Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I cannot download anything unless in safe mode

Started by woowoowoo , Oct 27 2011 07:15 AM

  • Please log in to reply

#1
woowoowoo
Posted 27 October 2011 - 07:15 AM

woowoowoo

    New Member

  • Member
  • Pip
  • 6 posts
Hi
I am having so many problems with my pc at the moment and hope you can help. I was running Mcafee happily for a few years then it suddenly started turning itself off, I would turn it back on and about 30 secs later it would turn off again. I tried scanning and it just stopped at the same place and hung every time. I uninstalled it and re installed, but no luck. I then noticed I also could not update any of my programs unless I did it from safe mode. Internet explorer will only run in safe mode and even there wont update. I can only run olt in safe mode. I have now installed Norton 360 on a 30 day trial and in normal mode it just runs 'complete your activation screen please wait'. I have run anti malware several times. I hope you can help. Thanks.

I have the OLT file that it generated in safe mode.

OTL logfile created on: 27/10/2011 13:29:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Fiona\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.48 Mb Total Physical Memory | 464.50 Mb Available Physical Memory | 51.93% Memory free
2.12 Gb Paging File | 1.87 Gb Available in Paging File | 88.17% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 140.33 Gb Free Space | 60.26% Space Free | Partition Type: NTFS

Computer Name: MAINFAMILYPC | User Name: Fiona | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/27 13:29:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fiona\My Documents\Downloads\OTL.exe
PRC - [2011/10/16 15:02:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/16 15:02:49 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/22 09:24:44 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
MOD - [2011/06/28 13:21:04 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/09/24 17:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/09/22 22:04:03 | 000,079,360 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/06/07 16:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/21 14:57:04 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/21 14:56:17 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111026.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/21 14:56:17 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/21 14:56:17 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/21 14:56:17 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111026.025\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/20 13:26:36 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111026.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/10/14 23:13:30 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111014.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/07 16:06:23 | 000,216,912 | ---- | M] () [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/30 11:51:44 | 000,034,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2011/03/30 11:51:42 | 000,216,008 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/30 11:51:42 | 000,040,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2011/03/30 11:51:36 | 000,080,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/30 11:51:36 | 000,035,368 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/22 01:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/16 01:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/03/30 00:44:48 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/03/30 00:44:48 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/03/30 00:44:48 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2006/02/22 02:44:08 | 000,268,736 | ---- | M] (WIS Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)
DRV - [2005/06/13 16:27:56 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/01/06 09:34:55 | 000,035,328 | R--- | M] (Euresys S.A.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UniMC.sys -- (UniMC)
DRV - [2005/01/06 09:34:47 | 000,053,248 | R--- | M] (Euresys S.A.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\McPicolo.sys -- (PicoloPro)
DRV - [2004/12/01 04:12:28 | 000,873,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/10 10:35:37 | 000,196,192 | R--- | M] (Euresys s.a.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\multicam.sys -- (MultiCam)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/31 04:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=1.0: C:\Program Files\Virtual Earth 3D\ [2007/08/31 15:29:35 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/10/24 14:29:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_2_3 [2011/10/27 10:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/16 15:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/21 12:07:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/06/01 08:52:36 | 000,000,000 | ---D | M]

