Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Artemis!

Started by Steve_gts , Jul 28 2010 05:38 AM

  • This topic is locked This topic is locked

#16
Steve_gts
Posted 01 August 2010 - 12:51 PM

Steve_gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I added the .txt file to Combofix, then went away, when I cam back I noticed that McAfee was back on (I had disabled it until reboot), I let it continue running, it got to the end, rebooted the PC, when it started Combofix reopened and was generating the log file, but then the PC did it's usual turning on and off until i got the "serious error" message, but it doesnt seem to have created the report, as it rebooted whilst it was being generated.

Also, when Combofix started up I had to go through the same process of installing the windows recovery console again.

I could do it again, but when it reboots put it into safe mode, that's the only way it will not crash on the first startup attempt.
  • 0

Advertisements

#17
SweetTech
Posted 01 August 2010 - 12:59 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Try running the ComboFix script in Safe mode, and see if you have better luck doing that.
  • 0

#18
Steve_gts
Posted 02 August 2010 - 05:10 AM

Steve_gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi SweetTech,

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
None

2. The log that is produced after running the ComboFix script.
ComboFix 10-08-01.01 - Administrator 02/08/2010 8:49.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.586 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\Administrator\Application Data\C8D1D49FF8E60DCC0ED4D06536BF3598\setupupdater0000.exe"
"c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1D7.tmp.exe"
"c:\documents and settings\All Users\Application Data\NOD8JYA.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Application Data\C8D1D49FF8E60DCC0ED4D06536BF3598\setupupdater0000.exe
c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1D7.tmp.exe
c:\documents and settings\All Users\Application Data\NOD8JYA.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-01 14:30 . 2010-08-01 14:30 -------- d-----w- C:\_OTL
2010-07-28 15:42 . 2010-07-28 15:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit Software
2010-07-27 19:13 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-27 16:12 . 2010-07-27 16:12 -------- d-----w- C:\_OTM
2010-07-27 15:43 . 2010-07-27 15:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenDNS Updater
2010-07-27 15:43 . 2010-07-27 15:43 -------- d-----w- c:\program files\OpenDNS Updater
2010-07-27 14:25 . 2010-07-27 14:25 -------- d-----w- c:\program files\Foxit Software
2010-07-27 11:06 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 11:05 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 11:01 . 2010-07-27 11:01 -------- d-----w- c:\program files\ERUNT
2010-07-22 15:12 . 2010-07-22 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp
2010-07-22 12:14 . 2009-02-25 10:34 13824 ----a-r- c:\windows\system32\drivers\QsFsFltr.sys
2010-07-22 12:11 . 2010-07-22 12:14 -------- d-----w- c:\program files\Iomega
2010-07-14 07:27 . 2010-07-14 07:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-07-12 11:25 . 2010-07-12 11:25 -------- d-----w- c:\program files\WinASO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 17:05 . 2010-03-10 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 17:05 . 2008-11-26 12:15 -------- d-----w- c:\program files\QuickTime
2010-08-01 15:39 . 2008-07-04 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-31 11:03 . 2010-06-07 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-29 08:16 . 2007-07-11 14:13 -------- d-----w- c:\program files\Actinic v8
2010-07-27 16:29 . 2004-08-04 08:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-27 14:33 . 2010-06-15 12:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-27 14:22 . 2006-10-09 12:31 -------- d-----w- c:\program files\Common Files\Java
2010-07-27 14:19 . 2006-10-09 12:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-27 13:51 . 2010-06-28 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-27 09:24 . 2010-03-10 20:48 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-27 09:23 . 2010-03-10 20:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-27 09:19 . 2006-10-09 12:34 -------- d-----w- c:\program files\Google
2010-07-26 10:13 . 2010-01-20 15:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-23 11:07 . 2008-03-11 12:46 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-07-23 11:07 . 2008-03-11 12:46 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-07-22 15:26 . 2007-01-11 13:16 -------- d-----w- c:\program files\Creative
2010-07-03 10:25 . 2010-06-18 08:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-01 12:52 . 2010-07-05 07:22 1496064 ------w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-01 12:51 . 2010-07-05 07:22 43008 ------w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-01 12:51 . 2010-07-05 07:22 338944 ------w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-01 12:51 . 2010-07-05 07:22 346112 ------w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-28 16:49 . 2010-06-28 16:49 -------- d-----w- c:\program files\Alwil Software
2010-06-24 16:23 . 2007-05-16 15:43 -------- d-----w- c:\program files\Docudesk
2010-06-15 16:42 . 2010-06-15 16:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\IBP
2010-06-15 12:11 . 2010-06-15 12:11 503808 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62014bbf-n\msvcp71.dll
2010-06-15 12:11 . 2010-06-15 12:11 12800 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-572843a9-n\decora-d3d.dll
2010-06-15 12:11 . 2010-06-15 12:11 499712 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62014bbf-n\jmc.dll
2010-06-15 12:11 . 2010-06-15 12:11 61440 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-572843a9-n\decora-sse.dll
2010-06-15 12:11 . 2010-06-15 12:11 348160 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62014bbf-n\msvcr71.dll
2010-06-15 12:08 . 2006-10-09 12:31 -------- d-----w- c:\program files\Java
2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 07:49 . 2010-04-28 07:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-11 09:39 . 2010-06-11 09:30 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-07 13:27 . 2010-06-07 13:27 86016 ------w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-07 08:12 . 2009-11-15 14:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 09:28 . 2010-06-15 13:13 865792 ------w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-05-21 13:14 . 2009-10-05 08:06 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-04-27 16:16 . 2010-04-28 11:32 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2009-08-24 20:20 331776 ----a-w- c:\program files\ACT\Act for Windows\ActSage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2009-08-24 20:09 28672 ----a-w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-13 19:21 133104 -----tw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 16:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Actinic v8\\Catalog.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\BT Business Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/04/2010 08:49 64288]
R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [13/08/2008 18:59 12800]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [26/04/2010 09:16 82952]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1352832]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [26/04/2010 09:16 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [26/04/2010 09:16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [26/04/2010 09:16 141792]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [26/04/2010 09:16 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [26/04/2010 09:16 88480]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [13/08/2008 18:59 15488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [24/08/2009 21:22 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 11:35 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/09/2008 07:54 93320]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [26/04/2010 09:16 271480]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 03:27 29262680]
S2 QSCopyEngine;QSCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [22/04/2009 15:09 122880]
S2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [13/08/2008 18:59 345984]
S2 Z-SANService;Z-SAN Service;c:\program files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [13/08/2008 18:59 376891]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [26/04/2010 09:16 55456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [26/04/2010 09:16 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [26/04/2010 09:16 83496]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [19/10/2007 21:34 2688]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [22/07/2010 13:14 13824]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [13/08/2008 18:59 5120]
.
Contents of the 'Scheduled Tasks' folder

