EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

Redirect Virus and Windows update blocker

Posted 5/6/2010 11:16 AM
#85710
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
I have one! and was lucky to get to this site. It also blocks Windows Updates. I've tried Hitman Pro 3, Adaware, Malwarebytes and was running up to date Mcafee when I got this. I managed to get a way through to Microsoft and ran their Malware diagnostic which came up with nothing.
I've now run Hijackthis and have copied out below so hopefully you can see and advise please.
I'm at my wits end trying to find a removal tool !
regards


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:02, on 06/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cm.uk.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: SYSTRAN: &Clear Translation Cache - C:\Program Files\Systran\Standard\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Standard\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Register - C:\Program Files\Systran\Standard\menuRegister.html
O8 - Extra context menu item: SYSTRAN: &Translate - C:\Program Files\Systran\Standard\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: Check for &Updates - C:\Program Files\Systran\Standard\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Translate All &Frames - C:\Program Files\Systran\Standard\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [url=https://*.mcafee.com]https://*.mcafee.com[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader Version 4.5 Control) - https://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - https://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - https://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11346 bytes
<!-- google_ad_section_end -->
Posted 5/6/2010 1:24 PM
#85713
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
We need to create an OTL Report

1. Please download OTL
https://oldtimer.geekstogo.com/OTL.exe

2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
6. Copy and Paste the following into the textbox.


netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
winlogon.exe
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

7. Push "scan"
8. Two reports will open, copy and paste them in a reply here:
• OTListIt.txt <-- Will be opened
• Extra.txt <-- Will be minimized
perhaps you must post in two or more parts.
Posted 5/6/2010 4:53 PM
#85726
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
Thanks for having a look at this....and there's a lot ! I should add that I'm pretty sure when it happened - about 2.24pm ish on Sunday 2nd May when I clicked on a Tv streaming website ( by son told me about) to see latest on Chelsea v Liverpool. That the time on files I had to clea to get rid of an Anti Malware Doctor virus using Malwarebyte. Not sure if that helps. Regards Dave.

OTL logfile created on: 06/05/2010 17:20:25 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\advent\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.31 Gb Total Space | 19.54 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 15.67 Gb Free Space | 42.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVES
Current User Name: advent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/05/06 17:17:12 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\advent\Desktop\OTL.exe
PRC - [2010/05/05 11:07:43 | 000,834,248 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/05 11:07:42 | 001,285,864 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/01 23:05:04 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/05 19:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/05/06 17:17:12 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\advent\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/05/05 11:07:42 | 001,285,864 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/14 12:29:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/14 12:29:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 11:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/01/05 19:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/14 22:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/09 22:46:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/02/20 20:10:08 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/04 16:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/05/16 12:20:32 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2006/07/11 20:50:24 | 000,011,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmn1200.sys -- (grmn1200)
DRV - [2006/02/20 19:25:16 | 000,017,536 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmn0200.sys -- (grmn0200) grmn0200.Sys Garmin USB DCP driver (install)
DRV - [2003/07/28 15:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/01 14:56:32 | 000,012,390 | ---- | M] (Nike, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PSA128F.SYS -- (PSA128F)
DRV - [2002/12/09 16:21:42 | 000,036,612 | ---- | M] (Nike, Inc.) [128max Player Control Driver [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psa128u.sys -- (psa128u)
DRV - [2002/12/09 16:21:30 | 000,052,335 | ---- | M] (Nike, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psa128s.sys -- (psa128s)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001/08/17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/07/12 15:54:20 | 000,584,304 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/07/12 15:52:38 | 000,427,167 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/07/12 15:52:10 | 000,310,739 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2001/07/12 15:49:32 | 000,077,426 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/12 15:49:10 | 000,534,605 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2001/07/03 19:42:30 | 000,017,776 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cnxtdiag.sys -- (Cnxtdiag)
DRV - [2001/06/14 20:37:38 | 000,127,405 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/06/14 20:36:52 | 000,216,987 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/06/14 20:35:50 | 000,056,639 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/06/14 20:33:04 | 000,067,622 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com
IE - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [url=https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8]https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8[/url]
IE - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://cm.uk.my.yahoo.com/
IE - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie
IE - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/05/03 21:15:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2007/03/05 01:05:52 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] File not found
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 99
O7 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: SYSTRAN: &Clear Translation Cache - C:\Program Files\Systran\Standard\menuClearCache.html ()
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Standard\menuConfigure.html ()
O8 - Extra context menu item: SYSTRAN: &Register - C:\Program Files\Systran\Standard\menuRegister.html ()
O8 - Extra context menu item: SYSTRAN: &Translate - C:\Program Files\Systran\Standard\menuTranslate.html ()
O8 - Extra context menu item: SYSTRAN: Check for &Updates - C:\Program Files\Systran\Standard\menuUpdate.html ()
O8 - Extra context menu item: SYSTRAN: Translate All &Frames - C:\Program Files\Systran\Standard\menuTranslateAll.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\menuTranslate.html ()
O9 - Extra 'Tools' menuitem : @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\menuTranslate.html ()
O9 - Extra Button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\menuTranslateAll.html ()
O9 - Extra 'Tools' menuitem : @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\menuTranslateAll.html ()
O9 - Extra Button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\menuConfigure.html ()
O9 - Extra 'Tools' menuitem : @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\menuConfigure.html ()
O9 - Extra 'Tools' menuitem : @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\menuClearCache.html ()
O9 - Extra 'Tools' menuitem : @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\menuRegister.html ()
O9 - Extra 'Tools' menuitem : @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3604470327-634292789-1709162666-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} https://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} https://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} https://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} https://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\advent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\advent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/13 19:33:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/26 14:38:27 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/02/13 19:32:20 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {969B3B70-8765-11D5-9809-0050BACBF861} - rundll32.exe advpack.dll,LaunchINFSection C:\Program Files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub
ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - wdmaud.drv File not found
Drivers32: midi - wdmaud.drv File not found
Drivers32: midi1 - wdmaud.drv File not found
Drivers32: midimapper - midimap.dll File not found
Drivers32: mixer - wdmaud.drv File not found
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\MP3PowerEncoder\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm File not found
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg711 - msg711.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.msgsm610 - msgsm32.acm File not found
Drivers32: msacm.siren - sirenacm.dll File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - iccvid.dll File not found
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: vidc.I420 - msh263.drv File not found
Drivers32: vidc.iv31 - ir32_32.dll File not found
Drivers32: vidc.iv32 - ir32_32.dll File not found
Drivers32: vidc.iv41 - ir41_32.ax File not found
Drivers32: vidc.iv50 - ir50_32.dll File not found
Drivers32: vidc.iyuv - iyuv_32.dll File not found
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: vidc.mrle - msrle32.dll File not found
Drivers32: vidc.msvc - msvidc32.dll File not found
Drivers32: vidc.uyvy - msyuv.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: vidc.yuy2 - msyuv.dll File not found
Drivers32: vidc.yv12 - DivX.dll File not found
Drivers32: vidc.yvu9 - tsbyuv.dll File not found
Drivers32: vidc.yvyu - msyuv.dll File not found
Drivers32: wave - wdmaud.drv File not found
Drivers32: wavemapper - msacm32.drv File not found
Drivers32: wdmaud.drv - wdmaud.drv File not found
SystemRestore not available.