[2009/06/06 14:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Extensions
[2009/06/06 14:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Extensions\[email protected]
[2011/10/01 09:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions
[2009/12/26 10:16:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/23 18:56:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/04/26 14:51:59 | 000,000,000 | ---D | M] (Flash AX Control) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\[email protected](2).uk
[2010/04/26 16:36:03 | 000,000,000 | ---D | M] (Flash AX Control) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\[email protected]
[2006/03/18 11:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\temp
[2011/08/16 11:18:40 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\searchplugins\conduit.xml
[2011/10/24 18:21:06 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\searchplugins\safesearch.xml
[2011/09/12 15:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 09:13:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/10 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/12 15:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2007/08/31 15:33:45 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2007/08/31 15:37:00 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(3).org
[2011/10/27 10:09:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN_2011_7_2_3
[2011/10/24 14:29:02 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
() (No name found) -- C:\DOCUMENTS AND SETTINGS\FIONA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YT4MAUPX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/05/15 09:12:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/16 15:02:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2008/06/18 06:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/16 21:15:58 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/03/10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/10/16 15:02:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 16:28:20 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: BBC iPlayer Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2008/06/15 10:30:29 | 000,249,881 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [DLSService] C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - HKLM..\Run: [mcinfo_1317812964] C:\DOCUME~1\Fiona\LOCALS~1\Temp\mcinfo_1317812964.exe /insfin File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADB9C4D9-64FC-4461-A5F2-E8A5806CB613}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Fiona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fiona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/21 19:40:08 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/09/08 20:13:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 15:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Application Data\Tific
[2011/10/25 15:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Local Settings\Application Data\Symantec
[2011/10/24 13:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Local Settings\Application Data\NPE
[2011/10/21 14:56:59 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/10/21 14:56:58 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys
[2011/10/21 14:56:58 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/10/21 14:56:58 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys
[2011/10/21 14:56:58 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/10/21 14:56:58 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/10/21 14:56:57 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/10/21 14:56:57 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/10/21 14:56:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/10/21 14:44:02 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/21 14:44:02 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/21 14:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/21 14:43:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/10/21 14:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/10/21 14:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/10/21 14:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/10/21 14:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/10/21 13:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Desktop\Downloads
[2011/10/21 13:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Application Data\GetRightToGo
[2011/10/21 12:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/10/21 12:24:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fiona\Recent
[2011/10/21 11:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/10/21 11:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Application Data\Uniblue
[2011/10/21 11:19:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/10/21 11:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/10/21 10:49:37 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/10/21 10:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/10/16 17:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Application Data\McAfee
[2011/10/08 10:05:38 | 000,040,648 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2011/10/08 10:05:38 | 000,035,368 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/10/08 10:05:37 | 000,216,008 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2011/10/08 10:05:37 | 000,080,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/10/08 10:01:50 | 000,034,376 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2011/10/05 13:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Application Data\AVG8
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Fiona\My Documents\*.tmp files -> C:\Documents and Settings\Fiona\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/27 13:14:25 | 000,013,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/27 13:13:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/27 13:08:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-484061587-725345543-1004UA.job
[2011/10/25 14:08:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-484061587-725345543-1004Core.job
[2011/10/24 17:26:11 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/10/24 15:39:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/10/24 15:23:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/10/24 14:44:02 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Fiona\My Documents\spider.sav
[2011/10/22 10:02:49 | 000,737,058 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/10/21 19:14:50 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/10/21 14:57:04 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/21 14:57:04 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/21 14:57:04 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/21 14:57:04 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/21 12:52:05 | 000,587,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/21 11:32:14 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/16 17:54:24 | 000,225,667 | ---- | M] () -- C:\Documents and Settings\Fiona\Desktop\MVTHealthCheck.html
[2011/10/16 17:45:09 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/10/12 10:17:18 | 000,482,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/12 10:17:18 | 000,086,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/08 21:47:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/08 12:17:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/05 16:58:32 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/10/05 10:06:27 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Fiona\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 10:06:26 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Fiona\Desktop\Google Chrome.lnk
[2011/10/03 09:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Fiona\My Documents\*.tmp files -> C:\Documents and Settings\Fiona\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/22 10:11:21 | 000,335,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/21 19:13:18 | 000,737,058 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/10/21 14:56:58 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/10/21 14:56:58 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat
[2011/10/21 14:56:58 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat
[2011/10/21 14:56:58 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf
[2011/10/21 14:56:58 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf
[2011/10/21 14:56:58 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/10/21 14:56:58 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf
[2011/10/21 14:56:57 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/10/21 14:56:57 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/10/21 14:56:57 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/10/21 14:56:57 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/10/21 14:56:57 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/10/21 14:56:57 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf
[2011/10/21 14:56:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat
[2011/10/21 14:56:22 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/10/21 14:44:02 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/21 14:44:02 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/21 14:43:54 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/10/21 11:32:13 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/16 17:54:24 | 000,225,667 | ---- | C] () -- C:\Documents and Settings\Fiona\Desktop\MVTHealthCheck.html
[2011/10/16 17:45:09 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/10/16 17:43:28 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/10/05 16:58:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/03 18:31:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/06/22 11:59:42 | 000,000,230 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/06/22 11:59:42 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/06/22 11:59:09 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/06/22 11:59:09 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/06/22 11:57:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/06/22 11:57:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/06/22 11:53:29 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/05/26 09:50:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2009/12/21 17:43:43 | 000,132,172 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/21 00:54:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/12/21 00:53:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/12/20 22:43:03 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/15 18:17:31 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/04/08 21:15:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/04/08 17:11:20 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2009/04/08 16:17:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/04/08 15:20:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/04/08 15:20:56 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/04/08 15:20:56 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/04/08 15:20:56 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/04/08 15:20:56 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/04/08 15:20:56 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/04/08 15:20:56 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/04/08 15:20:56 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/04/08 15:20:56 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/04/08 15:20:56 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/04/08 15:20:56 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/04/08 15:20:56 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/04/08 15:20:56 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/04/08 15:20:56 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/04/08 15:20:56 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/04/08 15:20:56 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/04/08 15:20:56 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/04/08 15:20:56 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/04/08 15:20:56 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/12/25 12:23:04 | 000,000,549 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/12/25 11:17:32 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/12/25 11:17:32 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/12/25 11:17:32 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/12/23 13:42:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/21 22:29:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/07/03 09:37:06 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/03/31 17:15:55 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2008/03/06 19:18:35 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2008/02/08 18:32:11 | 000,000,014 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2007/06/04 11:20:51 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/05/19 18:35:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2007/05/19 16:05:41 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2007/05/19 16:05:39 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2007/05/19 16:05:38 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2007/05/19 16:05:38 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2007/04/05 14:30:33 | 000,000,266 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2006/10/31 10:31:13 | 000,000,039 | ---- | C] () -- C:\WINDOWS\pamlicSil.dll
[2006/07/26 18:55:10 | 000,000,039 | ---- | C] () -- C:\WINDOWS\pamlicCls.dll
[2006/06/25 00:29:48 | 000,000,299 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/04/27 18:38:55 | 000,002,256 | ---- | C] () -- C:\WINDOWS\current_settings.bin
[2006/01/04 08:55:00 | 000,030,800 | ---- | C] () -- C:\WINDOWS\go7007fw.bin
[2005/12/26 12:35:24 | 000,150,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\MLTCAP.sys
[2005/11/14 20:11:48 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\83D2CF34C8.sys
[2005/11/14 20:11:43 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/14 19:39:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/11/14 19:39:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/11/14 19:21:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2005/10/25 18:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/08 16:42:18 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/10/08 16:16:45 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/10/07 18:44:37 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/06 14:17:09 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Fiona\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/23 17:10:16 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/23 01:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2005/09/22 19:26:26 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5n.DLL
[2005/09/11 19:20:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/09/11 19:20:55 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/09/11 19:20:41 | 000,008,330 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/09/11 19:03:05 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/09/08 21:00:35 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/08 20:59:25 | 000,587,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/08 20:20:42 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/09/08 20:15:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/08 20:11:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,482,434 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,086,444 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/02/28 03:40:00 | 000,143,540 | ---- | C] () -- C:\WINDOWS\go7007sb.bin
[2003/12/09 15:34:00 | 000,000,208 | ---- | C] () -- C:\WINDOWS\go7007fw_pf.bin
[2002/03/17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000019.DLL
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/11/21 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/21 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Fiona\Desktop\02 - Its Amazing (Album Version).mp3:Roxio EMC Stream
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13666EE4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129

