Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Anti Virus Pro II(?) [Solved]

Started by JChamberlain , May 08 2009 08:40 AM

This topic is locked

#1
JChamberlain

Posted 08 May 2009 - 08:40 AM

Member

Member
10 posts

Hi there. Second time I've posted here, first time the service was wonderful! Nearly makes up for the frustrations of having to deal with 3 inept family members.

Here is my last topic. I suspect that whatever I had before (or something slimilar) is back:
http://www.geekstogo...ro-t184266.html

I did some updates (IE8, various Office updates) then restarted. 1st restart windows failed to load. 2nd restart was ok until I noticed as the desktop was loading the same blue-background-with-spyware-warning as before.

I can only see it when I refresh my desktop for a fraction of a second, too fast for me to get a new screenshot of it, but I'm 99% sure it's the same as the old one.

Also, it doesn't let me change the desktop without restarting unless I disable 'Lock Web Items on Desktop', in which case when I refresh the desktop I don't see the blue background.

So anyway, I went through the cleaning guide.

Here's the mbam log:

Malwarebytes' Anti-Malware 1.36
Database version: 2093
Windows 5.1.2600 Service Pack 3

8/05/2009 11:13:51 PM
mbam-log-2009-05-08 (23-13-51).txt

Scan type: Quick Scan
Objects scanned: 82765
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\AntiVirusPro.exe.log (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bns.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Rooter:

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76308 Mo/Free:2442 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 09/05/2009| 0:03

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Google\Update\GoogleUpdate.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\program files\common files\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\Program Files\Ahead\InCD\InCD.exe
---------- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\WINDOWS\vVX3000.exe
---------- C:\Program Files\McAfee.com\Agent\mcagent.exe
---------- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
---------- C:\Program Files\McAfee\MSK\MskSrver.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

1 - "C:\Rooter$\Rooter_1.txt" - Sat 09/05/2009| 0:05

----------------------\\ Scan completed at 0:05

OTListIt

OTListIt logfile created on: 9/05/2009 12:09:09 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

766.80 Mb Total Physical Memory | 214.67 Mb Available Physical Memory | 28.00% Memory free
1.08 Gb Paging File | 0.64 Gb Available in Paging File | 59.05% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.39 Gb Free Space | 24.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRONULLA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Copyright © ahead software gmbh and its licensors)
PRC - C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\Smtray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9cfd2bcd1ee6 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (BsStor [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\bsstor.sys (B.H.A Co.,Ltd.)
DRV - (BsUDF [Auto | Running]) -- C:\WINDOWS\System32\drivers\bsudf.sys (ahead software)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sentinel [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS ()
DRV - (smbusp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\smb.sys (Intel Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (StillCam [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VX3000 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.smh.com.au/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.4.8
FF - prefs.js..extensions.enabledItems: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/20 18:38:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/10 18:28:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/07 22:44:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 21:50:36 | 00,000,000 | ---D | M]