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/05/06 17:17:04 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\advent\Desktop\OTL.exe
[2010/05/06 10:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/06 09:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/05/05 14:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/05 14:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/05 11:09:43 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/05 11:09:15 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/05 11:03:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/05 11:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/05 11:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/04 16:18:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\advent\Recent
[2010/05/03 21:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/03 21:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/03 21:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\advent\Local Settings\Application Data\Yahoo
[2010/05/03 21:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/05/03 21:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/03 21:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\advent\Application Data\Yahoo!
[2010/05/03 17:12:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/03 10:05:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/03 08:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\advent\Application Data\Malwarebytes
[2010/05/03 08:09:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/03 08:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/03 08:09:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/03 08:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/02 14:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\advent\Local Settings\Application Data\cbdsdocko
[2010/04/25 10:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/04/19 11:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\advent\Application Data\vlc
[2010/04/14 12:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\advent\My Documents\Aldwark
[2010/04/13 17:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/04/13 15:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\advent\My Documents\Fax
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/05/06 17:17:12 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\advent\Desktop\OTL.exe
[2010/05/06 17:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/06 14:55:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{22300B17-EAEE-4658-8725-5C8D801AC97F}.job
[2010/05/06 13:09:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 12:55:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/06 11:25:56 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\Logfile of Trend Micro HijackThis v2.doc
[2010/05/06 10:57:02 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\advent\Desktop\HiJackThis.lnk
[2010/05/06 09:43:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/06 08:45:01 | 000,000,873 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/06 08:45:01 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/06 08:45:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/06 08:44:37 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/06 08:43:42 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/05/06 08:16:53 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/05/06 08:16:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 08:16:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 08:15:42 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\advent\ntuser.dat
[2010/05/06 08:15:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\advent\ntuser.ini
[2010/05/05 11:08:49 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/05 11:08:46 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/05 11:03:27 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/04 15:01:52 | 005,170,320 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\TheEggthelemonandtheorange1.wmv
[2010/05/04 14:47:31 | 000,150,528 | ---- | M] () -- C:\Documents and Settings\advent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/04 00:40:05 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\advent\default.pls
[2010/05/04 00:39:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/03 19:13:26 | 002,690,692 | -H-- | M] () -- C:\Documents and Settings\advent\Local Settings\Application Data\IconCache.db
[2010/05/03 08:35:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 12:36:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/25 10:31:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/04/25 10:24:29 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\birdsong-chaffinch.ram
[2010/04/25 10:23:27 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\birdsong-chiffchaff.ram
[2010/04/25 10:18:13 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\birdsong-blackbird.ram
[2010/04/21 13:27:01 | 000,695,808 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\HR.EV.DC2 return.doc
[2010/04/21 12:40:53 | 000,712,704 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\REF.FORM.SH by D Cresswell.doc
[2010/04/19 14:30:45 | 005,455,214 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\19-04-2010 14;30;45.PDF
[2010/04/19 14:29:42 | 005,233,139 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\19-04-2010 14;29;41.PDF
[2010/04/19 14:28:53 | 005,293,615 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\19-04-2010 14;28;53.PDF
[2010/04/19 14:16:16 | 000,152,716 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\19-04-2010 14;15;46.RTF
[2010/04/17 15:33:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/17 14:21:32 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 17:25:50 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\vlc-1.0.5-win32.exe