2010-08-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 07:49]

2010-08-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 10:15]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 10:34]

2010-08-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2010-08-01 c:\windows\Tasks\User_Feed_Synchronization-{A7BFBBAD-82C4-48E6-AE23-830EC8F01B93}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-08-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 21:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: mcafee.com
TCP: {030617CF-0E25-43FD-A95C-F95087CC414C} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-02 08:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,df,36,98,88,c7,ec,43,ad,ea,fc,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,df,36,98,88,c7,ec,43,ad,ea,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,df,36,98,88,c7,ec,43,ad,ea,fc,\

[HKEY_USERS\S-1-5-21-3664888350-2079881525-3229180341-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,4e,1b,2d,c9,8f,d6,40,a4,2b,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,4e,1b,2d,c9,8f,d6,40,a4,2b,bd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(844)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-08-02 09:04:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-02 08:04
ComboFix2.txt 2010-08-01 16:30

Pre-Run: 125,684,817,920 bytes free
Post-Run: 125,660,200,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 19DA1B43E32218B799391B44A9557CE8

3. The log that is produced after running the MalwareBytes' Anti-Malware scan.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4379

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/08/2010 09:34:31
mbam-log-2010-08-02 (09-34-31).txt

Scan type: Quick scan
Objects scanned: 139836
Time elapsed: 11 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4. The log that is produced after running the ESET Online Virus Scanner.

C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\926uwt3t.default\Mail\Local Folders\Inbox multiple threats
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\926uwt3t.default\Mail\Local Folders\Trash multiple threats

5. The log that is produced after running the SecurityCheck scan.

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee Total Protection
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 21
Adobe Flash Player 10.1.53.64
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Windows Defender MsMpEng.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

6. The log that is produced after running the OTL scan.

OTL logfile created on: 02/08/2010 11:59:38 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 115.96 Gb Free Space | 77.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVEHP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe (Zetera Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (ACT! Scheduler) -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)
SRV - (MSSQL$ACT7) SQL Server (ACT7) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (QSCopyEngine) -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe ()
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Z-SANService) -- C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe (Zetera Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (QsFsFltr) -- C:\WINDOWS\system32\drivers\QsFsFltr.sys (Windows ® Codename Longhorn DDK provider)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows ® 2000/XP)
DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows ® 2000 DDK provider)
DRV - (SFSZ) -- C:\WINDOWS\system32\drivers\sfsz.sys (DataPlow, Incorporated)
DRV - (ZetBus) -- C:\WINDOWS\system32\drivers\ZetBus.sys (Zetera Corporation)
DRV - (ZetSFD) -- C:\WINDOWS\system32\DRIVERS\ZetSFD.sys (Zetera Corporation)
DRV - (ZetMPD) -- C:\WINDOWS\system32\drivers\ZetMPD.sys (Zetera Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...r=ytff-sunm&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.51
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.http_por: ""


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 10:16:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/30 09:04:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 10:54:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/31 12:03:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/22 16:12:05 | 000,000,000 | ---D | M]