< End of report >

Attached File  OTLs.Txt   109.14KB   99 downloads
  • 0

Advertisements

#2
RKinner
Posted 27 October 2011 - 01:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe
Run the Avg Remover

Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
Run the McAfee uninstall tool

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)

Run the Norton Removal tool.

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt

Ron
  • 0

#3
woowoowoo
Posted 28 October 2011 - 04:48 PM

woowoowoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Ron

I have done all you asked and am attaching Combofix file.
My computer is still acting in the same way as before, it wont let me register Avast, it just hangs on the Avast screen until I close it down and I then get the message that the program has stopped responding end now message, which is what I get when I try to download anything unless I do it in safe mode.
It came up with 28 infected files.

Thanks again for your time
Fiona

ComboFix 11-10-28.04 - Fiona 28/10/2011 19:01:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.547 [GMT 1:00]
Running from: c:\documents and settings\Fiona\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Cait.BOX1\WINDOWS
c:\documents and settings\Fiona\Favorites\Download programs.url
c:\documents and settings\Fiona\Favorites\Games.url
c:\documents and settings\Fiona\Favorites\Translator.url
c:\documents and settings\Fiona\Favorites\Videos.url
c:\documents and settings\Fiona\My Documents\~WRL0826.tmp
c:\documents and settings\Fiona\My Documents\~WRL2898.tmp
c:\documents and settings\Fiona\My Documents\~WRL4060.tmp
c:\documents and settings\Fiona\Start Menu\Programs\Download programs.url
c:\documents and settings\Fiona\Start Menu\Programs\Games.url
c:\documents and settings\Fiona\Start Menu\Programs\Translator.url
c:\documents and settings\Fiona\Start Menu\Programs\Videos.url
c:\documents and settings\Fiona\WINDOWS
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\explorer(3)(2).exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iun6002.exe
c:\windows\system32\CTF
c:\windows\system32\d3d9caps.dat
c:\windows\UA000019.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-25 14:16 . 2011-10-25 14:16 -------- d-----w- c:\documents and settings\Fiona\Application Data\Tific
2011-10-25 14:16 . 2011-10-25 14:16 -------- d-----w- c:\documents and settings\Fiona\Local Settings\Application Data\Symantec
2011-10-24 12:52 . 2011-10-24 13:47 -------- d-----w- c:\documents and settings\Fiona\Local Settings\Application Data\NPE
2011-10-21 13:42 . 2011-10-21 13:42 -------- d-----w- c:\program files\Windows Sidebar
2011-10-21 12:38 . 2011-10-21 12:41 -------- d-----w- c:\documents and settings\Fiona\Application Data\GetRightToGo
2011-10-21 11:35 . 2011-10-21 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-21 10:19 . 2011-10-21 10:19 -------- d-----w- c:\documents and settings\Fiona\Application Data\Uniblue
2011-10-21 10:19 . 2011-10-21 11:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2011-10-21 10:19 . 2011-10-21 10:19 -------- d-----w- c:\program files\Uniblue
2011-10-21 09:49 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-10-21 09:49 . 2011-10-21 09:49 -------- d-----w- c:\program files\Panda Security
2011-10-16 16:45 . 2011-10-16 16:45 -------- d-----w- c:\documents and settings\Fiona\Application Data\McAfee
2011-10-08 09:05 . 2011-03-30 10:51 40648 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2011-10-08 09:05 . 2011-03-30 10:51 35368 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-08 09:05 . 2011-03-30 10:51 216008 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-08 09:05 . 2011-03-30 10:51 80136 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-08 09:01 . 2011-03-30 10:51 34376 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2011-10-05 12:00 . 2011-10-05 12:00 -------- d-----w- c:\documents and settings\Fiona\Application Data\AVG8
2011-10-04 10:33 . 2011-10-04 10:33 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 10:41 . 2008-07-29 19:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-24 11:24 . 2011-08-24 11:24 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-16 14:02 . 2011-10-16 14:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-10-28 55808]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-17 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Fiona^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Fiona\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Fiona^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Fiona\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 11:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-07-01 22:12 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 07:22 1089536 ----a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 16:57 86016 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DymoQuickPrint]
2009-10-29 00:09 1885944 ----a-w- c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-07 12:35 133104 -----tw- c:\documents and settings\Fiona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 00:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\O2]
2008-03-28 21:47 198184 ------w- c:\program files\O2\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2009-12-26 11:10 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-04-11 13:17 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-02-18 19:05 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSSQL$AUTODESKVAULT"=2 (0x2)
"KService"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"Autodesk EDM Server"=2 (0x2)
"Autodesk Data Management Job Dispatch"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"SupportSoft RemoteAssist"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"sprtsvc_O2"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"RapportMgmtService"=2 (0x2)
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McComponentHostService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"EPSON_PM_RPCV4_01"=2 (0x2)
"EPSON_EB_RPCV4_01"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iCatcher\\iCatcherTools.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [19/05/2007 16:05 38448]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [21/10/2011 10:49 28552]
R1 MultiCam;MultiCam for Picolo;c:\windows\system32\drivers\multicam.sys [10/05/2006 15:42 196192]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [07/08/2011 16:06 216912]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R1 UniMC;Unified MultiCam;c:\windows\system32\drivers\UniMC.sys [04/05/2006 14:56 35328]
S1 PicoloPro;PICOLO drivers;c:\windows\system32\drivers\McPicolo.sys [04/05/2006 14:56 53248]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 13:54 98568]
S4 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
S4 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-484061587-725345543-1004Core.job
- c:\documents and settings\Fiona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-07 12:35]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-484061587-725345543-1004UA.job
- c:\documents and settings\Fiona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-07 12:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: o2.co.uk\*.broadband
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.com http://s2.travian.com http://s3.travian.com http://s4.travian.com
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Express ClickYes - c:\program files\Express ClickYes\ClickYes.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-EasyCAD - e:\easycad\ECAD\UNINST.EXE
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 19:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}*]
"VBOGEGOY1DKTBDELSVQBDYRDXB1"=hex:01,00,01,00,00,00,00,00,d4,b3,d7,da,ae,5a,86,
f1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2742423D-9B2C-E1F8-2204FBC3D18DB555}\{88A68896-609D-936A-26F31FA12C544D88}\{4CDB3AFE-271E-9455-9E26AF69AD97A138}*]
"2ZCAQF6BQYBTXSROMGCYPNVIRB1"=hex:01,00,01,00,00,00,00,00,d4,b3,d7,da,ae,5a,86,
f1,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1D66034-199B-5834-FAD091A744E2DF52}\{A9398372-0762-3A7E-A7C8ABB3F38F2F6E}\{F18374B6-D35D-16D4-9DBDDA1016548C70}*]
"TKXOCIF12AS45MG3KJPY6BAVAE1"=hex:01,00,01,00,00,00,00,00,74,e3,83,a3,77,ff,da,
bf,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(552)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1412)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-28 19:25:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-28 18:25
.
Pre-Run: 151,332,642,816 bytes free
Post-Run: 152,063,815,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B427E10751AF66741F9F049A396AD81F