[2008/06/19 11:35:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2008/06/19 11:35:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/08 14:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\qfqiuj7x.default\extensions
[2007/11/28 17:05:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\qfqiuj7x.default\extensions\{90ab4b7a-dfc8-420b-a205-eae16593e719}
[2009/03/06 17:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\qfqiuj7x.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03}
[2009/05/04 09:53:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\qfqiuj7x.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2009/04/24 12:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\qfqiuj7x.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/16 13:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\qfqiuj7x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/03 11:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\qfqiuj7x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/01/12 09:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\qfqiuj7x.default\extensions\[email protected]
[2009/05/08 14:25:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 21:50:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/13 13:18:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/14 11:09:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/14 10:09:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/15 12:42:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/10 18:29:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/05/03 12:32:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/29 21:50:28 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 21:50:28 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/05 01:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/06 04:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/05 01:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 19:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 13:51:07 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 14:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/29 04:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/05 01:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (227141 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 7992 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Copyright © ahead software gmbh and its licensors)
O4 - HKLM..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" (McAfee)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: hattrick.org ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file://C:\Program Files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe (ProductView Express)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193819246859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193819113828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{7FDFA4A7-8A79-463F-A1F6-CE326DEF2360}\\Domain = nsw.bigpond.net.au
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\system32\zwebauth.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/29 12:22:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e3c58cb6-deb5-11dc-b0ba-0007e9592c65}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c58cb6-deb5-11dc-b0ba-0007e9592c65}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3c58cb6-deb5-11dc-b0ba-0007e9592c65}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/05/09 00:03:05 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/09 00:02:46 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/05/08 23:53:30 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/05/08 23:44:56 | 03,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Administrator\Desktop\spywareblastersetup42.exe
[2009/05/08 23:03:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/05/08 23:03:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/08 23:03:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/08 23:03:23 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/08 23:03:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/08 23:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/08 23:00:57 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/05/08 22:59:35 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/05/08 22:59:35 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/05/08 22:59:34 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/08 22:58:43 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt_setup.exe
[2009/05/08 22:57:54 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint.exe
[2009/05/08 21:42:22 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/08 21:41:31 | 00,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/05/08 21:41:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/05/08 21:12:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/08 21:11:12 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/08 21:07:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/18 13:08:53 | 00,000,000 | ---D | C] -- C:\Program Files\XS Gen Air
[2009/04/18 13:07:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/04/16 07:20:27 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 07:20:26 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 07:20:26 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 07:20:26 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 07:20:25 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 07:20:25 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 07:20:25 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 07:20:24 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 07:20:24 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 07:05:54 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 07:05:47 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 07:05:44 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/12 11:05:39 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/12 11:04:31 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/12 11:04:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/30 20:45:18 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/03/31 12:59:46 | 00,000,608 | ---- | C] () -- C:\WINDOWS\quincy.INI
[2008/02/12 09:37:49 | 00,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/02/12 09:37:42 | 00,000,178 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2007/12/08 12:09:06 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2007/10/12 11:02:55 | 00,000,050 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/03/27 08:45:22 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/12/02 11:14:39 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/06/21 13:47:09 | 00,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/05/08 19:31:57 | 00,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2006/03/13 16:25:44 | 00,000,612 | ---- | C] () -- C:\WINDOWS\EViews32.ini
[2005/12/09 18:47:17 | 00,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2005/12/09 18:47:16 | 00,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2005/11/30 13:14:00 | 00,000,047 | ---- | C] () -- C:\WINDOWS\xtools12.ini
[2005/11/26 11:12:45 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/26 11:12:43 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/26 11:12:43 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/26 11:12:42 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/26 11:12:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/07 14:35:01 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/08/07 14:35:01 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/08/07 14:32:31 | 00,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2005/08/07 14:20:28 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2004/12/29 13:35:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/30 17:10:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/06/20 11:04:47 | 00,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/04/27 11:07:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/12/31 10:28:27 | 00,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2003/12/10 14:51:02 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003/11/29 09:11:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Transmogrifier-1.4.INI
[2003/09/26 20:20:05 | 00,000,306 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2003/08/30 18:59:30 | 00,000,169 | ---- | C] () -- C:\WINDOWS\TB50.INI
[2003/08/30 18:59:30 | 00,000,099 | ---- | C] () -- C:\WINDOWS\ASYM.INI
[2003/08/30 18:59:27 | 00,000,041 | ---- | C] () -- C:\WINDOWS\NLBOAV41.INI
[2003/08/30 14:06:40 | 00,073,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2003/08/30 14:06:40 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\SNTI386.DLL
[2003/08/30 14:06:40 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL
[2003/08/29 13:45:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/29 13:45:38 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/08/29 13:45:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2003/08/29 13:09:30 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003/08/29 13:07:36 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2001/08/23 22:00:00 | 00,001,029 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 22:00:00 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/23 04:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[9 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/05/09 00:02:53 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/05/08 23:53:43 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/05/08 23:52:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/08 23:44:56 | 03,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Administrator\Desktop\spywareblastersetup42.exe
[2009/05/08 23:22:44 | 00,028,349 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/08 23:19:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/08 23:19:34 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/08 23:19:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/08 23:19:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/05/08 23:19:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/08 23:03:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/08 23:02:29 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/05/08 22:59:35 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/05/08 22:59:35 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/05/08 22:59:07 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt_setup.exe
[2009/05/08 22:57:55 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint.exe
[2009/05/08 22:06:23 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/05/08 21:17:18 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/05/08 21:16:58 | 00,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 21:11:01 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/08 20:51:29 | 00,001,029 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/08 14:12:18 | 00,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2009/05/04 12:42:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/25 15:30:39 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/20 17:46:37 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/16 11:30:06 | 00,462,306 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 11:30:06 | 00,080,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 11:30:04 | 00,551,910 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B132D3E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Extras:

OTListIt Extras logfile created on: 9/05/2009 12:09:09 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