[2010/01/20 15:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/20 15:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/09 12:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2009/03/27 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2010/08/01 16:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions
[2010/04/27 19:29:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/05 08:22:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/15 19:42:59 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}(2)
[2010/07/31 12:07:24 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/22 15:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/06/15 14:13:13 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2008/07/15 19:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\amin.eft_PhProxy@gmail(2).com
[2008/07/15 19:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected](2).org
[2008/10/08 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2010/05/10 08:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2009/08/13 13:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected](2).jung
[2010/06/14 14:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2008/07/15 19:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\seo4firefox@seobook(2).com
[2009/08/13 13:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\seo4firefox@seobook(3).com
[2010/04/12 16:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2007/03/27 14:47:44 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\searchplugins\siteadvisor.xml
[2010/08/01 16:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/27 14:42:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/27 15:34:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/07/15 19:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Proxybar@Proxy-trash
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/07/27 15:33:35 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 15:24:32 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/02 13:03:02 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/02 08:57:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100514083546.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1168334057234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.eu.black...ls/TOImport.cab (TeamOn Import Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sageuk.webex...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15028/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\HPQ1280h.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\HPQ1280h.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/02 11:33:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/02 09:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/02 09:04:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/02 08:48:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/01 17:13:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/01 17:13:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/01 17:13:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/01 17:13:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/01 17:12:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/01 15:30:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/28 16:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2010/07/27 20:13:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/27 17:48:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/27 17:27:50 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/07/27 17:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2010/07/27 17:25:30 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/07/27 17:12:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/27 17:09:38 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/07/27 16:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenDNS Updater
[2010/07/27 16:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2010/07/27 15:33:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/27 15:33:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/27 15:33:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/27 15:33:58 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/27 15:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/07/27 15:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\geekstogo sys restore
[2010/07/27 12:06:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/27 12:05:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/27 12:01:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/27 12:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/27 11:46:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/07/23 17:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bell Images
[2010/07/22 16:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/07/22 13:14:21 | 000,013,824 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\QsFsFltr.sys
[2010/07/22 13:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Iomega
[2010/07/14 08:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/07/12 12:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
[2006/08/11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/08/02 11:56:18 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/08/02 09:39:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/08/02 09:19:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/02 09:10:46 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/02 09:08:34 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/08/02 09:08:17 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/02 09:08:11 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/02 09:07:59 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/02 09:07:44 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/02 09:07:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/02 09:07:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 09:07:17 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/02 09:05:56 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/02 09:05:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/02 09:05:54 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/02 08:57:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/02 08:57:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/02 08:56:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/02 08:48:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/02 08:45:04 | 003,748,939 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/08/01 18:30:10 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A7BFBBAD-82C4-48E6-AE23-830EC8F01B93}.job
[2010/08/01 18:03:25 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/30 15:54:25 | 000,422,091 | ---- | M] () -- C:\Documents and Settings\Administrator\.ranktracker.properties
[2010/07/29 10:01:46 | 000,000,742 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/28 03:03:23 | 000,553,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/28 03:03:23 | 000,479,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/28 03:03:23 | 000,085,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/27 17:52:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\z5zt5jcg.exe
[2010/07/27 17:48:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/27 17:25:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/07/27 17:09:40 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/07/27 16:42:30 | 000,225,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OpenDNS-Updater-2.2.1.exe
[2010/07/27 15:33:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/27 15:33:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/27 15:33:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/27 15:33:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/27 15:33:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/27 15:25:22 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/27 14:51:33 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/27 12:06:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 12:01:28 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/07/27 12:01:28 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/07/27 11:46:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/07/27 09:43:57 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
[2010/07/23 12:07:56 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/07/22 15:50:02 | 000,176,637 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sales site stuff.zip
[2010/07/20 16:00:12 | 000,442,125 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\afiliate.pdf
[2010/07/19 13:08:20 | 000,000,760 | ---- | M] () -- C:\WINDOWS\cedt.INI
[2010/07/16 14:15:44 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office FrontPage 2003 (2).lnk
[2010/07/16 12:37:07 | 000,053,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\template receipt 100716.pdf
[2010/07/16 10:50:40 | 000,045,564 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PC World HD.pdf
[2010/07/15 12:49:38 | 001,743,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Images.doc
[2010/07/12 12:45:00 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat.bak
[2010/07/12 12:43:03 | 000,000,058 | ---- | M] () -- C:\WINDOWS\RegDefrag.ini
[2010/07/12 12:25:47 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinASO Registry Optimizer.lnk

========== Files Created - No Company Name ==========

[2010/08/02 11:56:17 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/08/02 09:39:03 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/08/02 09:07:17 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/01 17:17:07 | 000,000,281 | ---- | C] () -- C:\Boot.bak
[2010/08/01 17:17:01 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/01 17:13:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/01 17:13:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/01 17:13:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/01 17:13:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/01 17:13:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/01 17:11:49 | 003,748,939 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/07/27 17:52:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\z5zt5jcg.exe
[2010/07/27 16:42:28 | 000,225,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OpenDNS-Updater-2.2.1.exe
[2010/07/27 15:25:22 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/27 12:06:02 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 12:01:28 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/07/27 12:01:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/07/27 11:40:00 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/27 11:34:32 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/27 09:42:34 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
[2010/07/22 15:50:02 | 000,176,637 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Sales site stuff.zip
[2010/07/20 16:00:03 | 000,442,125 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\afiliate.pdf
[2010/07/16 12:37:04 | 000,053,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\template receipt 100716.pdf
[2010/07/16 10:50:41 | 000,045,564 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PC World HD.pdf
[2010/07/15 12:49:38 | 001,743,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Images.doc
[2010/07/12 12:43:47 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.new.LOG
[2010/07/12 12:43:03 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
[2010/07/12 12:25:47 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinASO Registry Optimizer.lnk
[2010/04/28 15:37:44 | 000,000,760 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/13 18:58:59 | 000,163,927 | ---- | C] () -- C:\WINDOWS\System32\ZSANCoInst.dll
[2007/10/08 12:50:57 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2007/10/08 12:50:57 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/06/05 17:55:05 | 000,000,243 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2007/05/16 16:44:01 | 000,018,764 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2007/02/23 12:09:49 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/01/11 14:16:02 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/01/11 14:16:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/01/11 14:16:02 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/01/08 13:40:00 | 000,000,742 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/09 13:39:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/09 13:35:29 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/09 13:33:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/10/03 22:33:54 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/02/24 16:54:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/09/17 21:00:55 | 000,266,327 | ---- | C] () -- C:\WINDOWS\System32\ADErrorHandling.dll
[2002/05/08 10:12:22 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/02 09:07:16 | 000,044,796 | ---- | M] () -- C:\aaw7boot.log
[2008/12/10 13:13:10 | 000,063,425 | ---- | M] () -- C:\ActExtLog.txt
[2010/08/01 18:03:25 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/02 08:48:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2007/02/23 13:21:09 | 000,466,074 | ---- | M] () -- C:\CIS NRS manual 2007.pdf
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/02 09:04:33 | 000,023,777 | ---- | M] () -- C:\ComboFix.txt
[2008/12/16 12:55:23 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010/08/02 09:07:17 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2007/01/05 09:29:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/15 18:10:57 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/01/05 09:29:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/04 10:36:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/02 09:07:16 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2007/02/05 19:07:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/02/20 10:18:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/02/20 10:30:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/03/22 10:48:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/04/09 17:05:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/04/10 08:59:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/04/11 08:28:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/04/11 16:20:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/04/13 09:21:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/04/30 09:24:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/05/15 17:26:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/05/16 17:30:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/05/17 09:34:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/05/17 09:52:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/03/14 23:22:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/24 08:21:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/24 08:30:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2007/02/05 19:07:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/02/20 10:18:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/02/20 10:30:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/03/22 10:48:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/04/09 17:05:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/04/10 08:59:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/04/11 08:28:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/04/11 16:20:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/04/13 09:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/04/30 09:24:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/05/15 17:26:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/05/16 17:30:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/05/17 09:34:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/05/17 09:52:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/03/14 23:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/03/14 23:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/24 08:21:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/24 08:30:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/27 17:29:04 | 000,050,202 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_27.07.2010_17.28.04_log.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/09 14:32:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/09 07:20:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 07:20:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 07:20:08 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-30 08:17:46
< End of report >

7. An update on how your computer is currently running.

It rebooted without crashing or any errors after running the ComboFix utility and does not seem to be redirecting either, so definite improvements. I've just had a windows virtual memory too low message though.