Attached Files


  • 0

#4
RKinner
Posted 29 October 2011 - 11:12 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

Firefox::
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.com http://s2.travian.com http://s3.travian.com http://s4.travian.com
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service


Driver::
Pcouffin

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2742423D-9B2C-E1F8-2204FBC3D18DB555}\{88A68896-609D-936A-26F31FA12C544D88}\{4CDB3AFE-271E-9455-9E26AF69AD97A138}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1D66034-199B-5834-FAD091A744E2DF52}\{A9398372-0762-3A7E-A7C8ABB3F38F2F6E}\{F18374B6-D35D-16D4-9DBDDA1016548C70}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2742423D-9B2C-E1F8-2204FBC3D18DB555}\{88A68896-609D-936A-26F31FA12C544D88}\{4CDB3AFE-271E-9455-9E26AF69AD97A138}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1D66034-199B-5834-FAD091A744E2DF52}\{A9398372-0762-3A7E-A7C8ABB3F38F2F6E}\{F18374B6-D35D-16D4-9DBDDA1016548C70}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2742423D-9B2C-E1F8-2204FBC3D18DB555}\{88A68896-609D-936A-26F31FA12C544D88}\{4CDB3AFE-271E-9455-9E26AF69AD97A138}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1D66034-199B-5834-FAD091A744E2DF52}\{A9398372-0762-3A7E-A7C8ABB3F38F2F6E}\{F18374B6-D35D-16D4-9DBDDA1016548C70}]


Registry::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2742423D-9B2C-E1F8-2204FBC3D18DB555}\{88A68896-609D-936A-26F31FA12C544D88}\{4CDB3AFE-271E-9455-9E26AF69AD97A138}*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1D66034-199B-5834-FAD091A744E2DF52}\{A9398372-0762-3A7E-A7C8ABB3F38F2F6E}\{F18374B6-D35D-16D4-9DBDDA1016548C70}*]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0A23C812-28A4-A3EF-EC599404379BDED8}\{EDDB7AE9-60BA-FC8B-2A36AEA66116E16E}\{30AFDBAC-89B1-0DCB-309A1919CB2D0BED}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2742423D-9B2C-E1F8-2204FBC3D18DB555}\{88A68896-609D-936A-26F31FA12C544D88}\{4CDB3AFE-271E-9455-9E26AF69AD97A138}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C1D66034-199B-5834-FAD091A744E2DF52}\{A9398372-0762-3A7E-A7C8ABB3F38F2F6E}\{F18374B6-D35D-16D4-9DBDDA1016548C70}]


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#5
woowoowoo
Posted 30 October 2011 - 07:35 AM

woowoowoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok here are the files as requested

OTL logfile created on: 30/10/2011 13:26:37 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Fiona\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.48 Mb Total Physical Memory | 501.71 Mb Available Physical Memory | 56.09% Memory free
2.12 Gb Paging File | 1.89 Gb Available in Paging File | 89.33% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 141.11 Gb Free Space | 60.59% Space Free | Partition Type: NTFS