[2010/04/14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/04/14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/04/14 12:29:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/14 12:29:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/14 12:29:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/14 12:27:02 | 000,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/14 12:23:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 12:12:08 | 000,024,496 | ---- | M] () -- C:\Documents and Settings\advent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/14 09:35:22 | 000,890,880 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\fax france 2010.doc
[2010/04/14 09:20:53 | 000,522,240 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\faxtemplate2.doc
[2010/04/13 21:39:31 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\FRANCE 2010.doc
[2010/04/13 19:08:43 | 000,000,046 | ---- | M] () -- C:\WINDOWS\adiras.ini
[2010/04/12 09:37:24 | 000,009,290 | ---- | M] () -- C:\Documents and Settings\advent\My Documents\MATCHPLAY RULES.wps
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/05/06 11:25:55 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\Logfile of Trend Micro HijackThis v2.doc
[2010/05/06 10:57:02 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\advent\Desktop\HiJackThis.lnk
[2010/05/06 08:43:42 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/05/06 08:07:23 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/05/05 14:09:52 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/05 12:56:37 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/05 11:21:53 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/05 11:03:27 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/05/04 15:01:51 | 005,170,320 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\TheEggthelemonandtheorange1.wmv
[2010/05/02 20:47:31 | 000,001,158 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/25 10:24:27 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\birdsong-chaffinch.ram
[2010/04/25 10:23:22 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\birdsong-chiffchaff.ram
[2010/04/25 10:18:12 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\birdsong-blackbird.ram
[2010/04/21 13:27:01 | 000,695,808 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\HR.EV.DC2 return.doc
[2010/04/21 12:40:53 | 000,712,704 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\REF.FORM.SH by D Cresswell.doc
[2010/04/19 14:30:45 | 005,455,214 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\19-04-2010 14;30;45.PDF
[2010/04/19 14:29:41 | 005,233,139 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\19-04-2010 14;29;41.PDF
[2010/04/19 14:28:53 | 005,293,615 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\19-04-2010 14;28;53.PDF
[2010/04/19 14:16:15 | 000,152,716 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\19-04-2010 14;15;46.RTF
[2010/04/17 14:21:32 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 09:32:46 | 000,890,880 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\fax france 2010.doc
[2010/04/14 09:20:48 | 000,522,240 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\faxtemplate2.doc
[2010/04/13 18:07:06 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2010/04/13 15:58:46 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\advent\My Documents\FRANCE 2010.doc
[2009/12/14 18:47:48 | 000,003,581 | ---- | C] () -- C:\WINDOWS\WINGS.INI
[2009/12/09 11:45:08 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/03/09 12:19:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/03/09 12:08:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2009/03/09 12:08:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2008/12/27 00:23:27 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/12/17 21:36:51 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\grmn1200.sys
[2008/08/27 17:25:49 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/08/26 22:06:15 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\478352EE1D.dll
[2007/07/23 18:16:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\xclapi32.dll
[2007/05/13 21:41:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2007/05/13 21:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007/03/18 01:13:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/27 09:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/10/12 23:35:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/12 23:35:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/07 19:50:57 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/07/07 19:50:57 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/07/07 19:50:57 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/05/26 19:34:59 | 000,000,624 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI
[2006/05/26 19:20:20 | 000,000,107 | ---- | C] () -- C:\WINDOWS\PHOTOPRN.INI
[2006/05/26 18:25:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.advent.ini
[2006/05/23 23:07:38 | 000,000,852 | ---- | C] () -- C:\WINDOWS\Systran.ini
[2006/05/23 23:07:24 | 000,000,282 | ---- | C] () -- C:\WINDOWS\ssiregst.ini
[2006/05/23 01:05:51 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/05/23 01:05:51 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/05/23 01:05:51 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/05/23 01:05:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/05/23 01:05:51 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/05/21 19:40:29 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/20 23:09:24 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2006/05/20 23:09:24 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2006/05/20 23:09:23 | 000,001,832 | R--- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2006/05/20 23:09:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2006/05/20 23:09:01 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/02/13 20:19:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/02/13 18:20:18 | 000,001,328 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2000/01/27 16:33:56 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SysIECom.dll
[2000/01/27 16:33:55 | 000,311,364 | ---- | C] () -- C:\WINDOWS\System32\ssistd.dll
[2000/01/27 16:33:55 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\ssistdop.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