Edited by Steve_gts, 02 August 2010 - 06:47 AM.

  • 0

#19
SweetTech
Posted 02 August 2010 - 12:26 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Infected emails

What the ESET Online Scanner found are stored emails in your Inbox and Trash, unfortunately I cannot tell which one or ones it is.
What I need you to do is go through all of your emails in your xxxxx box, and any other saved boxes you may have.
Please delete any that you don't want/need/recognize. Odds are that the infected email will have an attachment or at least a link.
Therefore, do not open any attachments or click on any links.


NEXT:



Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.


Clean-Up Time

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#20
Steve_gts
Posted 03 August 2010 - 02:33 AM

Steve_gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi SweetTech,

Thanks for all your help, I will go through my emails today, deleted is fine, as they can be removed, going through the inbox could take some time though.

I have not done the prevention measures yet as you said to do that "if you have no further issues with your computer". It seems that the virus has done some kind of damage, as today it crashed on reboot and had serious errors again. Also it took McAfee at least 5 mins to start up and Adaware even longer, then Thunderbird (my email client took about 5 mins to open and Firefox took about 3.

Any ideas?
  • 0

#21
SweetTech
Posted 03 August 2010 - 07:54 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Please do the following for me:

VEW - Vino's Event Viewer
Please download VEW.exe... by Vino Rosso. Save it to your desktop.
  • Double click on VEW.exe to start the program. If you recieve an "Open File" security warning, press Run.
    Vista users, right-click on VEW.exe and select "Run as Administrator." If UAC prompts... accept it.
  • In the "Select log to query" section check:
    • Application
    • System
  • In the "Select type to list" section check:
    • Error
    • Information
    • Warning
  • In the "Number or dates of events" section check:
    • Number of events... then enter 15 in the entry box.
  • Press the Run button.
    When the process completes, it only takes a few seconds...
  • Notepad will open with a report file named: VEW.txt... located on %SystemDrive%\VEW.txt ... usually C:\VEW.txt.
  • Please copy and paste the contents of the VEW.txt file, in your next reply.

  • 0

#22
Steve_gts
Posted 03 August 2010 - 10:33 AM

Steve_gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 03/08/2010 17:32:13

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/08/2010 09:52:38
Type: error Category: 0
Event: 0 Source: ACT! Scheduler
Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Log: 'Application' Date/Time: 03/08/2010 09:49:05
Type: error Category: 0
Event: 0 Source: ACT! Scheduler
Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Log: 'Application' Date/Time: 03/08/2010 09:00:40
Type: error Category: 0
Event: 0 Source: ACT! Scheduler
Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Log: 'Application' Date/Time: 03/08/2010 08:57:34
Type: error Category: 0
Event: 0 Source: ACT! Scheduler
Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Log: 'Application' Date/Time: 03/08/2010 08:44:42
Type: error Category: 0
Event: 0 Source: ACT! Scheduler
Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Log: 'Application' Date/Time: 02/08/2010 09:07:53
Type: error Category: 0
Event: 0 Source: ACT! Scheduler
Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Log: 'Application' Date/Time: 02/08/2010 08:56:56
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Log: 'Application' Date/Time: 02/08/2010 08:56:56
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Log: 'Application' Date/Time: 02/08/2010 08:56:46
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Log: 'Application' Date/Time: 02/08/2010 08:56:45
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Log: 'Application' Date/Time: 02/08/2010 08:56:45
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Log: 'Application' Date/Time: 02/08/2010 08:56:44
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Log: 'Application' Date/Time: 02/08/2010 08:56:43
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Log: 'Application' Date/Time: 02/08/2010 08:56:43
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Log: 'Application' Date/Time: 02/08/2010 08:56:40
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/08/2010 14:33:09
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 03/08/2010 14:32:08
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 03/08/2010 14:10:04
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 03/08/2010 14:09:02
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 03/08/2010 13:19:45
Type: information Category: 2
Event: 17403 Source: MSSQL$ACT7
Server resumed execution after being idle 1793 seconds. Reason: timer event.

Log: 'Application' Date/Time: 03/08/2010 12:04:49
Type: information Category: 2
Event: 17403 Source: MSSQL$ACT7
Server resumed execution after being idle 1793 seconds. Reason: timer event.

Log: 'Application' Date/Time: 03/08/2010 11:10:39
Type: information Category: 2
Event: 17403 Source: MSSQL$ACT7
Server resumed execution after being idle 1792 seconds. Reason: timer event.

Log: 'Application' Date/Time: 03/08/2010 10:25:34
Type: information Category: 2
Event: 17403 Source: MSSQL$ACT7
Server resumed execution after being idle 1793 seconds. Reason: timer event.

Log: 'Application' Date/Time: 03/08/2010 10:01:49
Type: information Category: 0
Event: 1002 Source: Winlogon
The shell stopped unexpectedly and Explorer.exe was restarted.

Log: 'Application' Date/Time: 03/08/2010 09:55:11
Type: information Category: 0
Event: 5000 Source: McLogEvent
McShield service started. Engine version : 5400.1158 DAT version : 6062.0000 Number of signatures in EXTRA.DAT : None Names of threats that EXTRA.DAT can detect : None

Log: 'Application' Date/Time: 03/08/2010 09:55:08
Type: information Category: 2
Event: 17126 Source: MSSQL$ACT7
SQL Server is now ready for client connections. This is an informational message; no user action is required.