Computer Name: MAINFAMILYPC | User Name: Fiona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 13:13:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fiona\Desktop\OTL (1).exe
PRC - [2011/09/06 21:05:43 | 003,495,256 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2011/09/06 20:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/10/28 23:56:28 | 000,055,808 | ---- | M] (Sanford, L.P.) -- C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 00:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2005/07/15 21:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/28 18:43:22 | 001,579,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092801\algo.dll
MOD - [2011/09/27 21:41:34 | 000,212,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092801\aswRep.dll
MOD - [2011/09/06 21:04:26 | 000,192,048 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\Setup\setiface.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/25 17:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/24 16:07:18 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/09/22 21:04:03 | 000,079,360 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/11/27 11:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/06/07 15:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/25 18:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 18:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 18:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/06 20:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 20:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 20:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 20:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 20:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 20:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 20:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/07 15:06:23 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/04/23 12:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 12:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 12:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 12:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 12:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/03/29 23:44:48 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/03/29 23:44:48 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/03/29 23:44:48 | 000,032,352 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2006/02/22 01:44:08 | 000,268,736 | ---- | M] (WIS Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)
DRV - [2005/06/13 15:27:56 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/01/06 08:34:55 | 000,035,328 | R--- | M] (Euresys S.A.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UniMC.sys -- (UniMC)
DRV - [2005/01/06 08:34:47 | 000,053,248 | R--- | M] (Euresys S.A.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\McPicolo.sys -- (PicoloPro)
DRV - [2004/12/01 03:12:28 | 000,873,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/10 09:35:37 | 000,196,192 | R--- | M] (Euresys s.a.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\multicam.sys -- (MultiCam)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/31 03:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=1.0: C:\Program Files\Virtual Earth 3D\ [2007/08/31 14:29:35 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/28 18:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/16 14:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/21 11:07:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/06/01 07:52:36 | 000,000,000 | ---D | M]