766.80 Mb Total Physical Memory | 214.67 Mb Available Physical Memory | 28.00% Memory free
1.08 Gb Paging File | 0.64 Gb Available in Paging File | 59.05% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.39 Gb Free Space | 24.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRONULLA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe ()
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{06C32EA0-4A22-4919-979A-8700715865B8}" = Microsoft LifeCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0DDEAF1B-5CEF-485A-9E73-2FB4765C3248}" = Microsoft Robotics Developer Studio 2008
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{444324D8-410D-43EF-AC51-E107EA387199}" = Before You Know It 3.6
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79B84CA8-FBF9-4F31-BE48-3B228E33CDE0}" = PTC ProductView Express - Wildfire 3.0 (M030)
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 82845G Graphics Driver Software
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8F1850CA-B67C-4888-A828-06AC1441C985}_is1" = Quincy 2005 v. 1
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6A3335C-1D6E-1628-3D08-8979BA2B4894}" = XS Gen Air
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B136E4A4-7660-4F15-9752-EF8E6BA7866D}" = Family Tree Maker 2005
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7E5DBE0-B15B-4AEC-8E3B-700A91A5173C}" = PHStat2
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C4B56EBE-6C53-4346-8F73-E380C123F4EF}" = WWP Demo
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for PENTAX 2.0
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{EF5C8CA0-1883-11D5-8EE3-00010249AFCB}" = DMC Pattern Designer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ERDAS ECW JPEG 2000 Plug-in for Firefox" = ERDAS ECW JPEG 2000 Plug-in for Firefox [9.3.0.94]
"ERDAS ECW JPEG 2000 Plug-in for Internet Explorer" = ERDAS ECW JPEG 2000 Plug-in for Internet Explorer [9.3.0.94]
"ERUNT_is1" = ERUNT 1.1j
"e-tax 2008" = e-tax 2008
"Excel QM 2" = Excel QM 2
"Google Updater" = Google Updater
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HyperLoad" = HyperLoad
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD (Ahead Software)
"InstallShield_{0DDEAF1B-5CEF-485A-9E73-2FB4765C3248}" = Microsoft Robotics Developer Studio 2008
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{B7E5DBE0-B15B-4AEC-8E3B-700A91A5173C}" = PHStat2
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"NLBOAV4DeinstKey" = Birds of Australia V4.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M030" = Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M030
"Pro/ENGINEER Release Wildfire 3.0 Datecode M030" = Pro/ENGINEER Release Wildfire 3.0 Datecode M030
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Punch! 5 in 1 Home Design" = Punch! 5 in 1 Home Design
"Rainbow Sentinel Driver" = Sentinel System Driver
"SimCity2000CDv1" = SimCity 2000® Special Edition
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = Match Online 3.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/05/2009 10:23:39 PM | Computer Name = CRONULLA | Source = | ID = 0
Description =

Error - 6/05/2009 11:21:41 PM | Computer Name = CRONULLA | Source = | ID = 0
Description =

Error - 7/05/2009 7:26:56 AM | Computer Name = CRONULLA | Source = | ID = 0
Description =

Error - 7/05/2009 8:53:51 AM | Computer Name = CRONULLA | Source = | ID = 0
Description =

Error - 7/05/2009 11:32:55 PM | Computer Name = CRONULLA | Source = Application Hang | ID = 1002
Description = Hanging application Ftw.exe, version 13.0.281.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/05/2009 11:33:04 PM | Computer Name = CRONULLA | Source = Application Hang | ID = 1001
Description = Fault bucket 220756894.

Error - 8/05/2009 4:23:34 AM | Computer Name = CRONULLA | Source = | ID = 0
Description =

Error - 8/05/2009 5:13:28 AM | Computer Name = CRONULLA | Source = | ID = 0
Description =

Error - 8/05/2009 8:07:03 AM | Computer Name = CRONULLA | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 4.0.0.226, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/05/2009 8:07:04 AM | Computer Name = CRONULLA | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 4.0.0.226, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 22/03/2008 10:00:28 PM | Computer Name = CRONULLA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2066
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 11/01/2009 5:55:51 AM | Computer Name = CRONULLA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 356
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/05/2009 4:35:21 PM | Computer Name = CRONULLA | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 7/05/2009 5:46:32 PM | Computer Name = CRONULLA | Source = System Error | ID = 1003
Description = Error code 100000ea, parameter1 834008e0, parameter2 833d3978, parameter3
f79decb4, parameter4 00000001.

Error - 7/05/2009 5:57:44 PM | Computer Name = CRONULLA | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 8/05/2009 7:19:21 AM | Computer Name = CRONULLA | Source = System Error | ID = 1003
Description = Error code 100000ea, parameter1 82f50da8, parameter2 833cc278, parameter3
f79d2cb4, parameter4 00000001.