Log: 'Application' Date/Time: 03/08/2010 09:55:08
Type: information Category: 2
Event: 26037 Source: MSSQL$ACT7
The SQL Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x54b, state: 3. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.

Log: 'Application' Date/Time: 03/08/2010 09:55:08
Type: information Category: 2
Event: 17199 Source: MSSQL$ACT7
Dedicated administrator connection support was not started because it is not available on this edition of SQL Server. This is an informational message only. No user action is required.

Log: 'Application' Date/Time: 03/08/2010 09:55:08
Type: information Category: 0
Event: 12 Source: SQLBrowser
The SQLBrowser service has started.

Log: 'Application' Date/Time: 03/08/2010 09:55:08
Type: information Category: 0
Event: 16 Source: SQLBrowser
The SQLBrowser is enabling SQL instance and connectivity discovery support.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/08/2010 09:53:40
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 03/08/2010 09:49:40
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 03/08/2010 09:40:54
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 03/08/2010 09:34:45
Type: warning Category: 1
Event: 1020 Source: ASP.NET 1.1.4322.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 03/08/2010 09:01:39
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 03/08/2010 08:57:52
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 03/08/2010 08:45:40
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 02/08/2010 09:08:57
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 01/08/2010 15:33:21
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 01/08/2010 12:17:23
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 01/08/2010 12:13:42
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 31/07/2010 12:04:23
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 31/07/2010 12:00:47
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 30/07/2010 09:01:28
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

Log: 'Application' Date/Time: 30/07/2010 08:58:05
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/08/2010 09:55:58
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.

Log: 'System' Date/Time: 03/08/2010 09:55:11
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt

Log: 'System' Date/Time: 03/08/2010 09:54:06
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The QSCopyEngine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/08/2010 09:54:06
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the QSCopyEngine service to connect.

Log: 'System' Date/Time: 03/08/2010 09:53:50
Type: error Category: 102
Event: 1003 Source: System Error
Error code 100000d4, parameter1 b9530108, parameter2 000000ff, parameter3 00000001, parameter4 80546a19.

Log: 'System' Date/Time: 03/08/2010 09:03:43
Type: error Category: 102
Event: 1003 Source: System Error
Error code 100000d4, parameter1 b94bf0e8, parameter2 00000002, parameter3 00000000, parameter4 805373ee.

Log: 'System' Date/Time: 03/08/2010 09:03:01
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt

Log: 'System' Date/Time: 03/08/2010 09:02:23
Type: error Category: 102
Event: 1003 Source: System Error
Error code 100000d4, parameter1 b8fad0e8, parameter2 00000002, parameter3 00000000, parameter4 805373ee.

Log: 'System' Date/Time: 03/08/2010 09:02:10
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The QSCopyEngine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/08/2010 09:02:10
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the QSCopyEngine service to connect.

Log: 'System' Date/Time: 03/08/2010 08:48:54
Type: error Category: 0
Event: 10010 Source: DCOM
The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 03/08/2010 08:46:50
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 03/08/2010 08:46:50
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt

Log: 'System' Date/Time: 03/08/2010 08:46:02
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The QSCopyEngine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/08/2010 08:46:02
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the QSCopyEngine service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/08/2010 16:33:53
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The .NET Runtime Optimization Service v2.0.50727_X86 service entered the stopped state.

Log: 'System' Date/Time: 03/08/2010 14:33:10
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Google Software Updater service entered the stopped state.

Log: 'System' Date/Time: 03/08/2010 14:32:11
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Google Software Updater service entered the running state.

Log: 'System' Date/Time: 03/08/2010 14:32:11
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Google Software Updater service was successfully sent a start control.

Log: 'System' Date/Time: 03/08/2010 14:10:05
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Google Software Updater service entered the stopped state.

Log: 'System' Date/Time: 03/08/2010 14:09:02
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Google Software Updater service entered the running state.

Log: 'System' Date/Time: 03/08/2010 14:09:02
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Google Software Updater service was successfully sent a start control.

Log: 'System' Date/Time: 03/08/2010 10:02:52
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 03/08/2010 10:02:45
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 03/08/2010 10:02:45
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 03/08/2010 09:56:32
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Application Layer Gateway Service service entered the running state.

Log: 'System' Date/Time: 03/08/2010 09:56:32
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Application Layer Gateway Service service was successfully sent a start control.

Log: 'System' Date/Time: 03/08/2010 09:56:32
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Scanner service entered the stopped state.

Log: 'System' Date/Time: 03/08/2010 09:56:30
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The McAfee Scanner service entered the running state.

Log: 'System' Date/Time: 03/08/2010 09:56:30
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The McAfee Scanner service was successfully sent a start control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/08/2010 22:48:15
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 02/08/2010 17:36:22
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\JAYNE-B2STPWB62 on the network \Device\NetBT_Tcpip_{030617CF-0E25-43FD-A95C-F95087CC414C}. The data is the error code.

Log: 'System' Date/Time: 02/08/2010 08:50:54
Type: warning Category: 256
Event: 519 Source: mfehidk
Process **\MFEFIRE.EXE pid (700) could not be successfully validated with the mfevtp service and was blocked from performing a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/08/2010 18:11:31
Type: warning Category: 0
Event: 11050 Source: dnscache
The DNS Client service could not contact any DNS servers for a repeated number of attempts. For the next 30 seconds the DNS Client service will not use the network to avoid further network performance problems. It will resume its normal behavior after that. If this problem persists, verify your TCP/IP configuration, specifically check that you have a preferred (and possibly an alternate) DNS server configured. If the problem continues, verify network conditions to these DNS servers or contact your network administrator.

Log: 'System' Date/Time: 29/07/2010 17:17:16
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off STEVEHP failed

Log: 'System' Date/Time: 29/07/2010 05:11:30
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 28/07/2010 22:34:06
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\JAYNE-B2STPWB62 on the network \Device\NetBT_Tcpip_{030617CF-0E25-43FD-A95C-F95087CC414C}. The data is the error code.