[2009/06/06 13:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Extensions
[2009/06/06 13:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Extensions\[email protected]
[2011/10/01 08:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions
[2009/12/26 09:16:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/23 17:56:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/04/26 13:51:59 | 000,000,000 | ---D | M] (Flash AX Control) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\[email protected](2).uk
[2010/04/26 15:36:03 | 000,000,000 | ---D | M] (Flash AX Control) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\[email protected]
[2006/03/18 10:09:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\temp
[2011/08/16 10:18:40 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\searchplugins\conduit.xml
[2011/10/24 17:21:06 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\searchplugins\safesearch.xml
[2011/09/12 14:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 08:13:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/10 15:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/12 14:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2007/08/31 14:33:45 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2007/08/31 14:37:00 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(3).org
() (No name found) -- C:\DOCUMENTS AND SETTINGS\FIONA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YT4MAUPX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/28 18:58:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/05/15 08:12:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/16 14:02:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2008/06/18 05:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/16 20:15:58 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 23:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/10/16 14:02:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 15:28:20 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: BBC iPlayer Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Fiona\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2011/10/30 12:26:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLSService] C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADB9C4D9-64FC-4461-A5F2-E8A5806CB613}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Fiona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fiona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/21 18:40:08 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/09/08 19:13:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 13:14:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fiona\Desktop\OTL (1).exe
[2011/10/30 12:49:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/30 11:58:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/28 18:58:31 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/28 18:58:31 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/28 18:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/28 18:58:28 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/28 18:58:27 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/28 18:58:27 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/28 18:58:26 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/28 18:58:26 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/28 18:58:25 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/28 18:58:01 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/28 18:58:00 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/28 18:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/28 18:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/28 18:32:01 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Fiona\Desktop\MCPR.exe
[2011/10/28 18:31:49 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Fiona\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/10/28 18:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/28 17:07:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/28 17:07:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/28 17:07:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/28 17:07:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/28 17:07:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/28 16:59:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/28 16:58:39 | 004,276,337 | R--- | C] (Swearware) -- C:\Documents and Settings\Fiona\Desktop\ComboFix.exe
[2011/10/25 14:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Application Data\Tific
[2011/10/25 14:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Local Settings\Application Data\Symantec
[2011/10/24 12:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Local Settings\Application Data\NPE
[2011/10/21 13:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/10/21 12:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Desktop\Downloads
[2011/10/21 12:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Application Data\GetRightToGo
[2011/10/21 11:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/10/21 11:24:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fiona\Recent
[2011/10/21 10:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/10/21 10:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Application Data\Uniblue
[2011/10/21 10:19:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/10/21 10:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/10/21 09:49:37 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/10/21 09:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/10/05 12:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fiona\Application Data\AVG8
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 13:16:05 | 000,013,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/30 13:15:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/30 13:13:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fiona\Desktop\OTL (1).exe
[2011/10/30 13:10:05 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Fiona\My Documents\spider.sav
[2011/10/30 13:08:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-484061587-725345543-1004UA.job
[2011/10/30 12:26:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/30 11:58:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/30 08:43:20 | 000,482,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 08:43:20 | 000,086,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/28 18:58:32 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/28 18:58:26 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/28 18:36:21 | 059,854,808 | ---- | M] () -- C:\Documents and Settings\Fiona\Desktop\setup_av_free_cnet.exe
[2011/10/28 18:33:31 | 000,920,384 | ---- | M] () -- C:\Documents and Settings\Fiona\Desktop\Norton_Removal_Tool.exe
[2011/10/28 18:32:03 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Fiona\Desktop\MCPR.exe
[2011/10/28 18:31:34 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Fiona\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/10/28 17:11:34 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2011/10/28 16:58:41 | 004,276,337 | R--- | M] (Swearware) -- C:\Documents and Settings\Fiona\Desktop\ComboFix.exe
[2011/10/27 13:08:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-484061587-725345543-1004Core.job
[2011/10/27 12:37:23 | 000,587,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/24 16:26:11 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/10/24 14:39:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/10/21 10:32:14 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/16 16:54:24 | 000,225,667 | ---- | M] () -- C:\Documents and Settings\Fiona\Desktop\MVTHealthCheck.html
[2011/10/16 16:45:09 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/10/08 20:47:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/05 15:58:32 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/10/05 09:06:27 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Fiona\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 09:06:26 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Fiona\Desktop\Google Chrome.lnk