[color=#E56717]========== LOP Check ==========[/color]

[2006/05/22 21:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\ACD Systems
[2010/01/01 12:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Amazon
[2007/01/15 21:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\BitRoll
[2009/08/07 10:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/25 18:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\ICAClient
[2009/10/05 11:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Juniper Networks
[2010/01/01 19:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Musicmatch
[2008/12/25 18:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Runaware
[2007/03/18 01:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Simple Star
[2009/06/06 13:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Snapfish
[2008/06/24 19:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\System Tweaker
[2008/06/23 22:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Uniblue
[2007/07/23 18:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Xcelsius
[2009/12/02 13:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/04/13 17:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/05/05 14:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/10/05 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/12/25 18:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/03/27 21:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memory-Map-License
[2010/01/01 11:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/05 11:03:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/06 12:55:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/06 14:43:30 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/06/23 22:28:43 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2010/05/06 14:55:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{22300B17-EAEE-4658-8725-5C8D801AC97F}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2009/12/02 13:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/01/18 13:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/07/22 23:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/19 12:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/31 21:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/12/27 00:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cyberlink
[2010/04/13 17:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/01/17 14:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/05 14:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/10/05 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/12/25 18:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/05/05 11:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/03 08:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/03 21:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2007/05/31 21:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2006/07/13 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/03/27 21:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memory-Map-License
[2010/03/06 18:37:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/01/31 20:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/12/19 12:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/06 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/01/01 11:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/10/07 23:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Protexis
[2006/12/12 00:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/04/25 10:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/05/03 22:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/08/16 15:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2006/06/02 21:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/03 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/05/03 21:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/05 11:03:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2010/02/04 16:53:47 | 002,954,656 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
[2010/05/05 11:07:42 | 001,285,864 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010/05/05 11:07:43 | 000,834,248 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2010/05/05 11:07:44 | 000,755,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
[2010/05/05 11:07:46 | 001,598,464 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010/05/05 11:07:47 | 000,871,320 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010/05/05 11:07:48 | 000,866,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010/05/05 11:08:46 | 000,015,880 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010/05/05 11:08:48 | 000,893,952 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2009/07/26 10:53:53 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2006/05/22 21:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\ACD Systems
[2010/04/04 18:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Adobe
[2009/12/12 21:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Ahead
[2010/01/01 12:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Amazon
[2009/12/31 20:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Apple Computer
[2010/01/29 23:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\AVS4YOU
[2007/01/15 21:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\BitRoll
[2009/08/07 10:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/27 01:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\CyberLink
[2007/10/08 18:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\DivX
[2009/03/09 12:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\FaxCtr
[2006/10/14 16:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Google
[2006/05/22 21:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Help
[2008/12/25 18:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\ICAClient
[2006/05/22 00:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Identities
[2009/10/05 11:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Juniper Networks
[2007/05/31 21:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Lavasoft
[2006/08/15 21:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Macromedia
[2010/05/03 08:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Malwarebytes
[2008/06/11 17:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\McAfee
[2006/07/03 23:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\McAfee.com Personal Firewall
[2006/05/20 01:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Media Player Classic
[2010/05/03 20:30:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\advent\Application Data\Microsoft
[2006/07/01 00:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Microsoft Web Folders
[2009/12/02 21:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\MSN6
[2010/01/01 19:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Musicmatch
[2009/12/30 13:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Nero
[2009/12/28 16:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\NeroDCTemplates
[2008/12/25 18:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Runaware
[2007/03/18 01:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Simple Star
[2009/06/06 13:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Snapfish
[2006/05/29 19:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Sun
[2008/06/24 19:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\System Tweaker
[2008/06/23 22:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Uniblue
[2010/05/04 15:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\vlc
[2007/07/23 18:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Xcelsius
[2010/05/03 21:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\advent\Application Data\Yahoo!

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2009/06/15 22:23:22 | 000,292,136 | ---- | M] (Juniper Networks") -- C:\Documents and Settings\advent\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
[2009/06/15 22:23:24 | 000,230,696 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\advent\Application Data\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
[2009/06/15 22:23:34 | 000,055,248 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Juniper Networks\Host Checker\uninstall.exe
[2009/03/02 18:25:20 | 000,132,392 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Juniper Networks\Setup Client\dsmmf.exe
[2009/03/02 18:25:18 | 000,484,648 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\advent\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2009/03/02 18:24:34 | 000,324,152 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2009/03/02 18:23:02 | 000,210,312 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2009/03/02 18:25:24 | 000,043,632 | ---- | M] (Juniper Networks) -- C:\Documents and Settings\advent\Application Data\Juniper Networks\Setup Client\uninstall.exe
[2009/03/02 17:42:20 | 000,291,696 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
[2009/03/02 18:22:58 | 000,062,832 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Juniper Networks\setup\dsmmf.exe
[2009/03/02 18:22:56 | 000,042,360 | R--- | M] () -- C:\Documents and Settings\advent\Application Data\Juniper Networks\setup\JuniperSetupApp.exe
[2009/03/02 18:22:58 | 000,111,912 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Juniper Networks\setup\JuniperSetupClient.exe
[2009/10/05 11:17:30 | 000,036,939 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Juniper Networks\setup\uninstall.exe
[2009/08/07 10:40:12 | 000,038,208 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009/12/08 00:25:09 | 000,108,341 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\advent\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2008/12/25 18:21:39 | 000,370,070 | R--- | M] () -- C:\Documents and Settings\advent\Application Data\Microsoft\Installer\{36C9E08A-BE2B-40A0-83C5-576748F7B777}\ARPPRODUCTICON.exe
[2006/05/23 20:25:09 | 000,032,768 | R--- | M] () -- C:\Documents and Settings\advent\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
[2010/05/06 10:57:02 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\advent\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2009/12/11 01:02:17 | 000,292,878 | R--- | M] () -- C:\Documents and Settings\advent\Application Data\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe
[2007/11/09 17:09:42 | 000,116,304 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\advent\Application Data\Runaware\TestDrive Wizard\cpviewer.exe
[2007/11/09 17:09:46 | 000,210,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\advent\Application Data\Runaware\TestDrive Wizard\CtxTwnPA.exe
[2007/02/08 13:55:20 | 000,073,104 | ---- | M] () -- C:\Documents and Settings\advent\Application Data\Runaware\TestDrive Wizard\icaconf.exe
[2007/11/09 17:10:12 | 000,267,856 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\advent\Application Data\Runaware\TestDrive Wizard\wfcrun32.exe
[2007/11/09 17:10:14 | 000,849,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\advent\Application Data\Runaware\TestDrive Wizard\wfica32.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006/06/02 01:00:36 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/28 20:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/06/02 01:00:36 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/28 20:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\AGP440.SYS

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006/06/02 01:00:36 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/28 20:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/06/02 01:00:36 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/28 20:56:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2004/08/04 08:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 07:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2002/02/13 11:23:31 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/02/13 11:23:30 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/02/13 11:23:30 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\advent\My Documents\PP & SHP.doc:SummaryInformation
< End of report >
Posted 5/6/2010 4:55 PM
#85727
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
This is the 'Extras txt'

thanks again

OTL Extras logfile created on: 06/05/2010 17:20:25 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\advent\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.31 Gb Total Space | 19.54 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 15.67 Gb Free Space | 42.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVES
Current User Name: advent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [hitmanpro] -- "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" "%1\"
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"6495:TCP" = 6495:TCP:*:Enabled:Services
"6496:TCP" = 6496:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"50579:TCP" = 50579:TCP:*:Enabled:u torrent
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"6496:TCP" = 6496:TCP:*:Enabled:Services
"6495:TCP" = 6495:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Program Files\Codemasters\Colin McRae Rally 2\CMR2.exe" = C:\Program Files\Codemasters\Colin McRae Rally 2\CMR2.exe:*:Enabled:Colin McRae Rally 2 -- (Codemasters Software Ltd)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1183A960-1BDA-42E7-B1AD-1136C0A56D8A}" = Nike psa[128max Player
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{1C220811-048F-4D60-B42E-B86027C57372}" = LightScribe 1.4.119.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2571E801-EF6F-41C9-9590-1576565EF74F}" = PRS-505 User's Guide
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM [url=F@st]F@st[/url] 800-840
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E91306C-899F-45F3-B5E9-4B480A27A63D}" = Tiger Woods PGA TOUR 2004
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch Jukebox
"{8867CEBD-E6C0-4C7A-83B3-9E45669A1033}" = Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969B3B70-8765-11D5-9809-0050BACBF861}" = MP3PowerEncoder
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A59CB1-5FAE-42A1-B335-17B1C942B43E}" = Memory-Map OS Edition Version 5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FB6B55-C271-44FC-BA03-BBD8B2EA6EEF}" = Memory-Map OS Edition Version 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2A8585-BF48-462A-81F7-3C565646F5D4}" = Reader Library by Sony
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB5055E4-9BE1-425F-B40A-33E43E9460DA}" = Sudoku
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"AC3Filter" = AC3Filter (remove only)
"ACDSee Classic" = ACDSee Classic
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"BadCopy Pro" = BadCopy Pro
"Bonusprint PhotoBook Editor_is1" = Bonusprint PhotoBook Editor
"BPP i-Pass CAT Paper 4" = BPP i-Pass CAT Paper 4
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D" = Conexant SoftK56 Modem(M)
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Investment and Risk (CF2)" = Investment and Risk (CF2)
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Lexmark 5200 Series" = Lexmark 5200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PCFriendly" = PCFriendly
"Picasa2" = Picasa 2
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"SSSInst" = Screensavers Installer Version 2
"Sudoku" = Sudoku
"System Tweaker_is1" = Uniblue System Tweaker
"SYSTRAN PROfessional Standard" = SYSTRAN PROfessional Standard
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Registry Repair Pro_is1" = Windows Registry Repair Pro
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xcelsius X4_is1" = Xcelsius XL Standard
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomPlayer" = Zoom Player (remove only)

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3604470327-634292789-1709162666-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 04/05/2010 11:16:29 | Computer Name = DAVES | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/05/2010 11:16:42 | Computer Name = DAVES | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/05/2010 11:16:42 | Computer Name = DAVES | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/05/2010 11:16:43 | Computer Name = DAVES | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/05/2010 15:09:09 | Computer Name = DAVES | Source = Google Update | ID = 20
Description =

Error - 04/05/2010 16:09:08 | Computer Name = DAVES | Source = Google Update | ID = 20
Description =

Error - 04/05/2010 17:09:07 | Computer Name = DAVES | Source = Google Update | ID = 20
Description =

Error - 04/05/2010 18:09:08 | Computer Name = DAVES | Source = Google Update | ID = 20
Description =

Error - 04/05/2010 19:09:05 | Computer Name = DAVES | Source = Google Update | ID = 20
Description =

Error - 05/05/2010 06:04:53 | Computer Name = DAVES | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 05/05/2010 18:06:32 | Computer Name = DAVES | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 06/05/2010 03:06:53 | Computer Name = DAVES | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 06/05/2010 03:06:53 | Computer Name = DAVES | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 06/05/2010 03:10:20 | Computer Name = DAVES | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 06/05/2010 03:11:55 | Computer Name = DAVES | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 06/05/2010 03:16:57 | Computer Name = DAVES | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 06/05/2010 03:16:57 | Computer Name = DAVES | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 06/05/2010 03:18:13 | Computer Name = DAVES | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%2

Error - 06/05/2010 03:20:46 | Computer Name = DAVES | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 06/05/2010 03:21:26 | Computer Name = DAVES | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >







Posted 5/6/2010 4:59 PM
#85728
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
just one more thing.. Each time U start a virus removal software or scanner like OTL, i get the message " This applic failed to start because framedyn.dll was not found..." - then it starts anyway.

regards, Dave
Posted 5/6/2010 5:38 PM
#85729
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
post a combofix logfile:
https://www.bleepingcomputer.com/combofix/how-to-use-combofix
Posted 5/6/2010 8:22 PM
#85730
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
I watched combofix remove a program esellerateEngine.dll so I'm hopeful this is fixed but I won't check till you give the Ok. Regards Dave

ComboFix 10-05-05.0D - advent 06/05/2010 20:51:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1279.867 [GMT 1:00]
Running from: c:\documents and settings\advent\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\eSellerateEngine.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\drivers\agp440.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-06 09:57 . 2010-05-06 09:57 388096 ----a-r- c:\documents and settings\advent\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-06 09:57 . 2010-05-06 09:57 -------- d-----w- c:\program files\Trend Micro
2010-05-06 08:43 . 2010-05-06 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-05 13:09 . 2010-05-06 18:11 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-05 13:05 . 2010-05-05 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-05 13:05 . 2010-05-05 13:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-05 11:56 . 2010-05-05 10:08 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-05 10:09 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-05 10:09 . 2010-05-05 10:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-05 10:07 . 2010-05-05 10:07 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-05-05 10:07 . 2010-05-05 10:07 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-05-05 10:07 . 2010-05-05 10:07 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-05-05 10:07 . 2010-05-05 10:07 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-05-05 10:07 . 2010-05-05 10:07 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-05-05 10:07 . 2010-05-05 10:07 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-05-05 10:07 . 2010-05-05 10:07 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-05-05 10:03 . 2010-05-05 10:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-05 10:03 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-05-05 10:01 . 2010-05-05 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-05 10:01 . 2010-05-05 10:03 -------- d-----w- c:\program files\Lavasoft
2010-05-03 22:13 . 2010-05-03 22:13 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-05-03 22:13 . 2010-05-03 22:13 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-05-03 21:59 . 2010-05-06 07:20 -------- d-----w- c:\documents and settings\HelpAssistant
2010-05-03 20:14 . 2010-05-03 20:14 -------- d-----w- c:\documents and settings\advent\Local Settings\Application Data\Yahoo
2010-05-03 20:14 . 2010-05-03 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-03 20:08 . 2010-05-03 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-03 20:08 . 2010-05-03 20:08 -------- d-----w- c:\documents and settings\advent\Application Data\Yahoo!
2010-05-03 07:09 . 2010-05-03 07:09 -------- d-----w- c:\documents and settings\advent\Application Data\Malwarebytes
2010-05-03 07:09 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 07:09 . 2010-05-03 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-03 07:09 . 2010-05-03 07:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 07:09 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-02 13:31 . 2010-05-02 14:03 -------- d-----w- c:\documents and settings\advent\Local Settings\Application Data\cbdsdocko
2010-04-19 10:09 . 2010-05-04 14:05 -------- d-----w- c:\documents and settings\advent\Application Data\vlc
2010-04-13 16:53 . 2010-04-13 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 19:15 . 2006-05-20 22:10 -------- d-----w- c:\program files\Lx_cats
2010-05-03 21:58 . 2008-06-12 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-05-03 20:14 . 2006-05-20 22:34 -------- d-----w- c:\program files\Yahoo!
2010-05-03 20:09 . 2007-01-19 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-03 20:09 . 2008-06-12 20:32 -------- d-----w- c:\program files\McAfee
2010-05-02 14:06 . 2009-12-30 17:09 -------- d-----w- c:\program files\AVS4YOU
2010-05-02 14:06 . 2009-12-30 17:07 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-26 17:09 . 2006-05-20 00:16 -------- d-----w- c:\program files\Zoom Player
2010-04-25 09:31 . 2008-12-26 23:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-19 11:42 . 2006-12-11 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-14 11:29 . 2010-03-18 12:58 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-14 11:29 . 2010-03-18 12:57 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-14 11:29 . 2010-03-18 12:57 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-14 11:29 . 2010-03-18 12:57 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-14 11:29 . 2010-03-18 12:57 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-14 11:29 . 2010-03-18 12:57 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-14 11:29 . 2010-03-18 12:57 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-14 11:29 . 2008-06-12 20:34 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-14 11:29 . 2008-06-12 20:34 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-14 11:29 . 2008-06-12 20:34 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-14 11:26 . 2002-02-13 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 11:12 . 2006-06-02 02:09 24496 ----a-w- c:\documents and settings\advent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 17:06 . 2010-04-04 17:06 32550 ----a-w- c:\windows\king-uninstall.exe
2010-03-20 22:04 . 2008-06-12 20:33 -------- d-----w- c:\program files\McAfee.com
2010-03-19 08:30 . 2008-06-12 20:33 -------- d-----w- c:\program files\Common Files\McAfee
2010-03-10 06:15 . 2002-02-13 17:19 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-01-08 14:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-02-13 17:19 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 08:10 . 2002-02-13 17:19 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 13:48 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-02-24 17:43 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2002-02-13 17:19 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-02-13 17:19 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2007-10-07 22:07 . 2007-08-26 21:06 80 --sh--r- c:\windows\system32\478352EE1D.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-05-05 5937984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"MaxRecentDocs"= 99 (0x63)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Codemasters\\Colin McRae Rally 2\\CMR2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50579:TCP"= 50579:TCP:u torrent
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"6496:TCP"= 6496:TCP:Services
"6495:TCP"= 6495:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05/05/2010 11:09 64288]
R0 PSA128F;PSA128F;c:\windows\system32\drivers\PSA128F.SYS [02/01/2010 00:05 12390]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [18/03/2010 13:57 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/03/2010 13:56 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/03/2010 13:56 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [18/03/2010 13:56 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [18/03/2010 13:58 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [18/03/2010 13:58 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [18/03/2010 13:57 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [18/03/2010 13:57 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [18/03/2010 13:57 88480]
S0 bneevu;bneevu; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2010 00:48 135664]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [17/12/2008 21:36 17536]
S3 grmn1200;grmn0400.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [17/12/2008 21:36 11776]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1285864]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [18/03/2010 13:57 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [18/03/2010 13:57 83496]
S3 psa128s;psa128s;c:\windows\system32\drivers\psa128s.sys [02/01/2010 00:05 52335]
S3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\drivers\psa128u.sys [02/01/2010 00:05 36612]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969B3B70-8765-11D5-9809-0050BACBF861}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:07]

2010-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 23:48]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 23:48]

2010-04-06 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-06-23 07:53]

2008-06-23 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-06-23 07:53]

2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{22300B17-EAEE-4658-8725-5C8D801AC97F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.uk.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: SYSTRAN: &Clear Translation Cache - c:\program files\Systran\Standard\menuClearCache.html
IE: SYSTRAN: &Options - c:\program files\Systran\Standard\menuConfigure.html
IE: SYSTRAN: &Register - c:\program files\Systran\Standard\menuRegister.html
IE: SYSTRAN: &Translate - c:\program files\Systran\Standard\menuTranslate.html
IE: SYSTRAN: Check for &Updates - c:\program files\Systran\Standard\menuUpdate.html
IE: SYSTRAN: Translate All &Frames - c:\program files\Systran\Standard\menuTranslateAll.html
IE: {{703436F1-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslate.html
IE: {{703436F2-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslateAll.html
IE: {{703436F3-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuConfigure.html
IE: {{703436F4-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuClearCache.html
IE: {{703436F5-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuRegister.html
IE: {{703436F6-3E1F-11d3-8F6B-00105A2A1D59}
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com\online
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BPP i-Pass CAT Paper 4 - d:\progra~1\i-assess\..\BPPI-P~1\(CLIEN~1\UNWISE.EXE




**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-05-06 21:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-06 21:10:22
ComboFix-quarantined-files.txt 2010-05-06 20:10

Pre-Run: 20,890,005,504 bytes free
Post-Run: 21,154,263,040 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 4E2655AEE36F7DACB162288ADD9D94BF
Posted 5/7/2010 9:51 AM
#85753
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
gmer:

Please download GMER from one of the following locations and save it to your desktop:
https://gmer.net/download.php
This version will download a randomly named file (Recommended)
https://gmer.net/gmer.zip
Disconnect from the Internet and close all running programs.
Temporarily turn off all antivirus programs

Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.
Posted 5/7/2010 4:31 PM
#85763
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
Gmer below. Machine seems to be running nice and quickly now too.

GMER 1.0.15.15281 - https://www.gmer.net
Rootkit scan 2010-05-07 17:21:16
Windows 5.1.2600 Service Pack 3
Running: g58h55mu.exe; Driver: C:\DOCUME~1\advent\LOCALS~1\Temp\kxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7464C66]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7464C92]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) Z!!!enKey [0xF7464C3C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) Z!!!enProcess [0xF7464C14]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) Z!!!enThread [0xF7464C28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7464C7C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7464CBE]
Code \??\C:\DOCUME~1\advent\LOCALS~1\Temp\catchme.sys pIofCallDriver
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xBA2B1340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6300, 0x234A20, 0xF8000020]
? C:\DOCUME~1\advent\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\advent\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[880] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [004076E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[880] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
Posted 5/7/2010 4:43 PM
#85764
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
download prevx:
https://info.prevx.com/downloadcsi.asp
install, you need an open internet connection. the programm start a "learning scan"
you can not remove something.
please klick now konfiguration, heuristik, all to maximum, start the scan.
after finish klick right the prevx symbol in the tray, tools, safe log.
Doenload it to
www.file-upload.net
klick "durchsuchen" search the log.
after this klick "datei hochladen"
post the download link, uninstall prevx.
Posted 5/7/2010 5:53 PM
#85774
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
hope this is what you need

https://www.file-upload.net/download-2497415/prevxlog.log.html

regards
Dave
Posted 5/7/2010 6:02 PM
#85775
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
we have do do something.
1. start run
combofix /uninstall
enter.
2. change all your passwords, yours are stolen.
3. you have security  holes.
go to
windowsupdate.microsoft.com
install all important updates.
4.
download
PSI (personal secunia software inspector)
https://secunia.com/vulnerability_scanning/personal/
this tool shows you all updates for your software, this is important!!
5.
Download:
https://oldtimer.geekstogo.com/OTM.exe
klick cleanit, this tool removes all used tools and itself.
6.
de- and reactivate system restore:
https://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off
7.
For safer surfing try sandboxie:
https://www.sandboxie.com/index.php?GettingStarted
8.
use atf cleaner:
https://majorgeeks.com/ATF_Cleaner_d4949.html
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Posted 5/7/2010 6:03 PM
#85776
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
forgot to set all settings to max so redid the scan ( no bad files either time)

https://www.file-upload.net/download-2497447/prevxlog2.log.html

regards
Dave
Posted 5/7/2010 6:04 PM
#85777
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
yer looks nice. look my post we are posting at the same time :d
Posted 5/7/2010 9:34 PM
#85782
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
I've done everything and I feel pretty good about the state of the machine.I'll be keeping and buying sandboxie, secunia PSI and use the handy ATF cleaner regularly; all looks pretty sensible advice especially after you've been invaded ! Luckily I don't save any passwords but I'm still changing them all.

That's a fantastic service you give. Hopefully that's it!

regards

Dave
Posted 5/7/2010 9:37 PM
#85783
User avatar

grizza Valued member

Date Joined Nov 2016
Total Posts: 10
One final thought. I presume Mcafee is still worth the money. I've also now got running - Ad-aware, Malwarebytes antimalware, and I think Hitman Pro 3 running in the background.
Is that overkill ? or stuff doing the same job ?
regards
Posted 5/8/2010 10:11 AM
#85790
User avatar

markusg Advanced member

Date Joined Nov 2016
Total Posts: 406
i think mcafee and hitmanpro are enough. hitman have much engines.
Post a reply
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, August 18, 2022, 6:29 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
32 Guest(s), 0 Registered Member(s) are currently online.