Error - 8/05/2009 7:20:06 AM | Computer Name = CRONULLA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
to connect.

Error - 8/05/2009 7:20:06 AM | Computer Name = CRONULLA | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%1053

Error - 8/05/2009 7:44:59 AM | Computer Name = CRONULLA | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 8/05/2009 9:35:12 AM | Computer Name = CRONULLA | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 8/05/2009 9:36:06 AM | Computer Name = CRONULLA | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 8/05/2009 9:38:33 AM | Computer Name = CRONULLA | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

< End of report >

Thanks in advance for any help.

Edited by JChamberlain, 08 May 2009 - 08:43 AM.

#2
sage5

Posted 14 May 2009 - 08:27 AM

RIP 10/2009

Retired Staff
2,646 posts

Hi JChamberlain,

Welcome back to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5, and I will be helping you with this problem.

OK, on with the fix:

First I need you to download the following tools & save them to your Desktop.
ComboFix from one of these locations:
Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the text from C:\ComboFix.txt in your next reply.

Cheers,

sage5

#3
JChamberlain

Posted 15 May 2009 - 12:32 AM

Member

Topic Starter
Member
10 posts

Thanks.

McAfee seems to think combofix is a trojan and is preventing me saving it to the desktop. How can I get around this?

#4
sage5

Posted 15 May 2009 - 01:48 AM

RIP 10/2009

Retired Staff
2,646 posts

Disable McAfee AntiVirus using directions Here
Then retry the instructions above.

Cheers,

sage5

#5
JChamberlain

Posted 15 May 2009 - 08:21 PM

Member

Topic Starter
Member
10 posts

McAfee seemed to start another instance of itself and removed the .exe again while combofix was running, but I think it managed to do its job.

The hidden-desktop-thing isn't there anymore that I can tell, so thats good.

Here's the log.

ComboFix 09-05-15.01 - Administrator 16/05/2009 11:51.3 - NTFSx86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mdm.exe
c:\windows\Web\default.htt
c:\windows\Web\deskmovr.htt

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-08 14:15 . 2009-05-08 14:15 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-08 14:03 . 2009-05-08 14:05 -------- d-----w C:\Rooter$
2009-05-08 13:55 . 2009-05-08 13:55 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-08 13:03 . 2009-05-08 13:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-08 13:03 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 13:03 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 13:03 . 2009-05-08 13:03 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-08 13:03 . 2009-05-08 13:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-08 12:59 . 2009-05-08 12:59 -------- d-----w c:\program files\ERUNT
2009-05-08 12:20 . 2009-05-08 12:20 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-08 11:41 . 2009-05-08 11:41 -------- d-----w c:\program files\Common Files\Skype
2009-05-08 11:23 . 2009-05-08 11:23 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache
2009-05-08 11:20 . 2009-05-08 11:20 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-08 11:17 . 2009-05-08 11:17 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-08 11:12 . 2009-05-08 11:12 -------- d-----w c:\windows\ie8updates
2009-05-08 11:11 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-08 11:07 . 2009-05-08 11:09 -------- dc-h--w c:\windows\ie8
2009-04-18 03:08 . 2009-04-18 03:08 -------- d-----w c:\program files\XS Gen Air
2009-04-18 03:07 . 2009-04-18 03:07 -------- d-----w c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 02:58 . 2008-01-18 08:26 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-08 13:46 . 2008-01-22 08:11 -------- d-----w c:\program files\SpywareBlaster
2009-05-08 11:42 . 2003-09-03 06:24 -------- d-----w c:\program files\Google
2009-05-08 11:41 . 2008-06-06 01:02 -------- d-----r c:\program files\Skype
2009-05-08 11:17 . 2004-07-09 00:37 72784 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 10:55 . 2008-01-22 10:24 -------- d-----w c:\program files\Microsoft Works
2009-05-03 02:32 . 2003-09-03 07:26 -------- d-----w c:\program files\Java
2009-04-14 21:52 . 2008-01-17 05:51 -------- d-----w c:\program files\McAfee
2009-04-12 01:05 . 2009-04-12 01:04 -------- d-----w c:\program files\iTunes
2009-04-12 01:04 . 2005-12-25 22:36 -------- d-----w c:\program files\iPod
2009-04-12 01:04 . 2007-07-01 02:26 -------- d-----w c:\program files\Common Files\Apple
2009-03-25 01:06 . 2008-01-17 05:53 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 01:06 . 2008-01-17 05:53 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 01:06 . 2008-01-17 05:53 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 01:06 . 2008-01-17 05:53 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 01:05 . 2008-01-17 05:53 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-19 06:32 . 2008-01-29 01:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 19:19 . 2009-01-14 01:36 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-07 18:34 . 2004-02-06 08:05 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-07 18:34 . 2003-08-30 03:25 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 18:33 . 2001-08-23 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 18:33 . 2003-08-30 03:25 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-07 18:32 . 2001-08-23 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-07 18:32 . 2003-08-30 03:25 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 18:31 . 2003-08-30 03:25 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 18:31 . 2003-08-30 03:25 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 18:31 . 2001-08-23 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-07 18:22 . 2001-08-23 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-08-30 03:25 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 12:59 . 2009-03-15 02:39 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 12:59 . 2008-10-08 23:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2003-09-03 06:23 . 2003-09-03 06:23 433432 ----a-w c:\program files\GoogleToolbarInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-09-12 1101824]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-09-08 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-09-08 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-05-23 88363]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-02-08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-02-08 20:47 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [29/08/2003 1:33 PM 9344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11:53 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 10:39 AM 55024]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [29/08/2003 1:33 PM 448640]
S2 gupdate1c9cfd2bcd1ee6;Google Update Service (gupdate1c9cfd2bcd1ee6);c:\program files\Google\Update\GoogleUpdate.exe [8/05/2009 9:42 PM 133104]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;\??\d:\bpiksp50.sys --> d:\BPIKSp50.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 3:51 PM 4096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3c58cb6-deb5-11dc-b0ba-0007e9592c65}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2009-05-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-15 21:35]

2009-05-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 11:42]

2008-01-17 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2003-08-30 00:12]

2008-01-31 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-01-17 23:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: hattrick.org\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\program files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qfqiuj7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au/
FF - plugin: c:\program files\ERDAS\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\program files\ERDAS\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\program files\ERDAS\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 11:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-220523388-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,12,f5,3f,12,ec,0a,4d,9d,cf,a6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,12,f5,3f,12,ec,0a,4d,9d,cf,a6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-05-16 12:00
ComboFix-quarantined-files.txt 2009-05-16 01:59

Pre-Run: 18,744,705,024 bytes free
Post-Run: 19,012,186,112 bytes free

203 --- E O F --- 2009-05-14 01:53

Edited by JChamberlain, 15 May 2009 - 08:25 PM.

#6
sage5

Posted 15 May 2009 - 10:45 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi JChamberlain,

That's looking pretty good now.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below, to download and install the latest vesion.
You will need to disable the McAfee stuff, while this is in action, & be warned, it can take some time

Upgrading Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 13".
Click the "Download" button to the right.
Select your Platform and check the box that says: " Java SE Runtime Environment 6 with JavaFX License Agreement".
Click on Continue.
Click on the link to download jre-6u13-windows-i586-p.exe & save to your Desktop.
Close all programs you may have running - especially your web browser, then double click on the jre-6u13-windows-i586-p.exe
Note: this version should uninstall all the previous versions from your PC
(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Proceed with the Scan:

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following are checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place, like C:\kasper.txt
Please post this log in your next reply.

Cheers,

sage5

#7
JChamberlain

Posted 16 May 2009 - 05:34 AM

Member

Topic Starter
Member
10 posts

Scan came up completely clean, so there's no log to post! system's running fine, thanks a lot.

#8
sage5

Posted 16 May 2009 - 07:58 AM

RIP 10/2009

Retired Staff
2,646 posts

Hi JChamberlain

Congratulations, your new log looks clear, so we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
- Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
  
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
- Click the Empty Selected button.
  
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Cleanup with OTListIt2:

Please double-click OTListIt2.exe to run it.
Click the Clean up button
Click NO at the restart prompt (We will do that in a moment.)

To Clear Restore points, please do the following:

Go to Start > Control Panel.
Double-click the System icon.
- NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
Click the System Restore tab.
Put a check by Disable System Restore.
Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

After reboot, you must turn System Restore back on:

Go back to the Troubleshooting tab.
UNcheck Disable System Restore.
Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Avira AntiVir Personal and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5

#9
JChamberlain

Posted 16 May 2009 - 11:01 PM

Member

Topic Starter
Member
10 posts

Great! Thanks again for your help.

#10
sage5

Posted 17 May 2009 - 06:02 AM

RIP 10/2009

Retired Staff
2,646 posts

You are very welcome JChamberlain

All the best,

sage5

#11
sage5

Posted 17 May 2009 - 06:02 AM

RIP 10/2009

Retired Staff
2,646 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.