[2011/10/03 08:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/28 18:58:32 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/28 18:33:25 | 000,920,384 | ---- | C] () -- C:\Documents and Settings\Fiona\Desktop\Norton_Removal_Tool.exe
[2011/10/28 18:33:04 | 059,854,808 | ---- | C] () -- C:\Documents and Settings\Fiona\Desktop\setup_av_free_cnet.exe
[2011/10/28 17:11:34 | 000,000,327 | ---- | C] () -- C:\Boot.bak
[2011/10/28 17:11:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/28 17:07:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/28 17:07:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/28 17:07:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/28 17:07:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/28 17:07:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/22 09:11:21 | 000,335,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/21 10:32:13 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/16 16:54:24 | 000,225,667 | ---- | C] () -- C:\Documents and Settings\Fiona\Desktop\MVTHealthCheck.html
[2011/10/16 16:45:09 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/10/16 16:43:28 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/10/05 15:58:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/03 17:31:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/06/22 10:59:42 | 000,000,230 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/06/22 10:59:42 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/06/22 10:59:09 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/06/22 10:59:09 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/06/22 10:57:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/06/22 10:57:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/06/22 10:53:29 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/05/26 08:50:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/01/14 02:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010/01/14 02:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2009/12/21 16:43:43 | 000,132,172 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/20 23:54:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/12/20 23:53:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/12/20 21:43:03 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/15 17:17:31 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/04/08 20:15:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/04/08 16:11:20 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT
[2009/04/08 15:17:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/04/08 14:20:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/04/08 14:20:56 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/04/08 14:20:56 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/04/08 14:20:56 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/04/08 14:20:56 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/04/08 14:20:56 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/04/08 14:20:56 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/04/08 14:20:56 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/04/08 14:20:56 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/04/08 14:20:56 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/04/08 14:20:56 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/04/08 14:20:56 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/04/08 14:20:56 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/04/08 14:20:56 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/04/08 14:20:56 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/04/08 14:20:56 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/04/08 14:20:56 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/04/08 14:20:56 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/04/08 14:20:56 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/12/25 11:23:04 | 000,000,549 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/12/25 10:17:32 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/12/25 10:17:32 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/12/25 10:17:32 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/12/21 21:29:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/07/03 08:37:06 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/03/31 16:15:55 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2008/03/06 18:18:35 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2008/02/08 17:32:11 | 000,000,014 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2007/06/04 10:20:51 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/05/19 17:35:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2007/05/19 15:05:41 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2007/05/19 15:05:39 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2007/05/19 15:05:38 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2007/05/19 15:05:38 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2007/04/05 13:30:33 | 000,000,266 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2006/10/31 09:31:13 | 000,000,039 | ---- | C] () -- C:\WINDOWS\pamlicSil.dll
[2006/07/26 17:55:10 | 000,000,039 | ---- | C] () -- C:\WINDOWS\pamlicCls.dll
[2006/06/24 23:29:48 | 000,000,299 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/04/27 17:38:55 | 000,002,256 | ---- | C] () -- C:\WINDOWS\current_settings.bin
[2006/01/04 07:55:00 | 000,030,800 | ---- | C] () -- C:\WINDOWS\go7007fw.bin
[2005/12/26 11:35:24 | 000,150,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\MLTCAP.sys
[2005/11/14 19:11:48 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\83D2CF34C8.sys
[2005/11/14 19:11:43 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/14 18:39:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/11/14 18:39:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/11/14 18:21:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2005/10/25 17:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/08 15:42:18 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/10/08 15:16:45 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/10/07 17:44:37 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/06 13:17:09 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Fiona\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/23 16:10:16 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/23 00:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2005/09/22 18:26:26 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5n.DLL
[2005/09/11 18:20:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/09/11 18:20:55 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/09/11 18:20:41 | 000,008,330 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/09/11 18:03:05 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/09/08 20:00:35 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/08 19:59:25 | 000,587,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/08 19:20:42 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/09/08 19:15:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/08 19:11:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,482,434 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,086,444 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/02/28 02:40:00 | 000,143,540 | ---- | C] () -- C:\WINDOWS\go7007sb.bin
[2003/12/09 14:34:00 | 000,000,208 | ---- | C] () -- C:\WINDOWS\go7007fw_pf.bin
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/11/20 23:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/20 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/20 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/20 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Fiona\Desktop\02 - Its Amazing (Album Version).mp3:Roxio EMC Stream
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13666EE4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129