Log: 'System' Date/Time: 27/07/2010 23:25:31
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\JAYNE-B2STPWB62 on the network \Device\NetBT_Tcpip_{030617CF-0E25-43FD-A95C-F95087CC414C}. The data is the error code.

Log: 'System' Date/Time: 27/07/2010 11:48:36
Type: warning Category: 256
Event: 519 Source: mfehidk
Process **\MFEFIRE.EXE pid (1064) could not be successfully validated with the mfevtp service and was blocked from performing a privileged operation with a McAfee driver.
  • 0

#23
SweetTech
Posted 03 August 2010 - 10:38 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Let me grab some fresh OTL logs from you, so that I can get a better idea of what else is currently running right now.

OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Extra Registry select Use Safe List
  • Under Custom Scan paste this in


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

  • 0

#24
Steve_gts
Posted 03 August 2010 - 11:01 AM

Steve_gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi,

When I launched it it didn't run anything as such, just appeared but there was nothing scanning. Then I did the scan as outlined in your last reply, but it only gave me one report, here it is:

OTL logfile created on: 8/3/2010 17:53:08 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 621.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 114.89 Gb Free Space | 77.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVEHP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe (Zetera Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (ACT! Scheduler) -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)
SRV - (MSSQL$ACT7) SQL Server (ACT7) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (QSCopyEngine) -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe ()
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Z-SANService) -- C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe (Zetera Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (QsFsFltr) -- C:\WINDOWS\system32\drivers\QsFsFltr.sys (Windows ® Codename Longhorn DDK provider)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SndTDriverV32) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys (Windows ® 2000/XP)
DRV - (MovRVDrv32) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys (Windows ® 2000 DDK provider)
DRV - (SFSZ) -- C:\WINDOWS\system32\drivers\sfsz.sys (DataPlow, Incorporated)
DRV - (ZetBus) -- C:\WINDOWS\system32\drivers\ZetBus.sys (Zetera Corporation)
DRV - (ZetSFD) -- C:\WINDOWS\system32\DRIVERS\ZetSFD.sys (Zetera Corporation)
DRV - (ZetMPD) -- C:\WINDOWS\system32\drivers\ZetMPD.sys (Zetera Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...r=ytff-sunm&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.51
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.http_por: ""


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/02 10:16:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/30 09:04:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 10:54:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/03 08:45:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/22 16:12:05 | 000,000,000 | ---D | M]

[2010/01/20 15:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/20 15:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/07/09 12:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2009/03/27 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2010/08/03 14:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions
[2010/04/27 19:29:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/05 08:22:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/15 19:42:59 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}(2)
[2010/07/31 12:07:24 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/03 14:33:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/22 15:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/06/15 14:13:13 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2008/07/15 19:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\amin.eft_PhProxy@gmail(2).com
[2008/07/15 19:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected](2).org
[2008/10/08 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2010/05/10 08:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2009/08/13 13:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected](2).jung
[2010/06/14 14:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2008/07/15 19:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\seo4firefox@seobook(2).com
[2009/08/13 13:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\seo4firefox@seobook(3).com
[2010/04/12 16:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\extensions\[email protected]
[2007/03/27 14:47:44 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ps1p0hg.default\searchplugins\siteadvisor.xml
[2010/08/03 14:34:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/27 14:42:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/27 15:34:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/07/15 19:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Proxybar@Proxy-trash
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/07/27 15:33:35 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/27 15:24:32 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/02 13:03:02 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/02 08:57:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100514083546.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1168334057234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.eu.black...ls/TOImport.cab (TeamOn Import Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sageuk.webex...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15028/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\HPQ1280h.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\HPQ1280h.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/03 17:50:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/03 17:30:59 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\VEW.exe
[2010/08/02 11:33:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/02 09:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/02 09:04:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/02 08:48:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/01 17:13:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/01 17:13:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/01 17:13:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/01 17:13:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/01 17:12:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/01 15:30:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/28 16:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2010/07/27 17:27:50 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/07/27 17:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2010/07/27 17:25:30 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/07/27 17:12:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/27 17:09:38 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/07/27 16:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenDNS Updater
[2010/07/27 16:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2010/07/27 15:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/07/27 15:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\geekstogo sys restore
[2010/07/27 12:06:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/27 12:05:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/27 12:01:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/27 12:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/27 11:46:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/07/23 17:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bell Images
[2010/07/22 16:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/07/22 13:14:21 | 000,013,824 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\QsFsFltr.sys
[2010/07/22 13:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Iomega
[2010/07/14 08:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/07/12 12:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
[2010/06/28 17:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/28 17:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/18 10:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/06/18 09:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/18 09:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/15 17:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IBP
[2010/06/15 13:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/15 11:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/15 11:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/11 10:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/07 14:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/18 09:04:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2006/08/11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/08/03 17:50:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/03 17:31:01 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\VEW.exe
[2010/08/03 14:32:18 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/03 14:19:46 | 000,422,091 | ---- | M] () -- C:\Documents and Settings\Administrator\.ranktracker.properties
[2010/08/03 10:07:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/03 09:55:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/03 09:53:14 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/08/03 09:52:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/03 09:52:45 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/03 09:52:17 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/03 09:52:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/03 09:51:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 09:51:45 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/03 09:46:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/03 09:46:57 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/03 09:40:53 | 000,566,724 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/03 09:40:53 | 000,487,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/03 09:40:53 | 000,088,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/03 09:37:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/03 09:25:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/03 08:38:13 | 004,798,260 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/02 19:11:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A7BFBBAD-82C4-48E6-AE23-830EC8F01B93}.job
[2010/08/02 12:56:40 | 000,000,742 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/02 11:56:18 | 000,869,051 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/08/02 09:39:03 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/08/02 08:57:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/02 08:57:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/02 08:48:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/02 08:45:04 | 003,748,939 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/08/01 18:03:25 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/07/27 17:52:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\z5zt5jcg.exe
[2010/07/27 17:25:31 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2010/07/27 17:09:40 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/07/27 16:42:30 | 000,225,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OpenDNS-Updater-2.2.1.exe
[2010/07/27 15:25:22 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/27 14:51:33 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/27 12:06:02 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 12:01:28 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/07/27 12:01:28 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/07/27 11:46:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/07/27 09:43:57 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
[2010/07/23 12:07:56 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/07/22 15:50:02 | 000,176,637 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sales site stuff.zip
[2010/07/20 16:00:12 | 000,442,125 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\afiliate.pdf
[2010/07/19 13:08:20 | 000,000,760 | ---- | M] () -- C:\WINDOWS\cedt.INI
[2010/07/16 14:15:44 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office FrontPage 2003 (2).lnk
[2010/07/16 12:37:07 | 000,053,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\template receipt 100716.pdf
[2010/07/16 10:50:40 | 000,045,564 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PC World HD.pdf
[2010/07/15 12:49:38 | 001,743,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Images.doc
[2010/07/12 12:45:00 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat.bak
[2010/07/12 12:43:03 | 000,000,058 | ---- | M] () -- C:\WINDOWS\RegDefrag.ini
[2010/07/12 12:25:47 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinASO Registry Optimizer.lnk
[2010/07/03 11:25:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 09:05:30 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/02 09:05:28 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/06/30 08:20:22 | 000,053,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Template Receipt the bell.pdf
[2010/06/28 12:18:17 | 000,047,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Hosting Confirmation.pdf
[2010/06/24 13:21:37 | 000,319,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Invoice Domains The Bell.ps
[2010/06/17 15:01:56 | 000,001,822 | ---- | M] () -- C:\WINDOWS\System32\batcgr
[2010/06/15 12:38:48 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/15 12:38:47 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/14 10:07:25 | 002,224,134 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hobo Google SEO E-Book v1-1.pdf
[2010/06/12 08:49:48 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/11 18:52:55 | 000,817,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\autoblogging101.pdf
[2010/06/11 08:55:36 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/07 14:30:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/26 16:08:01 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dogs.doc
[2010/05/21 15:28:09 | 000,100,702 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\formmail.zip
[2010/05/19 14:32:32 | 000,881,486 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trees-sky-header.JPG
[2010/05/14 17:08:44 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Data Protection letter.doc
[2010/05/14 10:37:14 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Construct Bullet Points.doc
[2010/05/10 11:13:22 | 000,403,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BP PLAN Plannng .doc
[2010/05/07 12:54:33 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mark Scott the Bell.doc

========== Files Created - No Company Name ==========

[2010/08/03 08:58:45 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/08/02 11:56:17 | 000,869,051 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/08/02 09:39:03 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/08/02 09:07:17 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/01 17:17:07 | 000,000,281 | ---- | C] () -- C:\Boot.bak
[2010/08/01 17:17:01 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/01 17:13:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/01 17:13:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/01 17:13:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/01 17:13:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/01 17:13:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/01 17:11:49 | 003,748,939 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/07/28 03:08:59 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/27 17:52:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\z5zt5jcg.exe
[2010/07/27 16:42:28 | 000,225,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OpenDNS-Updater-2.2.1.exe
[2010/07/27 15:25:22 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/27 12:06:02 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 12:01:28 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/07/27 12:01:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/07/27 11:40:00 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/27 11:34:32 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/27 09:42:34 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
[2010/07/22 15:50:02 | 000,176,637 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Sales site stuff.zip
[2010/07/20 16:00:03 | 000,442,125 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\afiliate.pdf
[2010/07/16 12:37:04 | 000,053,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\template receipt 100716.pdf
[2010/07/16 10:50:41 | 000,045,564 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PC World HD.pdf
[2010/07/15 12:49:38 | 001,743,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Images.doc
[2010/07/12 12:43:47 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.new.LOG
[2010/07/12 12:43:03 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
[2010/07/12 12:25:47 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinASO Registry Optimizer.lnk
[2010/06/30 08:20:14 | 000,053,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Template Receipt the bell.pdf
[2010/06/28 12:18:07 | 000,047,726 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Bell Hosting Confirmation.pdf
[2010/06/24 13:21:37 | 000,319,950 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Invoice Domains The Bell.ps
[2010/06/18 09:15:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/17 15:01:56 | 000,001,822 | ---- | C] () -- C:\WINDOWS\System32\batcgr
[2010/06/14 10:07:14 | 002,224,134 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hobo Google SEO E-Book v1-1.pdf
[2010/06/11 18:52:43 | 000,817,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\autoblogging101.pdf
[2010/06/07 14:30:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/26 11:20:07 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dogs.doc
[2010/05/20 16:08:38 | 000,100,702 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\formmail.zip
[2010/05/19 14:32:32 | 000,881,486 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trees-sky-header.JPG
[2010/05/14 17:03:25 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Data Protection letter.doc
[2010/05/10 11:13:21 | 000,403,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BP PLAN Plannng .doc
[2010/04/28 15:37:44 | 000,000,760 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/13 18:58:59 | 000,163,927 | ---- | C] () -- C:\WINDOWS\System32\ZSANCoInst.dll
[2007/10/08 12:50:57 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2007/10/08 12:50:57 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/06/05 17:55:05 | 000,000,243 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2007/05/16 16:44:01 | 000,018,764 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2007/02/23 12:09:49 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/01/11 14:16:02 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/01/11 14:16:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/01/11 14:16:02 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/01/08 13:40:00 | 000,000,742 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/09 13:39:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/09 13:35:29 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/09 13:33:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/10/03 22:33:54 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/02/24 16:54:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/09/17 21:00:55 | 000,266,327 | ---- | C] () -- C:\WINDOWS\System32\ADErrorHandling.dll
[2002/05/08 10:12:22 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2008/05/13 09:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AceBIT
[2010/02/22 13:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACT
[2007/01/08 18:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2007/05/16 16:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\deskPDF
[2008/06/02 09:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileMaker
[2010/07/28 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2007/03/08 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Good Keywords v2
[2010/06/15 17:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBP
[2007/01/05 09:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Interact Commerce
[2010/02/23 10:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IsolatedStorage
[2007/01/17 18:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/07/28 09:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2010/07/27 16:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenDNS Updater
[2009/12/07 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2007/05/28 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software
[2009/08/07 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2010/01/20 15:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2008/01/23 16:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex
[2009/08/13 13:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YouSendIt
[2008/05/13 09:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AceBIT
[2010/02/22 13:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Act
[2010/07/27 14:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/03/12 15:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/19 14:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/05/28 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/07/22 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2008/12/11 12:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage Software, Inc
[2010/04/28 08:45:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/08/03 10:07:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/03 09:55:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/08/02 19:11:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A7BFBBAD-82C4-48E6-AE23-830EC8F01B93}.job
[2010/08/03 09:52:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/03 09:51:42 | 000,045,916 | ---- | M] () -- C:\aaw7boot.log
[2008/12/10 13:13:10 | 000,063,425 | ---- | M] () -- C:\ActExtLog.txt
[2010/08/01 18:03:25 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/02 08:48:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2007/02/23 13:21:09 | 000,466,074 | ---- | M] () -- C:\CIS NRS manual 2007.pdf
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/02 09:04:33 | 000,023,777 | ---- | M] () -- C:\ComboFix.txt
[2008/12/16 12:55:23 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2010/08/03 09:51:45 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2007/01/05 09:29:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/15 18:10:57 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/01/05 09:29:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/04 10:36:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/03 14:59:19 | 1119,236,096 | -HS- | M] () -- C:\pagefile.sys
[2007/02/05 19:07:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/02/20 10:18:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/02/20 10:30:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/03/22 10:48:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/04/09 17:05:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/04/10 08:59:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/04/11 08:28:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/04/11 16:20:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/04/13 09:21:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/04/30 09:24:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/05/15 17:26:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/05/16 17:30:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/05/17 09:34:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/05/17 09:52:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/03/14 23:22:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/24 08:21:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/24 08:30:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2007/02/05 19:07:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/02/20 10:18:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/02/20 10:30:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/03/22 10:48:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/04/09 17:05:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/04/10 08:59:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/04/11 08:28:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/04/11 16:20:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/04/13 09:21:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/04/30 09:24:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/05/15 17:26:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/05/16 17:30:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/05/17 09:34:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/05/17 09:52:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/03/14 23:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/03/14 23:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/24 08:21:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/24 08:30:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/27 17:29:04 | 000,050,202 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_27.07.2010_17.28.04_log.txt
[2010/08/03 17:32:23 | 000,021,823 | ---- | M] () -- C:\VEW.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/09 14:32:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/09 07:20:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 07:20:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 07:20:08 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 07:40:07
< End of report >
  • 0

#25
SweetTech
Posted 03 August 2010 - 11:05 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Did you do this?

Under Extra Registry select Use Safe List


  • 0

Advertisements

#26
Steve_gts
Posted 03 August 2010 - 11:11 AM

Steve_gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes, I followed the instructions exactly, the bit that threw me was this bit

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


It just didn't seem to run anything, until I went through the other instructions.

I even deleted the original one and downloaded it again, as the instructions said to download it.
  • 0

#27
SweetTech
Posted 03 August 2010 - 11:17 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Do this instead:

Add/Remove Programs
I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open. Post the contents of that file in your next reply.
  • 0

#28
Steve_gts
Posted 03 August 2010 - 11:28 AM

Steve_gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ACT! by Sage 2010
Actinic Payment Service Providers Component v8
Actinic Shared SSL Service Providers Component V8
Actinic v8
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 Plugin
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BT Business Broadband Desktop Help
Compatibility Pack for the 2007 Office system
Crimson Editor SVN286
Critical Update for Windows Media Player 11 (KB959772)
deskPDF 2.5 Professional Edition
Docudesk GPL Ghostscript 8.15
ERUNT 1.1j
Foxit Reader
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Good Keywords v3 042209
Google AdWords Editor
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.5.0.452
GSiteCrawler
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Help and Support
Iomega Home Storage Manager
Java Auto Updater
Java™ 6 Update 21
Junk Mail filter update
MagicDisc 2.5.74
Malwarebytes' Anti-Malware
McAfee Total Protection
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.8
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Small Business
Microsoft Office FrontPage 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.1.1)
MSVCRT
MSXML 6.0 Parser
NETGEAR Storage Central Manager Utility
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenDNS Updater 2.2.1
Opera 10.52
QuickTime
Rank Tracker
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SmartSync Pro
SUPERAntiSpyware Free Edition
TUGZip 3.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web CEO 8.1
WebEx
WebFldrs XP
WinASO Registry Optimizer 4.5.5
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WISE-FTP 5
  • 0

#29
SweetTech
Posted 03 August 2010 - 11:34 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Is Ad-Aware a program that you use frequently? Is your subscription to McAfee up-to date and current?

These two programs could be the reason why things aren't running as smoothly as they should be.

Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • Google Toolbar for Internet Explorer
  • Windows Live Toolbar

  • 0

#30
Steve_gts
Posted 03 August 2010 - 11:49 AM

Steve_gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi,

Yes McAfee is up to date, although I was planning to change it to Avast once the subscription has run out. Adaware is just there because I've been having problems for so long, it seemed to catch the odd thing when I scan, so Ive kept it, but it can go if necessary.

Neither Google toolbar for IE or Windows Live toolbar are in remove programs

Although I do have Windows Live Essentials, One Care Safety Scanner, Sign In Assistant, Sync, Upload Tool. The only windows live app that I use (that I am aware of) is messenger.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP