileAction
[2009/06/07 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\MSNInstaller
[2008/12/23 21:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\OpenOffice.org
[2009/10/18 16:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Orbit
[2008/01/03 19:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Poser 7
[2008/12/03 19:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Publish Providers
[2009/10/23 14:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Quark
[2008/12/12 19:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Samsung
[2006/08/27 21:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Serif
[2008/12/03 19:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Sony
[2008/12/03 18:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Sony Setup
[2006/02/20 22:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Template
[2010/04/07 12:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Thinstall
[2010/05/17 22:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ulead Systems
[2010/08/01 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\uTorrent
[2009/01/25 17:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/09/10 21:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KKPro
[2006/02/21 18:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3C.tmp
[2006/03/26 22:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/11/06 00:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark
[2008/12/03 18:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/07/13 14:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/08 22:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeDraw
[2010/05/17 22:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/06/05 20:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/08/04 17:30:21 | 000,000,177 | ---- | M] () -- C:\ASWL2K.ini
[2005/11/25 10:00:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/18 10:53:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2002/01/01 11:58:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/25 19:35:19 | 343,785,472 | ---- | M] () -- C:\CAPTURE.AVI
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/10/23 20:18:31 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2010/08/09 18:30:40 | 000,030,845 | ---- | M] () -- C:\ComboFix.txt
[2005/11/25 10:00:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/19 21:14:04 | 000,000,000 | ---- | M] () -- C:\debug1.txt
[2008/08/02 20:09:14 | 000,000,139 | ---- | M] () -- C:\drmHeader.bin
[2007/06/22 22:04:20 | 000,000,231 | ---- | M] () -- C:\DrvInst (1).log
[2007/06/22 22:04:18 | 000,000,231 | ---- | M] () -- C:\DrvInst (2).log
[2007/06/22 22:04:22 | 000,000,231 | ---- | M] () -- C:\DrvInst.log
[2006/10/12 20:33:58 | 000,003,054 | ---- | M] () -- C:\dshell.txt
[2006/09/22 23:29:15 | 000,013,824 | ---- | M] () -- C:\dvb.GRF
[2009/11/29 18:42:57 | 000,082,024 | ---- | M] () -- C:\exts.fdb
[2010/05/19 21:14:04 | 000,000,008 | ---- | M] () -- C:\GetFlashID.txt
[2007/04/14 09:18:01 | 000,048,164 | ---- | M] () -- C:\HKCU.reg.txt
[2007/04/14 09:18:01 | 000,048,019 | ---- | M] () -- C:\HKLM.reg.txt
[2006/12/17 20:03:57 | 000,190,937 | ---- | M] () -- C:\hpfr5700.log
[2007/06/22 22:03:47 | 000,001,034 | ---- | M] () -- C:\Install (1).log
[2007/06/21 20:17:05 | 000,001,080 | ---- | M] () -- C:\Install (2).log
[2007/06/22 22:04:40 | 000,000,373 | ---- | M] () -- C:\Install.log
[2005/11/25 10:00:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/09 14:14:08 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2005/11/25 10:00:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/03 20:24:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/09 20:55:27 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/05/06 19:10:02 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/09/24 16:03:18 | 000,045,056 | ---- | M] () -- C:\QHI.IDB
[2006/02/17 11:59:12 | 000,000,087 | ---- | M] () -- C:\setup.log
[2006/02/21 17:53:24 | 000,000,184 | ---- | M] () -- C:\setuplog.exe
[2008/10/24 12:27:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/10/25 11:10:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/12/24 16:47:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/22 17:18:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/28 09:19:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2006/12/09 00:11:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2006/12/09 00:12:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2006/12/11 04:04:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2006/12/25 12:25:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2006/12/29 20:21:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/04/20 17:13:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/12/08 11:45:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/12/24 10:01:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/12/26 14:55:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2007/12/27 11:35:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/10/05 13:47:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/10/07 18:20:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/10/12 13:35:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/10/18 14:02:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/10/24 00:56:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/10/24 12:27:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/10/25 11:10:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/12/24 16:47:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/22 17:18:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/28 09:19:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2006/12/09 00:11:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2006/12/09 00:12:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2006/12/11 04:04:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2006/12/25 12:25:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2006/12/29 20:21:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/04/20 17:13:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/12/08 11:45:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/12/24 10:01:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/12/26 14:55:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2007/12/27 11:35:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/10/05 13:47:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/10/07 18:20:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/10/12 13:35:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/10/18 14:02:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/10/24 00:56:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/08/09 14:17:56 | 018,554,470 | ---- | M] () -- C:\stub.log
[2007/04/14 09:18:01 | 000,000,794 | ---- | M] () -- C:\sysInfo.txt
[2010/07/30 23:55:24 | 000,063,180 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_30.07.2010_23.53.08_log.txt
[2010/07/31 00:07:46 | 000,063,156 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_31.07.2010_00.05.28_log.txt
[2010/07/31 00:14:53 | 000,063,144 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_31.07.2010_00.12.21_log.txt
[2010/07/31 00:22:28 | 000,063,144 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_31.07.2010_00.20.19_log.txt
[2010/07/31 00:33:48 | 000,063,306 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_31.07.2010_00.31.30_log.txt
[2010/07/31 01:11:56 | 000,063,144 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_31.07.2010_00.40.09_log.txt
[2010/07/31 10:16:39 | 000,061,492 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_31.07.2010_10.11.43_log.txt
[2007/04/13 10:49:05 | 000,000,229 | ---- | M] () -- C:\tmp.ini
[2009/05/18 21:21:57 | 000,000,536 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/10 21:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/11/25 09:53:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/11/25 09:53:37 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/11/25 09:53:37 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.dll >
[2005/05/12 00:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.exe >

< %systemroot%\Fonts\*.ini >
[2005/11/25 10:00:19 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/09/10 20:51:09 | 000,001,610 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\*. >
[2007/01/07 22:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2009/11/14 00:18:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/14 00:18:23 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2005/11/25 10:19:19 | 000,000,000 | ---D | M] -- C:\Program Files\aod
[2008/12/03 20:42:44 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/09/18 14:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2006/02/17 11:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\ASUS
[2008/01/05 20:20:17 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2010/01/27 22:04:11 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest update
[2008/11/30 18:58:58 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2010/08/01 05:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Azureus
[2009/11/08 22:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\BBC iPlayer Desktop
[2008/05/15 15:06:59 | 000,000,000 | ---D | M] -- C:\Program Files\Blender Foundation
[2009/06/05 20:55:55 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/06/27 14:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\CASIO
[2008/12/26 23:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\CDisplay
[2010/08/09 18:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/11/25 09:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/10/20 20:33:34 | 000,000,000 | ---D | M] -- C:\Program Files\CoreCodec
[2008/03/06 23:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Coupon Printer
[2005/11/25 10:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/10/17 17:37:17 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2006/02/22 20:48:02 | 000,000,000 | ---D | M] -- C:\Program Files\DTV
[2008/01/03 19:36:19 | 000,000,000 | ---D | M] -- C:\Program Files\e frontier(2)
[2007/09/22 16:49:07 | 000,000,000 | ---D | M] -- C:\Program Files\emagic
[2009/07/19 18:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\FinePixViewer
[2007/02/09 22:38:07 | 000,000,000 | ---D | M] -- C:\Program Files\FOCUSMM
[2010/02/03 01:58:33 | 000,000,000 | ---D | M] -- C:\Program Files\fragMOTION 1.0.0
[2010/04/07 12:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\Free Music Zilla
[2009/07/31 23:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/01/07 22:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\GPLGS
[2007/06/17 20:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\GraphicView32
[2008/10/20 20:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Haali
[2009/05/18 21:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2005/11/25 10:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\HighMAT CD Writing Wizard
[2006/12/19 20:46:51 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/05/17 22:10:04 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/08/27 21:20:36 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information old
[2007/10/05 14:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\Intelligent
[2006/03/08 22:40:27 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2005/11/25 10:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet
[2010/06/08 22:26:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/06/05 20:56:17 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/01/30 17:44:43 | 000,000,000 | ---D | M] -- C:\Program Files\Ipswitch
[2009/06/05 20:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2006/09/24 20:33:35 | 000,000,000 | ---D | M] -- C:\Program Files\iView Media
[2010/04/07 15:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/06/07 18:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\Kith and Kin Pro
[2010/05/22 21:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\Kith and Kin Pro V3
[2007/03/15 20:21:25 | 000,000,000 | ---D | M] -- C:\Program Files\LDS_CD
[2009/04/16 21:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\LooksBuilder
[2007/01/15 17:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2008/05/31 00:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2009/07/15 18:52:57 | 000,000,000 | ---D | M] -- C:\Program Files\MagicTune Premium
[2002/01/01 00:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/05/31 00:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\MAXON
[2006/02/21 18:05:15 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2006/02/21 18:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2006/08/27 21:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mesh Online
[2008/09/03 20:38:10 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/11/25 10:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2005/11/25 10:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/05/15 22:00:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/04/13 13:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/08/27 21:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows Script
[2005/11/25 10:16:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2005/11/25 10:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/09/22 17:42:20 | 000,000,000 | ---D | M] -- C:\Program Files\mmg6_deLuxe
[2007/06/17 22:14:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mobile Action
[2010/03/10 23:09:27 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/25 20:43:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/12/03 18:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/05/15 22:00:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/06/07 18:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/11/25 09:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/10/05 13:21:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2006/11/16 10:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/07/08 17:58:33 | 000,000,000 | ---D | M] -- C:\Program Files\Multimedia Fusion 2
[2009/11/26 14:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\Multimedia Fusion Developer 2
[2010/08/03 18:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\MultiScreen
[2006/10/12 22:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\MyFamily.com
[2010/02/20 20:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/07/20 16:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/11/25 09:58:19 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/12/23 21:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/05/12 13:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/07/25 20:43:02 | 000,000,000 | ---D | M] -- C:\Program Files\Paragon Software
[2009/10/23 14:53:05 | 000,000,000 | ---D | M] -- C:\Program Files\Quark
[2010/08/01 17:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/11/25 10:19:13 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2005/11/25 10:14:30 | 000,000,000 | ---D | M] -- C:\Program Files\Recovery
[2008/09/11 16:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2008/12/03 18:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/06 14:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\REGSHAVE
[2006/12/18 21:22:55 | 000,000,000 | ---D | M] -- C:\Program Files\RFViewer
[2006/02/21 17:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\SAGEM
[2008/12/12 19:54:41 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2009/07/15 18:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\SEC
[2006/08/27 21:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\Serif
[2008/01/06 01:25:00 | 000,000,000 | ---D | M] -- C:\Program Files\Sibelius Software
[2008/03/03 13:52:54 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client
[2008/03/03 13:52:28 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 2.5 Setup Files
[2009/06/24 21:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/06/24 21:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/03/18 21:40:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2008/12/03 18:37:13 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2008/01/07 20:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Soulseek-Test
[2007/04/13 10:50:26 | 000,000,000 | ---D | M] -- C:\Program Files\TalkItTypeIt Deluxe
[2007/06/21 20:19:00 | 000,000,000 | ---D | M] -- C:\Program Files\Teaching-you
[2006/02/20 23:55:18 | 000,000,000 | ---D | M] -- C:\Program Files\Tiscali Broadband
[2009/06/05 20:18:53 | 000,000,000 | ---D | M] -- C:\Program Files\TreeDraw
[2010/07/14 18:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\truespace6
[2007/12/21 23:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\trueSpace7
[2010/05/17 23:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2005/11/25 10:02:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/06 14:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\USB Driver Vers. 3.2
[2009/12/07 23:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\VCG
[2009/10/18 10:47:08 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/06/22 14:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\vixy.net
[2008/08/01 15:55:26 | 000,000,000 | ---D | M] -- C:\Program Files\VOCALOID2
[2008/12/03 18:53:07 | 000,000,000 | ---D | M] -- C:\Program Files\Vstplugins
[2006/12/28 17:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect
[2006/12/28 17:40:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/10/15 22:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/03 20:29:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/06/07 19:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2005/11/25 09:59:34 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/07/14 12:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/08/03 21:52:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/08/15 14:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft AutoScreenRecorder
[2005/11/25 10:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/09/19 20:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/05/19 20:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\YHBPM

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-05 02:10:22

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\admin\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STELLASTARH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\admin
LOGONSERVER=\\STELLASTARH
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Common Files\DivX Shared;C:\Program Files\QuickTime\QTSystem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\admin\LOCALS~1\Temp
USERDOMAIN=STELLASTARH
USERNAME=admin
USERPROFILE=C:\Documents and Settings\admin
VLIGHT_ROOT=C:\Program Files\trueSpace7\tS\VirtuaLight
windir=C:\WINDOWS

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%\system32|bak;true;false;false /fp >

========== Alternate Data Streams ==========

@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

#30
skinnypig

Posted 09 August 2010 - 02:55 PM

Member

Topic Starter
Member
44 posts

Extras.txt:
-------------------------------------------------

OTL Extras logfile created on: 09/08/2010 21:20:25 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.91 Gb Total Space | 9.77 Gb Free Space | 5.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STELLASTARH
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"19820:UDP" = 19820:UDP:*:Enabled:azureus
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema -- (CyberLink Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Program Files\iView Media\IVIEW_M.exe" = C:\Program Files\iView Media\IVIEW_M.exe:*:Enabled:iView Media -- (iView Multimedia Ltd)
"C:\Program Files\Soulseek-Test\slsk.exe" = C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\Adobe\After Effects 6.0\Support Files\AfterFX.exe" = C:\Program Files\Adobe\After Effects 6.0\Support Files\AfterFX.exe:*:Disabled:Adobe After Effects -- (Adobe Systems Incorporated )
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Documents and Settings\admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Disabled:MagicTune -- (SEC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dllcache\iexplore.exe" = C:\WINDOWS\system32\dllcache\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe" = C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module -- ()
"C:\Program Files\Free Music Zilla\FMZilla.exe" = C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{077C74E2-A2A8-11D5-8CD5-00104BB9CE36}" = Speech
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BB4CA36-4FB1-494A-A868-E80F1FE5CFA3}" = EX-F1 Control
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1EC60864-A294-44BF-984A-3E8867D74EA2}" = Adobe After Effects 6.0
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.2.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 19
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3DF6F088-3D85-4C8E-99E6-9B56BA7E8F6B}" = TreeDraw
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4513F51E-3D1B-4791-B652-4C8B263ACD07}" = Samsung PC Studio 2.0 PIM & File Manager
"{45D65580-4B8B-4AAD-9F3F-58D7A0EC90D8}" = SAPI
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4e0e5bf1-64d7-40d2-9a3b-a43fa863d5ec}" = Nero 9
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51C65CD6-A344-41B5-81E2-3CCAC8024F68}" = Sibelius Scorch
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}" = Paragon Drive Backup 8.5 Personal
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E8BEBD-B3AA-4981-BA49-AD0AEA731033}" = Nero BackItUp 2 Essentials
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FECD585-1615-4835-AC75-3D4D1F41FA9A}" = EX-F1 Control
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7A5956-FE23-41C7-B0FA-F9877244CA83}" = Serif MediaPlus 2.0
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85B1BEF2-2357-4C27-ABBE-15A1AE3AF78D}" = HP Deskjet 5700
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{93F73BEB-82C1-43D4-BEAE-69357CEC48F7}" = Kith and Kin Pro V3
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D25E39B-C68A-4D38-B231-6AA2B43F16D7}" = Family History Resource File Viewer 3.0
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}" = Ulead DVD Workshop
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0258DD6-D4DD-48D1-A997-C5AE8C998A47}" = ArcSoft TotalMedia Extreme
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4342A07-E2C7-4A8B-9145-CBDEE750BCE3}" = VOCALOID2 Voice DB (Miku)
"{B6588186-9657-486C-AEB1-F57D8E160F19}" = VOCALOID2 Expression DB (Standard)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1C1C21B-F56E-400B-B0B0-270D817889F3}" = VOCALOID2 Editor V2.0.2.4J
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Audacity_is1" = Audacity 1.2.4
"AviSynth" = AviSynth 2.5
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Blender" = Blender (remove only)
"Caligari trueSpace6_is1" = Caligari trueSpace6
"Caligari trueSpace7_is1" = Uninstall trueSpace7
"CDisplay_is1" = CDisplay 1.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DTV_1.0" = DVB-T USB 2.0
"Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
"fragMOTION 1.0.0_is1" = fragMOTION 1.0.0
"Free Music Zilla_is1" = Free Music Zilla
"GraphicView 32" = GraphicView 32
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 5.0
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"iView Media" = iView Media (remove only)
"Jane Greenoff Pattern Creator 2" = Jane Greenoff Pattern Creator 2
"luuv_tsx_ts5_is1" = luuv trueSpace 5x & 6x .OBJ import/export plugin
"Magic Bullet Looks" = Magic Bullet Looks
"Magic Bullet Suite 2.0" = Magic Bullet Suite 2.0
"Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
"MAGIX music + video maker generation 6 deLuxe" = MAGIX music + video maker generation 6 deLuxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Mesh" = Mesh Online
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MMF2 SWF File Exporter" = MMF2 SWF File Exporter
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multimedia Fusion 2" = Multimedia Fusion 2
"Multimedia Fusion 2 - HWA" = Multimedia Fusion 2 - HWA
"Multimedia Fusion Developer 2" = Multimedia Fusion Developer 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pegasus Mail" = Pegasus Mail
"Quicken 2001 Deluxe" = Quicken 2001 Deluxe
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SEMC OMSI Module" = SEMC OMSI Module
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"Soulseek2" = SoulSeek Client 157 test 12c
"ST6UNST #1" = YHBPM English Version 1.4
"Tiscali Internet Access" = Tiscali Internet Access
"Tiscali_uk" = Tiscali 10.0
"Trapcode Starglow" = Trapcode Starglow
"Ulead MediaStudio Pro 6.0 SE" = Ulead MediaStudio Pro 6.0 SE
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2
"Videora iPhone Converter" = Videora iPhone Converter 3.08
"vixy converter BETA_is1" = vixy converter uninstall
"VLC media player" = VLC media player 1.0.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"Wisdom-soft AutoScreenRecorder 2.1 Pro" = Wisdom-soft AutoScreenRecorder 2.1 Pro
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Vitalize! 4" = Vitalize! 4
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/01/2002 07:07:21 | Computer Name = STELLASTARH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 01/01/2002 07:07:21 | Computer Name = STELLASTARH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 01/01/2002 07:07:22 | Computer Name = STELLASTARH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 01/01/2002 07:07:22 | Computer Name = STELLASTARH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 01/01/2002 07:07:22 | Computer Name = STELLASTARH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 01/01/2002 07:07:22 | Computer Name = STELLASTARH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 01/01/2002 07:07:22 | Computer Name = STELLASTARH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 01/01/2002 07:07:22 | Computer Name = STELLASTARH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 01/01/2002 07:07:22 | Computer Name = STELLASTARH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 09/08/2010 11:52:15 | Computer Name = STELLASTARH | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 09/08/2010 13:19:38 | Computer Name = STELLASTARH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 09/08/2010 13:19:38 | Computer Name = STELLASTARH | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 09/08/2010 13:19:38 | Computer Name = STELLASTARH | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10045

Error - 09/08/2010 13:22:01 | Computer Name = STELLASTARH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 09/08/2010 13:55:25 | Computer Name = STELLASTARH | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 09/08/2010 15:55:51 | Computer Name = STELLASTARH | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 09/08/2010 15:55:51 | Computer Name = STELLASTARH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 09/08/2010 15:55:51 | Computer Name = STELLASTARH | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 09/08/2010 15:55:52 | Computer Name = STELLASTARH | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10045

Error - 09/08/2010 15:59:41 | Computer Name = STELLASTARH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

< End of report >