< End of report >

Attached Files


  • 0

#6
RKinner
Posted 30 October 2011 - 10:14 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall:
J2SE Runtime Environment 5.0 Update 3 - obsolete
J2SE Runtime Environment 5.0 Update 5 - obsolete
Adobe Reader 7.1.0 - obsolete
SUPERAntiSpyware - may interfere can be reinstalled later
Rapport - Appears broken can be reinstalled later

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/08/16 10:18:40 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\searchplugins\conduit.xml
[2011/10/24 17:21:06 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\searchplugins\safesearch.xml
[2011/09/23 17:56:08 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/05/15 08:13:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/10 15:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config KService start= disabled /c
    
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Any improvement? Try opening IE, then Tools, Internet Options, Advanced, then RESET (down at the bottom)

Ron
  • 0

#7
woowoowoo
Posted 31 October 2011 - 06:49 AM

woowoowoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Ron
Yes I can now run IE OK

Here is the OLT file

Thanks
Fiona
  • 0

#8
woowoowoo
Posted 31 October 2011 - 06:54 AM

woowoowoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\searchplugins\safesearch.xml moved successfully.
C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Documents and Settings\Fiona\Application Data\Mozilla\Firefox\Profiles\yt4maupx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{55FAF0F2-44D4-425F-B5F5-6B275B621EAB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55FAF0F2-44D4-425F-B5F5-6B275B621EAB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ not found.
File C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
File C:\Program Files\SUPERAntiSpyware\SASSEH.DLL not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Fiona\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fiona\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Fiona\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fiona\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Fiona\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fiona\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Fiona\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fiona\Desktop\cmd.txt deleted successfully.
< sc config KService start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Fiona\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fiona\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 10312011_123507

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Attached Files


  • 0

#9
RKinner
Posted 31 October 2011 - 04:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Logs look OK. Any problems left?
  • 0

#10
woowoowoo
Posted 01 November 2011 - 02:07 AM

woowoowoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Ron
It is all working great now. I'm a happy bunny , thank you very much. I still have a few issues with my car though :)


Kind regards and big hugs
Fiona
  • 0

#11
RKinner
Posted 01 November 2011 - 12:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK. I used to be a pretty fair hobby auto mechanic but that's been a while. Cleanup Time:

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 27 or 7 update 0). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP